On 06/21/2016 10:19 PM, Ed Greshko wrote:
On 06/22/16 13:15, Samuel Sieb wrote:
On 06/21/2016 10:04 PM, Antonio M wrote:
a silly question, how do you understand that a package is signed in any
repo?? apart from the warning of dnf, of course....
That would be the primary way. Otherwise, if you have rpmdevtools installed,
you can
download the rpm and run rpmdev-checksig on it. That's what I used to check
some rpms
from rpmfusion to determine that they aren't signed.
Or you could run rpm -K rpmfile
This shows the output of a signed rpm
[root@meimei ~]# rpm -K aime-8.20160504-1.fc23.x86_64.rpm
aime-8.20160504-1.fc23.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
This shows the output of a non-signed rpm
[egreshko@acer ~]$ rpm -K libmpg123-1.22.4-1.fc24.x86_64.rpm
libmpg123-1.22.4-1.fc24.x86_64.rpm: sha1 md5 OK
Oh, that's right, you can check it with rpm and I have used that.
However, rpmdev-checksig will give you a bit more info:
python /bin/rpmdev-checksig nss-3.21.0-1.1.fc23.i686.rpm
nss-3.21.0-1.1.fc23.i686.rpm: RSA/SHA256 - 34ec9cba -
<fedora-23-prim...@fedoraproject.org>
python /bin/rpmdev-checksig a52dec-0.7.4-19.fc24.x86_64.rpm
a52dec-0.7.4-19.fc24.x86_64.rpm: MD5 - None - <None>
You currently have to run it with python directly because there's a bug
where the #! line has python3, but then it throws an exception. If you
run it with python2, it works.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
