Re: [CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Leon Fauster 
Am 28.04.2016 um 21:29 schrieb Albin Otterhäll :
> On 2016-04-28 21:08, Andreas Benzler wrote:
>> repository gpg can be found in
>> /etc/pki/rpm-gpg/
>> 
>> read the repo file(s) in
>> 
>> /etc/yum.repos.d/
>> 
>> cat /etc/yum.repos.d/CentOS-Base.repo 
>> # CentOS-Base.repo
>> #
>> # The mirror system uses the connecting IP address of the client and the
>> # update status of each mirror to pick mirrors that are updated to and
>> # geographically close to the client.  You should use this for CentOS
>> updates
>> # unless you are manually picking other mirrors.
>> #
>> # If the mirrorlist= does not work for you, as a fall back you can try
>> the 
>> # remarked out baseurl= line instead.
>> #
>> #
>> 
>> [base]
>> name=CentOS-$releasever - Base
>> mirrorlist=http://mirrorlist.centos.org/?release=$releasever=
>> $basearch=os=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
>> gpgcheck=1
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
> 
> Apparently I wasn't clear enough. I'm using Arch Linux (i.e. I haven't
> access to the gpg key that comes with an installation) and would like to
> verify the ISO I've downloaded. To-do that I need the key used to sign
> the "sha256sum.txt.asc" file.
> 
> I need to import the CentOS Release 7 (and maybe additional keys) from a
> keyserver or download the keyfile to be able do that.



if the mirror is compromised, you should use a different source:

https://pgp.mit.edu/pks/lookup?search=centos.org


--
LF

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Jay Leafey 

On 04/28/2016 02:29 PM, Albin Otterhäll wrote:


Apparently I wasn't clear enough. I'm using Arch Linux (i.e. I haven't
access to the gpg key that comes with an installation) and would like to
verify the ISO I've downloaded. To-do that I need the key used to sign
the "sha256sum.txt.asc" file.

I need to import the CentOS Release 7 (and maybe additional keys) from a
keyserver or download the keyfile to be able do that.

Regards,
Albin


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



Open up a browser and go to:


http://mirror.centos.org/centos-7/7/os/x86_64/


The GPG keys used to sign the RPM packages are in that directory.  That 
may also be the key used to sign the checksum files.  Here;s what I did 
on my system to check:



[jleafey@icarus temp]$ gpg --import RPM-GPG-KEY-CentOS-7
gpg: key F4A80EB5: public key "CentOS-7 Key (CentOS 7 Official Signing Key) 
" imported
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)
[jleafey@icarus temp]$ gpg --verify sha256sum.txt.asc
gpg: Signature made Thu 10 Dec 2015 09:41:44 AM CST using RSA key ID F4A80EB5
gpg: Good signature from "CentOS-7 Key (CentOS 7 Official Signing Key) 
"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6341 AB27 53D7 8A78 A7C2  7BB1 24C6 A8A7 F4A8 0EB5
[jleafey@icarus temp]$


The bit that says "Good signature" seems to indicate that it was OK.

Hope that answers your question!
--
Jay Leafey - Memphis, TN
jay.lea...@mindless.com

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Albin Otterhäll 
On 2016-04-28 21:24, Thomas Eriksson wrote:
> On 04/28/2016 11:50 AM, Albin Otterhäll wrote:
>> Hi!
>>
>> I'm currently using a non-CentOS system, and wondering where I can find
>> the GPG keys so I can verify the checksum file?
>>
>> The page on the website (https://www.centos.org/keys/) only give
>> information where I can find them on an already installed system.
>>
>> Regards,
>> Albin
>>
> 
> You can find the keys in the top directory of any centos mirror
> e.g. http://mirror.centos.org/centos/
> 
Thank for helping me out!

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Albin Otterhäll 
On 2016-04-28 21:08, Andreas Benzler wrote:
> repository gpg can be found in
> /etc/pki/rpm-gpg/
> 
> read the repo file(s) in
> 
> /etc/yum.repos.d/
> 
>  cat /etc/yum.repos.d/CentOS-Base.repo 
> # CentOS-Base.repo
> #
> # The mirror system uses the connecting IP address of the client and the
> # update status of each mirror to pick mirrors that are updated to and
> # geographically close to the client.  You should use this for CentOS
> updates
> # unless you are manually picking other mirrors.
> #
> # If the mirrorlist= does not work for you, as a fall back you can try
> the 
> # remarked out baseurl= line instead.
> #
> #
> 
> [base]
> name=CentOS-$releasever - Base
> mirrorlist=http://mirrorlist.centos.org/?release=$releasever=
> $basearch=os=$infra
> #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
> gpgcheck=1
> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Apparently I wasn't clear enough. I'm using Arch Linux (i.e. I haven't
access to the gpg key that comes with an installation) and would like to
verify the ISO I've downloaded. To-do that I need the key used to sign
the "sha256sum.txt.asc" file.

I need to import the CentOS Release 7 (and maybe additional keys) from a
keyserver or download the keyfile to be able do that.

Regards,
Albin


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Thomas Eriksson 
On 04/28/2016 11:50 AM, Albin Otterhäll wrote:
> Hi!
> 
> I'm currently using a non-CentOS system, and wondering where I can find
> the GPG keys so I can verify the checksum file?
> 
> The page on the website (https://www.centos.org/keys/) only give
> information where I can find them on an already installed system.
> 
> Regards,
> Albin
> 

You can find the keys in the top directory of any centos mirror
e.g. http://mirror.centos.org/centos/


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Andreas Benzler 
repository gpg can be found in
/etc/pki/rpm-gpg/

read the repo file(s) in

/etc/yum.repos.d/

 cat /etc/yum.repos.d/CentOS-Base.repo 
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS
updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try
the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever=
$basearch=os=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7





Am Donnerstag, den 28.04.2016, 20:50 +0200 schrieb Albin Otterhäll:
> Hi!
> 
> I'm currently using a non-CentOS system, and wondering where I can find
> the GPG keys so I can verify the checksum file?
> 
> The page on the website (https://www.centos.org/keys/) only give
> information where I can find them on an already installed system.
> 
> Regards,
> Albin
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Where can I find the CentOS gpg keys?

2016-04-28 Thread Albin Otterhäll 
Hi!

I'm currently using a non-CentOS system, and wondering where I can find
the GPG keys so I can verify the checksum file?

The page on the website (https://www.centos.org/keys/) only give
information where I can find them on an already installed system.

Regards,
Albin

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos