Changes

Jump to: navigation, search

Package signatures

213 bytes added, 10:23, 13 June 2006
Enlarged the RPM description, fixed headings.
== Checking RPM packages ==
RPM package manager has a build-in GPG signatures support. Signatures are embedded into the .rpm files, and public keys are stored in an rpm database In order to check OpenVZ RPM package signatures, you need to import OpenVZ public key to your RPM database. To that effect, do the following(usually you are required to be root):
<pre>
# rpm --import RPM-GPG-Key-OpenVZ
</pre>
Then, to check the packages, use this command(root is not needed):
<pre>
$ rpm -K *.rpm
Some files (e.g. precreated OS templates) are also signed by the GPG key. Unlike RPMS, they do not contain the signature inside the file, but rather there is a separate small <tt>.asc</tt> file available.
=== Importing the public key ===
First, you need to import OpenVZ public key to your GnuPG keychain. You can either import a local file, or search for the key on one of the public keyservers.
</pre>
=== Checking the signature ===
To check the signature, you need to have both the main file (e.g. the template tarball) and the signature file (the one which ends in <tt>.asc</tt>. Assuming you want to check the signature of <tt>centos-4-i386-default.tar.gz</tt> file:

Navigation menu