md5sum or SHA1 or gpg keys for rpm packages
David L Norris
dave at webaugur.com
Wed Feb 2 08:24:41 UTC 2005
On Tue, 2005-02-01 at 18:09 -0800, Richard Hubbell wrote:
> I want to download some files from here but I don't see any checksums
> or hte like to verify the packages after download.
>
> http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/
Ideally, you should be using yum instead of downloading individual RPM
files. yum verifies the package integrity using GPG encryption keys.
RPM will do the same if you import the keys.
> Does anyone know where I can find those?
They are built-in to the RPM package itself:
rpm --checksig somepackage.rpm
If you want to verify that the package hasn't been altered you really
should import the appropriate GPG keys and verify the GPG signature:
http://www.fedorafaq.org/#gpgsig
For example:
$ rpm --checksig xosd-2.2.12-1.1.fc3.rf.i386.rpm
xosd-2.2.12-1.1.fc3.rf.i386.rpm: (sha1) dsa sha1 md5 gpg OK
--
David Norris
http://www.webaugur.com/dave/
ICQ - 412039
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050202/c9f1f9ce/attachment-0001.sig>
More information about the fedora-list
mailing list