RH413 Unit 2 Managing Software Updates
In the /etc/yum.conf in the [main] section:
gpgcheck = 1,yum requires a valid GPG signature on packages being installed with yum.
gpgkey = parameter,which is the location of where the GPG public key is located.
We can import GPG key by manual:
rpm --import <GPG-KEY FILE>
check imported Key:
rpm -qa gpg-pubkey
gpg-pubkey-f4a80eb5-53a7ff4b
check gpg key info:
rpm -qi gpg-pubkey-f4a80eb5-53a7ff4b
Name : gpg-pubkey
Version : f4a80eb5
Release : 53a7ff4b
Architecture: (none)
Install Date: Tue 09 Jan 2018 03:48:02 PM CST
Group : Public Keys
Size : 0
License : pubkeySignature : (none)
Source RPM : (none)
Build Date : Mon 23 Jun 2014 06:19:55 PM CST
Build Host : localhost
Relocations : (not relocatable)
Packager : CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>
Summary : gpg(CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>)Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
remove a gpg:
rpm -e gpg-pubkey-f4a80eb5-53a7ff4b
verify a package via GPG:
rpm -K libwvstreams-4.6.1-11.el7.i686.rpm
libwvstreams-4.6.1-11.el7.i686.rpm: rsa sha1 (md5) pgp md5 OK
more details:
rpm -vvK libwvstreams-4.6.1-11.el7.i686.rpm
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/.key
D: couldn‘t find any keys in /var/lib/rpm/pubkeys/.key
D: loading keyring from rpmdb
D: opening db environment /var/lib/rpm cdb:0x401
D: opening db index /var/lib/rpm/Packages 0x400 mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Name 0x400 mode=0x0
D: read h# 310 Header SHA1 digest: OK (489efff35e604042709daf46fb78611fe90a75aa)
D: added key gpg-pubkey-f4a80eb5-53a7ff4b to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
D: Expected size: 684412 = lead(96)+sigs(1284)+pad(4)+data(683028)
D: Actual size: 684412
libwvstreams-4.6.1-11.el7.i686.rpm:
Header V3 RSA/SHA256 Signature, key ID f4a80eb5: OK
Header SHA1 digest: OK (fda2415ae941f6b0627b075d7c29f91b2ce23bfb)
V3 RSA/SHA256 Signature, key ID f4a80eb5: OK
MD5 digest: OK (3347aa6209d498f962301a4b23c98056)
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm
Validate RPM Scripts:
rpm -qip --scripts libwvstreams-4.6.1-11.el7.i686.rpm
Name : libwvstreams
Version : 4.6.1
Release : 11.el7
Architecture: i686
Install Date: (not installed)
Group : System Environment/Libraries
Size : 2103622
License : LGPLv2+
Signature : RSA/SHA256, Fri 04 Jul 2014 11:28:32 AM CST, Key ID 24c6a8a7f4a80eb5
Source RPM : libwvstreams-4.6.1-11.el7.src.rpm
Build Date : Wed 11 Jun 2014 10:29:54 AM CST
Build Host : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : https://code.google.com/p/wvstreams/
Summary : WvStreams is a network programming library written in C++
Description :
WvStreams aims to be an efficient, secure, and easy-to-use library for
doing network applications development.
postinstall program: /sbin/ldconfig
postuninstall program: /sbin/ldconfig
we also can add some parameter when install rpm.
rpm -ivh [--noscritps] [--notriggers] xxx.rpm
rpm -Va
missing /var/run/pulse
S.5....T. c /etc/yum/pluginconf.d/langpacks.conf
Explain:
S file Size differs
M Mode differs (includes permissions and file type)
5 digest (formerly MD5 sum) differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs
P caPabilities differ
RH413 Unit 2 Managing Software Updates