Madhu Desai |
06-17-2013 10:31 AM |
No need to worry.
To ensure authenticity/integrity, RPM packages are digitally signed. RPMs that are digitally signed need a public key for verification, which is provided by author/repository. That public key must be installed in your system, so that next time you try to install rpm package from that repository, it will check RPM signature against installed public key.
In order to install public key, you have to import it first. (It is available in CentOS DVD1's root folder.)
Code:
# ls -lh /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-*
-r--r--r--. 2 madhu madhu 1.7K Mar 2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-6
-r--r--r--. 2 madhu madhu 1.7K Mar 2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-Debug-6
-r--r--r--. 2 madhu madhu 1.7K Mar 2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-Security-6
-r--r--r--. 2 madhu madhu 1.7K Mar 2 23:16 /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-Testing-6
# rpm --import /media/CentOS_6.4_Final/RPM-GPG-KEY-CentOS-6
What if you dont have DVD, then, when you try to install any package for first time from that repository (in this case centos repo), it will check for public key, if not found, it will install it for you. Its one-time process.
Code:
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>
Package: centos-release-6-4.el6.centos.10.x86_64 (@anaconda-CentOS-201303050102.x86_64/6.4)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Is this ok [y/N]: y
Public Keys are stored physically in /etc/pki/rpm-gpg/ (in CentOS)
Code:
# ls -lh /etc/pki/rpm-gpg/
-rw-r--r--. 1 root root 1.7K Mar 8 2011 RPM-GPG-KEY-adobe-linux
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-6
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-Debug-6
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-Security-6
-rw-r--r--. 1 root root 1.7K Feb 25 14:27 RPM-GPG-KEY-CentOS-Testing-6
-rw-r--r--. 1 root root 1.7K Nov 5 2012 RPM-GPG-KEY-EPEL-6
-rw-r--r--. 1 root root 3.1K Jun 25 2011 RPM-GPG-KEY-nux.ro
-rw-r--r--. 1 root root 1.4K May 9 2010 RPM-GPG-KEY-remi
-rw-r--r--. 1 root root 1.7K Apr 15 2011 RPM-GPG-KEY-rpmforge-dag
-rw-r--r--. 1 root root 992 Apr 15 2011 RPM-GPG-KEY-rpmforge-fabian
To display list of all keys that are installed:
Code:
# rpm -qa gpg-pubkey*
gpg-pubkey-c105b9de-4e0fd3a3
gpg-pubkey-00f97f56-467e318a
gpg-pubkey-85c6cd8a-4e060c35
gpg-pubkey-0608b895-4bd22942
gpg-pubkey-f6777c67-45e5b1b9
gpg-pubkey-66534c2b-50df7bda
gpg-pubkey-6b8d79e6-3f49313d
gpg-pubkey-5cc6587f-4db8bb87
To display more information for specific key:
Code:
# rpm -qi gpg-pubkey-c105b9de-4e0fd3a3
Name : gpg-pubkey Relocations: (not relocatable)
Version : c105b9de Vendor: (none)
Release : 4e0fd3a3 Build Date: Sat 01 Jun 2013 02:41:41 PM IST
Install Date: Sat 01 Jun 2013 02:41:41 PM IST Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.8.0 (NSS-3)
mQINBE4P06MBEACqn48FZgYkG2QrtUAVDV58H6LpDYEcTcv4CIFSkgs6dJ9TavCW
NyPBZRpM2R+Rg5eVqlborp7TmktBP/sSsxc8eJ+3P2aQWSWc5ol74Y0OznJUCrBr
bIdypJllsD9Fe+h7gLBXTh3vdBEWr2lR+xA+Oou8UlO2gFbVFQqMafUgU1s0vqaE
/hHH0TzwD0/tJ6eqIbHwVR/Bu6kHFK4PwePovhfvyYD9Y+C0vOYd5Ict2vbLHz1f
QBDZObv4M6KN3j7nzme47hKtdMd+LwFqxM5cXfM6b5doDulWPmuGV78VoX6OR7el
x1tlfpuiFeuXYnImm5nTawArcQ1UkXUSYcTUKShJebRDLR3BycxR39Q9jtbOQ29R
FumHginovEhdUcinRr22eRXgcmzpR00zFIWoFCwHh/OCtG14nFhefuZ8Z80qbVhW
2J9+/O4tksv9HtQBmQNOK5S8C4HNF2M8AfOWNTr8esFSDc0YA5/cxzdfOOtWam/w
lBpNcUUSSgddRsBwijPuWhVA3NmA/uQlJtAo4Ji5vo8cj5MTPG3+U+rfNqRxu1Yc
ioXRo4LzggPscaTZX6V24n0fzw0J2k7TT4sX007k+7YXwEMqmHpcMYbDNzdCzUer
Zilh5hihJwvGfdi234W3GofttoO+jaAZjic7a3p6cO1ICMgfVqrbZCUQVQARAQAB
tEZDZW50T1MtNiBLZXkgKENlbnRPUyA2IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
Y2VudG9zLTYta2V5QGNlbnRvcy5vcmc+iQI8BBMBAgAmBQJOD9OjAhsDBQkSzAMA
BgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQCUb8osEFud6ajRAAnb6d+w6Y/v/d
MSy7UEy4rNquArix8xhqBwwjoGXpa37OqTvvcJrftZ1XgtzmTbkqXc+9EFch0C+w
ST10f+H0SPTUGuPwqLkg27snUkDAv1B8laub+l2L9erzCaRriH8MnFyxt5v1rqWA
mVlRymzgXK+EQDr+XOgMm1CvxVY3OwdjdoHNox4TdVQWlZl83xdLXBxkd5IRciNm
sg5fJAzAMeg8YsoDee3m4khg9gEm+/Rj5io8Gfk0nhQpgGGeS1HEXl5jzTb44zQW
qudkfcLEdUMOECbu7IC5Z1wrcj559qcp9C94IwQQO+LxLwg4kHffvZjCaOXDRiya
h8KGsEDuiqwjU9HgGq9fa0Ceo3OyUazUi+WnOxBLVIQ8cUZJJ2Ia5PDnEsz59kCp
JmBZaYPxUEteMtG3yDTa8c8jUnJtMPpkwpSkeMBeNr/rEH4YcBoxuFjppHzQpJ7G
hZRbOfY8w97TgJbfDElwTX0/xX9ypsmBezgGoOvOkzP9iCy9YUBc9q/SNnflRWPO
sMVrjec0vc6ffthu2xBdigBXhL7x2bphWzTXf2T067k+JOdoh5EGney6LhQzcp8m
YCTENStCR+L/5XwrvNgRBnoXe4e0ZHet1CcCuBCBvSmsPHp5ml21ahsephnHx+rl
JNGtzulnNP07RyfzQcpCNFH7W4lXzqM=
=jrWY
-----END PGP PUBLIC KEY BLOCK-----
phew!!! ...so ..that's it :D
|