md5sum or SHA1 or gpg keys for rpm packages
Paul Howarth
paul at city-fan.org
Wed Feb 2 08:34:17 UTC 2005
On Tue, 2005-02-01 at 18:09 -0800, Richard Hubbell wrote:
> I want to download some files from here but I don't see any checksums
> or hte like to verify the packages after download.
>
> http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/
>
> Does anyone know where I can find those?
RPM packages have built-in MD5 and, optionally, GPG signatures.
If you are downloading updates for Fedora Core 3, that is presumably
because your have a Fedora Core 3 installation, in which case you can
find the GPG key at:
/usr/share/doc/fedora-release-3/RPM-GPG-KEY-fedora
Import that key into the RPM database (as root):
# rpm --import /usr/share/doc/fedora-release-3/RPM-GPG-KEY-fedora
You can then use rpm to verify the integrity of your downloaded
packages:
$ rpm --checksig *.rpm
If you use a package manager like yum or apt to handle downloading and
installing updates, they can do this check for you.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the users
mailing list