[clug] verify multilpe gnu packages at once
Logan McLintock
u4955237 at anu.edu.au
Mon May 12 04:03:20 MDT 2014
Thanks Luke,
Makes me feel like an amateur (well I am lol). Works a treat =)
Regards,
Logan
________________________________________
From: Luke Mewburn <lukem-clug at mewburn.net>
Sent: Monday, May 12, 2014 12:15 PM
To: Logan McLintock
Cc: linux at lists.samba.org
Subject: Re: [clug] verify multilpe gnu packages at once
On Sat, May 10, 2014 at 02:47:21PM +0000, Logan McLintock wrote:
| Hi Guys,
|
|
| I am doing a deviation from Linux from scratch (LFS) and I want to
| verify a whole bunch of gnu packages at once. Linux from scratch
| uses md5sums and they check them all at once from a file called
| md5sums, as follows (page 15 of LFS 7.5)
|
|
| wget -i wget-list -P $LFS/sources
|
|
| pushd $LFS/sources md5sum -c md5sums popd
|
|
| Now I am trying to do the same thing (I have a directory with many
| packages and their corresponding .sig files) and the best I can come
| up with is;
|
|
| $ gpg --verify-files --verbose *.sig
|
| $ gpg --keyserver keyserver.ubuntu.com --recv-keys 306037D9 000BEEEE
| ............. need an ID for every package
|
|
| $ gpg --verify-files --verbose *.sig
|
|
| but its not automatic. I need to somehow grep or sed or gawk? them
| together? Help please =)
|
Have you tried adding
--keyserver-options auto-key-retrieve
to the gpg --verify command line ?
Be aware of the Note in the manual page:
Note that this option makes a "web bug" like behavior possible.
Keyserver operators can see which keys you request, so by
sending you a message signed by a brand new key (which you
naturally will not have on your local keyring), the operator can
tell both your IP address and the time when you verified the
signature.
More information about the linux
mailing list