md5sum or SHA1 or gpg keys for rpm packages
Richard Hubbell
richard.hubbell at gmail.com
Wed Feb 2 15:40:07 UTC 2005
On Wed, 02 Feb 2005 08:34:17 +0000, Paul Howarth <paul at city-fan.org> wrote:
> On Tue, 2005-02-01 at 18:09 -0800, Richard Hubbell wrote:
> > I want to download some files from here but I don't see any checksums
> > or hte like to verify the packages after download.
> >
> > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/
> >
> > Does anyone know where I can find those?
>
> RPM packages have built-in MD5 and, optionally, GPG signatures.
Is MD5 alone enough? I always thought MD5 and SHA1 went hand-in-hand?
Anyway that's more rhetorical than a real question for you.
>
> If you are downloading updates for Fedora Core 3, that is presumably
> because your have a Fedora Core 3 installation, in which case you can
> find the GPG key at:
>
> /usr/share/doc/fedora-release-3/RPM-GPG-KEY-fedora
Ah, thanks for that.
>
> Import that key into the RPM database (as root):
> # rpm --import /usr/share/doc/fedora-release-3/RPM-GPG-KEY-fedora
>
> You can then use rpm to verify the integrity of your downloaded
> packages:
>
> $ rpm --checksig *.rpm
>
> If you use a package manager like yum or apt to handle downloading and
> installing updates, they can do this check for you.
Ok.
Thanks.
Richard
>
> Paul.
> --
> Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list