SCIENTIFIC-LINUX-USERS Archives

September 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: How can I check authenticity of source rpms?
From:
Volker Fröhlich <[log in to unmask]>
Reply To:
Volker Fröhlich <[log in to unmask]>
Date:
Tue, 25 Sep 2012 14:46:04 +0300
Content-Type:
text/plain
Parts/Attachments:
text/plain (26 lines) 
On Tue, 2012-09-25 at 09:50 +0000, Müller-Reineke, Matthias wrote:
> Dear SL users,
> 
> I want to check the authenticity of a source package which I obtained with yum downloader this way:
> 
> yumdownloader --source  --disablerepo=epel tomcat6
> 
> When I try to verify the authenticity happens this:
> 
> ~/> rpm --checksig -v tomcat6-6.0.24-45.el6.src.rpm                            
> tomcat6-6.0.24-45.el6.src.rpm:
>     Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
>     Header SHA1 digest: OK (906acdd5cf193699ef3028d438b12edf7c934d47)
>     V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
>     MD5 digest: OK (7ec8af89e12e5ba43ee1a97e848e75a4)
> willfried@gvsl Tue Sep 25 11:32:59am
> ~/> echo $?
> 1
> 
> 
> What is missing?

The public key of the repository. Import it using rpm --import.

Volker

ATOM RSS1 RSS2