FSDB

Féliciano Matias feliciano.matias at free.fr
Mon Aug 11 23:07:31 UTC 2003


Le lun 11/08/2003 à 23:14, Florin Andrei a écrit :
> On Mon, 2003-08-11 at 14:02, Geoff Reedy wrote:
> > On Mon, Aug 11, 2003 at 01:42:32PM -0700, Florin Andrei <florin at sgi.com> said
> > > "Hewlett-Packard, IBM, RSA Security, InstallShield Software, and Sun
> > > Microsystems are also involved in the File Signature Database (FSDB)
> > > effort. The repository will store metadata about individual files
> > > created by each of the vendors, such as the file's name, a ¡born-on¢
> > > date and its digital hash values."
> > > 
> > > Any plans to do that with Red Hat as well?
> > 
> > This sounds a lot like what can already be done with a command like rpm -Va.
> 
> Yes and no.
> 
> Yes, it's the same idea.
> 
> No, because with FSDB the signatures will be stored somewhere else, on a
> trusted site, not on the system itself (not even on the owner's
> network). Hence, even if your entire network gets compromised (unlikely,
> but still...) you still have a trusted signature database to compare
> with.

Authenticate the package :
# rpm --checksig http://updates.redhat.com/9/en/os/i386/eog-2.2.0-2.i386.rpm
http://updates.redhat.com/9/en/os/i386/eog-2.2.0-2.i386.rpm: (sha1) dsa sha1 md5 gpg OK

Check the installation again the trusted package :
# rpm -V -p http://updates.redhat.com/9/en/os/i386/eog-2.2.0-2.i386.rpm

If the gpg key is not imported or the package have a bad signature :
# rpm --checksig apt-0.5.5cnc6-fr1.i386.rpm
apt-0.5.5cnc6-fr1.i386.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#e42d547b)

-- 
Féliciano Matias <feliciano.matias at free.fr>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20030812/e0ae9c93/attachment-0002.bin 


More information about the devel mailing list