How to verify Samba RPM Files?
Vince George (vincgeor)
vincgeor at cisco.com
Wed Oct 22 16:57:35 MDT 2014
Thanks for the reply but the -v verification check suggested in the link you offered is to check on already installed rpm packages.
I am concerned about the integrity of the RPM files and authenticating signatures of the files I have just downloaded from the internet before installing them to ensure they have not been tampered with in any way! The -K option apparently does this but you can see from the output of the two command-lines I invoked that it cannot verify the signatures and complains " NOT OK (MISSING KEYS: GPG#f4428b1a)". I am thinking I need to supply a public key file using the -rcfile option.
For example, for the latest release link on the www.samba.org page they provide a link (http://ftp.samba.org/pub/samba/samba-pubkey.asc) to a public key for verification of the gunzip'ed file.
So it's back to the question of how to validate the integrity of the RPM files and authenticate the signatures? Where can I get the relative public keys?
From: Jelmer Vernooij [mailto:jelmer at samba.org]
Sent: Wednesday, October 22, 2014 6:34 PM
To: Vince George (vincgeor)
Cc: samba-technical at lists.samba.org
Subject: Re: How to verify Samba RPM Files?
On Wed, Oct 22, 2014 at 10:15:57PM +0000, Vince George (vincgeor) wrote:
> I have downloaded a RHEL5 release including several Samba RPM files and I want to verify their integrity & authenticity.
> It's the first time I am using rpm and ran the two command-lines against a Samba rpm file...
> 1st Command-Line: : rpm -K samba3-3.6.24-45.el5.x86_64.rpm
> samba3-3.6.24-45.el5.x86_64.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK
> (MISSING KEYS: GPG#f4428b1a)
> 2nd Command-Line: : rpm -K -v samba3-3.6.24-45.el5.x86_64.rpm
> Header V4 DSA signature: NOKEY, key ID f4428b1a
> Header SHA1 digest: OK (0ba26692ea1fa6c5fc19d4bf9ae5b5f6b2f8a5dd)
> MD5 digest: OK (3f09dc73be6069fd79b2a32ee6e3b51a)
> V4 DSA signature: NOKEY, key ID f4428b1a
> How do I verify the signatures of the Samba RPM? Am I missing some public key file?
This is more of a RHEL-specific question rather than relating specifically to Samba. http://www.rpm.org/max-rpm/ch-rpm-verify.html seems to have some documentation, but you could also ask on one of the RedHat mailing lists.
More information about the samba-technical