LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page verifying signature of any rpm
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
LinkBack Search this Thread
Old 02-21-2006, 01:05 AM   #1
sachin_malik
LQ Newbie
 
Registered: Apr 2005
Location: india
Distribution: red hat
Posts: 24

Rep: Reputation: 15
verifying signature of any rpm

suppose i download any rpm from any mirror site. now i want to check its signature. plz tell me the way using GPG key method.

recently i downloaded a rpm from a site, but i am unable to find the gpg key for that particular rpm from that site. from where i can found this GPG key.

plz tell me the entire process in details.
 
Old 02-21-2006, 02:08 AM   #2
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 59
If I'm not mistaken, rpms have a built-in key for verification and they will automatically be verified when you install them.
 
Old 02-21-2006, 02:09 AM   #3
nguyennh
Member
 
Registered: Feb 2006
Location: Vietnam
Distribution: FC , RH , SuSE
Posts: 106

Rep: Reputation: 15
On RPM , you should use
rpm -V
or
rpm --checksig

On source tarball (.tar.gz or .tar.bz2) you should use gpg tool . Assume you've got <source file>.sig (the signature of <source file> ) and <source file> , all you have to do is :
gpq --verify <source file>.sig <source file>
Hope it helps you .
Last edited by nguyennh; 02-21-2006 at 02:14 AM.
 
Old 02-21-2006, 09:29 PM   #4
sachin_malik
LQ Newbie
 
Registered: Apr 2005
Location: india
Distribution: red hat
Posts: 24

Original Poster
Rep: Reputation: 15
location of <source file>.sig
from where i can get this <sourcefile>.sig
plz tell me
 
Old 02-21-2006, 09:57 PM   #5
nguyennh
Member
 
Registered: Feb 2006
Location: Vietnam
Distribution: FC , RH , SuSE
Posts: 106

Rep: Reputation: 15
At any trusted sites provide <sourcefile> .
For examples , visit this site
http://mirror.etf.bg.ac.yu/software/utils/pciutils/
You'll see :
pciutils-2.1.10.tar.bz2
pciutils-2.1.10.tar.bz2.sign
It means pciutils-2.1.10.tar.bz2.sign is signature file of pciutils-2.1.10.tar.bz2

Is it clear ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SuSE update: RPM has invalid signature skunkcabbage Suse/Novell 2 05-18-2005 11:52 AM
Signature check in rpm zaphyr17 Mandriva 1 12-31-2004 10:04 AM
RPM V3 DSA signature: BAD Scorps Linux - Software 0 11-15-2004 01:06 AM
Rpmdrake 9.2 refuses to install kernel source rpm due to bad signature zegracia Mandriva 14 01-11-2004 06:38 PM
warning: curl-7.10.3-1.i386.rpm: V3 DSA signature: NOKEY, key ID df3d5207 Lespuff Linux - Newbie 2 11-30-2003 11:25 PM


All times are GMT -5. The time now is 07:07 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration