LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
User Name
Password
SUSE / openSUSE This Forum is for the discussion of Suse Linux.

Notices


Reply
  Search this Thread
Old 04-07-2009, 08:12 AM   #1
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629

Rep: Reputation: Disabled
PGP-Signatures on SuSE 11.1 DVD: How to use them?


Subject already says all (and I'm aware that this is a stupid question, but I simply failed to turn up anything useful). There is a bunch (key-ring?) of signatures on the DVD I've got but I don't know what to do with them. I want to verify a backup copy of the original, md5sum won't work on directories (so it says) but there is nowhere any explanation how to use those keys. A pointer in the right direction or some nice links would be much appreiated.

Last edited by JZL240I-U; 04-15-2009 at 04:14 AM.
 
Old 04-10-2009, 06:50 AM   #2
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: SuSE, RHEL, Mageia
Posts: 132

Rep: Reputation: 17
Hi,

To use these keys you need just this:
Code:
gpg --import /media/cdrom/gpg-pubkey-*.asc
OR
gpg --import /media/cdrom/pubring.gpg
However, this will check automatically the packages you are installing only.

To check your media backup, visit
http://download.opensuse.org/distribution/11.1/iso/
and download the corresponding .md5 or .sha file and check media integrity with this.

Last edited by Vit77; 04-10-2009 at 07:06 AM.
 
Old 06-04-2010, 06:52 AM   #3
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629

Original Poster
Rep: Reputation: Disabled
Hi Vit77, sorry to be back only this late. I used your suggestion but the (I presume) real purpose was named in this thread: http://www.linuxquestions.org/questi...se-dvd-774931/. In brief, YAST can check the medium's integrity with those gpg keys. Thank you for your help.

<edit 2010-09-22> Here is some more information concerning the general use of gpg for checking file integrity (shamelessly copied from a post of win32sux):

http://httpd.apache.org/dev/verification.html
http://www.kernel.org/signature.html
http://www.gnupg.org/documentation/faqs.html

</edit>

<edit2> And this is the exact answer I was looking for:

http://www.gnupg.org/faq/GnuPG-FAQ.h...igned-packages

Quote:
How do I verify signed packages?

must first have the vendor, organisation, or issueing person's key Before you can verify the signature that accompanies a package, you imported into your public keyring. To prevent GnuPG warning messages the key should also be validated (or locally signed).

You will also need to download the detached signature file along with the package. These files will usually have the same name as the package, with either a binary (.sig) or ASCII armor (.asc) extension.

Once their key has been imported, and the package and accompanying signature files have been downloaded, use:

$ gpg --verify sigfile signed-file

If the signature file has the same base name as the package file, the package can also be verified by specifying just the signature file, as GnuPG will derive the package's file name from the name given (less the .sig or .asc extension). For example, to verify a package named foobar.tar.gz against its detached binary signature file, use:

$ gpg --verify foobar.tar.gz.sig
</edit2>

Last edited by JZL240I-U; 04-06-2011 at 02:26 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to get SUSE installation DVD to read from secondary slave DVD drive. Kippax Linux - Hardware 3 06-09-2007 10:37 PM
can't install software from smart pgp key error SuSE 10.1 iroybk SUSE / openSUSE 1 12-13-2006 06:29 PM
Difference between SUSE EVAL DVD and SUSE SRC DVD??? doraimom SUSE / openSUSE 4 01-15-2006 08:24 AM
Every DVD Player Fails to Play DVD Movie in SuSE 9.2 Pro....Please Help ! ! ! bedi-beparwah SUSE / openSUSE 2 03-14-2005 06:08 PM
apt-rpm, SuSE 9.1, and signatures MachineShedFred Linux - Distributions 4 07-28-2004 07:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE

All times are GMT -5. The time now is 05:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration