GPG Signature, RPM Packages
To verify the integrity of an RPM package, do the following:
- Download my public GPG key from my security web page, save it in a file
named “pmkey.asc“
- Import my public key into RPM
- Execute the rpm command with the -K option on the downloaded *.rpm file.
EXAMPLE:
{vlist14}
sudo rpm --import pmkey.asc
rpm -K bsu-3.0.2-1.x86_64.rpm
vlist14
The output from the ”rpm -K ” command should verify both md5 sum and gpg in
one line:
bsu-3.0.2-1.x86_64.rpm: sha1 md5 OK
Subsections