GNUpdate

News
About GNUpdate
FAQ
Downloads
Components
Development
Documentation
Translation
ListServs
Package Database
Contribution
Contact Information

9/11

SourceForge



  Verifying Package Signatures

If you're the cautious type, you may want to verify the packages you download. Starting with libcomprex v0.3.3, all RPM packages are signed with my GPG key, which you may download.



  Verifying RPM Packages

Before verifying a signature, you must download the public key above and import it into your RPM database using the following command (as root):

    rpm --import /path/to/chipx86-pubkey.asc
   

You may then check the authenticity of the packages by typing the following (again, as root):

    rpm -K package.rpm
   

If the package was verified, the result will look something like this:

    package.rpm: (sha1) dsa sha1 md5 gpg OK
   


    Copyright © 2001-2003 The GNUpdate Project. All rights reserved.
    Website design and development by Portal Web Design.
    Site search provided by Google.