md5sum or SHA1 or gpg keys for rpm packages
Richard Hubbell
richard.hubbell at gmail.com
Wed Feb 2 15:35:40 UTC 2005
On Wed, 02 Feb 2005 03:24:41 -0500, David L Norris <dave at webaugur.com> wrote:
> On Tue, 2005-02-01 at 18:09 -0800, Richard Hubbell wrote:
> > I want to download some files from here but I don't see any checksums
> > or hte like to verify the packages after download.
> >
> > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/
>
> Ideally, you should be using yum instead of downloading individual RPM
> files. yum verifies the package integrity using GPG encryption keys.
Guess I'm old fashioned.
> RPM will do the same if you import the keys.
>
> > Does anyone know where I can find those?
>
> They are built-in to the RPM package itself:
> rpm --checksig somepackage.rpm
>
> If you want to verify that the package hasn't been altered you really
> should import the appropriate GPG keys and verify the GPG signature:
> http://www.fedorafaq.org/#gpgsig
Ok, also a key in the install (as another poster pointed out)
>
> For example:
> $ rpm --checksig xosd-2.2.12-1.1.fc3.rf.i386.rpm
> xosd-2.2.12-1.1.fc3.rf.i386.rpm: (sha1) dsa sha1 md5 gpg OK
Thanks for the detail.
Richard
>
> --
> David Norris
> http://www.webaugur.com/dave/
> ICQ - 412039
>
>
>
More information about the fedora-list
mailing list