GPG Signature, RPM Packages

To verify the integrity of an RPM package, do the following:

1. Download my public GPG key from my security web page, save it in a file named ``pmkey.asc``
2. Import my public key into RPM
3. Execute the rpm command with the -K option on the downloaded *.rpm file.

EXAMPLE:

sudo rpm --import pmkey.asc
rpm  -K  bsu-3.0.1-1.x86_64.rpm

The output from the ''rpm -K '' command should verify both md5 sum and gpg in one line:

bsu-3.0.1-1.x86_64.rpm: sha1 md5 OK