[clug] verify multilpe gnu packages at once
Luke Mewburn
lukem-clug at mewburn.net
Sun May 11 20:15:39 MDT 2014
On Sat, May 10, 2014 at 02:47:21PM +0000, Logan McLintock wrote:
| Hi Guys,
|
|
| I am doing a deviation from Linux from scratch (LFS) and I want to
| verify a whole bunch of gnu packages at once. Linux from scratch
| uses md5sums and they check them all at once from a file called
| md5sums, as follows (page 15 of LFS 7.5)
|
|
| wget -i wget-list -P $LFS/sources
|
|
| pushd $LFS/sources md5sum -c md5sums popd
|
|
| Now I am trying to do the same thing (I have a directory with many
| packages and their corresponding .sig files) and the best I can come
| up with is;
|
|
| $ gpg --verify-files --verbose *.sig
|
| $ gpg --keyserver keyserver.ubuntu.com --recv-keys 306037D9 000BEEEE
| ............. need an ID for every package
|
|
| $ gpg --verify-files --verbose *.sig
|
|
| but its not automatic. I need to somehow grep or sed or gawk? them
| together? Help please =)
|
Have you tried adding
--keyserver-options auto-key-retrieve
to the gpg --verify command line ?
Be aware of the Note in the manual page:
Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by
sending you a message signed by a brand new key (which you
naturally will not have on your local keyring), the operator can
tell both your IP address and the time when you verified the
signature.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/linux/attachments/20140512/ac5286fd/attachment.pgp>
More information about the linux
mailing list