594
edits
Changes
no edit summary
OpenVz7 packages are the same binaries as Virtuozzo7 and signed by Virtuozzo GPG key
[http://repo.virtuozzo.com/vzlinux/security/VIRTUOZZO_GPG_KEY]
Info below is related to OpenVz legacy packages.
All the packages that are released by OpenVZ project are digitally signed by OpenVZ GPG key. Thus, you can check that those packages are indeed came from OpenVZ.
== Checking RPM packages ==
RPM package manager has a build-in GPG signatures support. Signatures are embedded into the .rpm files, and public keys are stored in an rpm database . In order to check OpenVZ RPM package signatures, you need to import OpenVZ public key to your RPM database. To that effect, do the following (usually you are required to be root):
<pre>
# rpm --import RPM-GPG-Key-OpenVZ