- 2.1.4 Verifying Package Integrity Using MD5 Checksums or GnuPG
- 2.1.4.1 Verifying the MD5 Checksum
- 2.1.4.2 Signature Checking Using GnuPG
- 2.1.4.3 Signature Checking Using RPM
For RPM packages, there is no separate signature. RPM packages have a built-in GPG signature and MD5 checksum. You can verify a package by running the following command:
shell> rpm --checksig package_name.rpm
Example:
shell> rpm --checksig MySQL-server-5.1.47-0.glibc23.i386.rpm
MySQL-server-5.1.47-0.glibc23.i386.rpm: md5 gpg OK
Note
If you are using RPM 4.1 and it complains about (GPG)
NOT OK (MISSING KEYS: GPG#5072e1f5), even though you
have imported the MySQL public build key into your own GPG
keyring, you need to import the key into the RPM keyring
first. RPM 4.1 no longer uses your personal GPG keyring (or
GPG itself). Rather, it maintains its own keyring because it
is a system-wide application and a user's GPG public keyring
is a user-specific file. To import the MySQL public key into
the RPM keyring, first obtain the key as described in
Section 2.1.4.2, “Signature Checking Using GnuPG”. Then use
rpm --import to import the key. For
example, if you have saved the public key in a file named
mysql_pubkey.asc, import it using this
command:
shell> rpm --import mysql_pubkey.asc
If you need to obtain the MySQL public key, see
Section 2.1.4.2, “Signature Checking Using GnuPG”.
User Comments
Add your own comment.