码迷,mamicode.com
首页 > 其他好文 > 详细

RH413 Unit 2 Managing Software Updates

时间:2018-04-08 11:29:09      阅读:166      评论:0      收藏:0      [点我收藏+]

标签:RH413

GPG Package Signature Verification

In the /etc/yum.conf in the [main] section:
gpgcheck = 1,yum requires a valid GPG signature on packages being installed with yum.
gpgkey = parameter,which is the location of where the GPG public key is located.

We can import GPG key by manual:

rpm --import <GPG-KEY FILE>

check imported Key:

rpm -qa gpg-pubkey
gpg-pubkey-f4a80eb5-53a7ff4b

check gpg key info:

rpm -qi gpg-pubkey-f4a80eb5-53a7ff4b

Name : gpg-pubkey
Version : f4a80eb5
Release : 53a7ff4b
Architecture: (none)
Install Date: Tue 09 Jan 2018 03:48:02 PM CST
Group : Public Keys
Size : 0
License : pubkey
Signature : (none)
Source RPM : (none)
Build Date : Mon 23 Jun 2014 06:19:55 PM CST
Build Host : localhost
Relocations : (not relocatable)
Packager : CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>
Summary : gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----

remove a gpg:
rpm -e gpg-pubkey-f4a80eb5-53a7ff4b

verify a package via GPG:

rpm -K libwvstreams-4.6.1-11.el7.i686.rpm
libwvstreams-4.6.1-11.el7.i686.rpm: rsa sha1 (md5) pgp md5 OK
more details:
rpm -vvK libwvstreams-4.6.1-11.el7.i686.rpm
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/.key
D: couldn‘t find any keys in /var/lib/rpm/pubkeys/
.key
D: loading keyring from rpmdb
D: opening db environment /var/lib/rpm cdb:0x401
D: opening db index /var/lib/rpm/Packages 0x400 mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Name 0x400 mode=0x0
D: read h# 310 Header SHA1 digest: OK (489efff35e604042709daf46fb78611fe90a75aa)
D: added key gpg-pubkey-f4a80eb5-53a7ff4b to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
D: Expected size: 684412 = lead(96)+sigs(1284)+pad(4)+data(683028)
D: Actual size: 684412
libwvstreams-4.6.1-11.el7.i686.rpm:
Header V3 RSA/SHA256 Signature, key ID f4a80eb5: OK
Header SHA1 digest: OK (fda2415ae941f6b0627b075d7c29f91b2ce23bfb)
V3 RSA/SHA256 Signature, key ID f4a80eb5: OK
MD5 digest: OK (3347aa6209d498f962301a4b23c98056)
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm

Validate RPM Scripts:

rpm -qip --scripts libwvstreams-4.6.1-11.el7.i686.rpm
Name : libwvstreams
Version : 4.6.1
Release : 11.el7
Architecture: i686
Install Date: (not installed)
Group : System Environment/Libraries
Size : 2103622
License : LGPLv2+
Signature : RSA/SHA256, Fri 04 Jul 2014 11:28:32 AM CST, Key ID 24c6a8a7f4a80eb5
Source RPM : libwvstreams-4.6.1-11.el7.src.rpm
Build Date : Wed 11 Jun 2014 10:29:54 AM CST
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>;
Vendor : CentOS
URL : https://code.google.com/p/wvstreams/
Summary : WvStreams is a network programming library written in C++
Description :
WvStreams aims to be an efficient, secure, and easy-to-use library for
doing network applications development.
postinstall program: /sbin/ldconfig
postuninstall program: /sbin/ldconfig

we also can add some parameter when install rpm.

rpm -ivh [--noscritps] [--notriggers] xxx.rpm

rpm -Va
missing /var/run/pulse
S.5....T. c /etc/yum/pluginconf.d/langpacks.conf

Explain:

S file Size differs
M Mode differs (includes permissions and file type)
5 digest (formerly MD5 sum) differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ

RH413 Unit 2 Managing Software Updates

标签:RH413

原文地址:http://blog.51cto.com/scantydd/2095558

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!