Re: verifying a (src) rpm

Tue, 26 May 2009 23:56:33 -0700 

Ron Rechenmacher wrote:

Hi,
I want to install kernel-2.6.18-128.1.10.el5.src.rpm which I can get via:
    wget ftp://linux.fnal.gov/linux/scientific/53/SRPMS/vendor/\
kernel-2.6.18-128.1.10.el5.src.rpm
But before I do an rpm --install, I would like to verify the integrity of the rpm. How do I do this? 

I've found the following web site:
    http://rhn.redhat.com/errata/RHSA-2009-0473.html
which shows:
SRPMS:
kernel-2.6.18-128.1.10.el5.src.rpm   5784eab8bcaf859f66d0fc09d37870f8
and I assume there is some way to see the associated number on my system if the .src.rpm is valid. The md5sum command produces: 

# md5sum kernel-2.6.18-128.1.10.el5.src.rpm
e505dd681cf83a06410e86f6301feed8  kernel-2.6.18-128.1.10.el5.src.rpm

The right number of digits, but the wrong ones.

I've noticed the rpmsign command, but it produces:
# rpmsign -K kernel-2.6.18-128.1.10.el5.src.rpm
kernel-2.6.18-128.1.10.el5.src.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#82fd17b2) 

But, maybe I don't know how to use it (it's the first time I have).

Any help is appreciated.
BTW, I've also downloaded the same kernel-2.6.18-128.1.10.el5.src.rpm file from other sites and I get consistent, but different md5sums. 


Thanks,
Ron


Hi Ron,
The md5sum that you get from our src.rpm directories ftp://linux.fnal.gov/linux/scientific/53/SRPMS/vendor/ is going to be different than if you download it directly from redhat, or someplace that just mirrors them directly 
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/
The reason for this is that we sign both our compiled rpm's and our sourc rpm's. RedHat doesn't sign their src.rpm's that they put in their public area's. I believe (but haven't verified) that they do sign the rpm's that they put in their rhn area's though.
As for verifing rpm's, I usually use the -K option ... which I believe works on src.rpm, but I currently cannot verify that 

rpm -K <package>

Troy

--
__________________________________________________
Troy Dawson  [email protected]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

Reply via email to