verifying using gpg
Jay Daniels
drs at pointyhats.com
Tue Apr 13 15:45:19 UTC 2004
On Tue, Apr 13, 2004 at 02:57:55AM -0700, Keith wrote:
> On Mon, 2004-04-12 at 20:56, Al Sparks wrote:
> > Is there a straightforward HOWTO somewhere on how to use gpg to verify
> > downloads when a sig is provided?
>
> For RPM's simply install the FC 1st cdrom in the drive and
> after it is mounted type:
> rpm --import RPM-GP*
> and that will import all the keys from the CDROM.
> to check a signature simply type
> rpm -K filename.rpm
> when you install a RPM and there is no key match or
> a problem then rpm will notify you on the command line.
With all the source sites and keys not included in the iso/cdrom, I
had to turn off gpg verify in the yum config file.
Anyone have gpg verify working using multiple mirror sites with yum?
Same problem with apt-get.
jay
More information about the fedora-list
mailing list