FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 11-23-2011, 02:46 AM
Skunk Worx
 
Default test local rpm file in place for consistency, size, etc.

I have a set of .rpm files restored from backups.

They have nothing to do with my current install except they are in the
file system.

Is there a command that will sweep these (several hundred) .rpm files
and test their internal values against the file itself, in place, to
check for any problems with size / consistency / corruption?

TIA,
John
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 03:00 AM
"T.C. Hollingsworth"
 
Default test local rpm file in place for consistency, size, etc.

On Tue, Nov 22, 2011 at 8:46 PM, Skunk Worx <skunkworx@verizon.net> wrote:
> I have a set of .rpm files restored from backups.
>
> They have nothing to do with my current install except they are in the
> file system.
>
> Is there a command that will sweep these (several hundred) .rpm files
> and test their internal values against the file itself, in place, to
> check for any problems with size / consistency / corruption?

"rpm -K" will verify the hash and GPG signature (if one exists) for a
provided set of RPMs.

It will work fine on older RPMs but may fail on ones built with newer
versions of RPM than the one installed on the system.

-T.C.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 03:13 AM
Skunk Worx
 
Default test local rpm file in place for consistency, size, etc.

On 11/22/2011 08:00 PM, T.C. Hollingsworth wrote:
> On Tue, Nov 22, 2011 at 8:46 PM, Skunk Worx<skunkworx@verizon.net> wrote:
>> I have a set of .rpm files restored from backups.
>>
>> They have nothing to do with my current install except they are in the
>> file system.
>>
>> Is there a command that will sweep these (several hundred) .rpm files
>> and test their internal values against the file itself, in place, to
>> check for any problems with size / consistency / corruption?
>
> "rpm -K" will verify the hash and GPG signature (if one exists) for a
> provided set of RPMs.
>
> It will work fine on older RPMs but may fail on ones built with newer
> versions of RPM than the one installed on the system.
>
> -T.C.

Thanks!

..
foo.rpm : (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#6df2196f)
...

They all say this -- which seems okay -- all things considered. They are
Fedora 9 update rpms from a couple years ago.

---
John
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 03:19 AM
"T.C. Hollingsworth"
 
Default test local rpm file in place for consistency, size, etc.

On Tue, Nov 22, 2011 at 9:13 PM, Skunk Worx <skunkworx@verizon.net> wrote:
> ..
> foo.rpm : (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#6df2196f)
> ...
>
> They all say this -- which seems okay -- all things considered. They are
> Fedora 9 update rpms from a couple years ago.

That's just telling you RPM doesn't know about the GPG key those RPMs
were signed with. Fedora uses a new key for every release, so there's
no way you have the Fedora 9 package signing key installed. ;-)

-T.C.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 03:29 AM
Ed Greshko
 
Default test local rpm file in place for consistency, size, etc.

On 11/23/2011 12:19 PM, T.C. Hollingsworth wrote:
> On Tue, Nov 22, 2011 at 9:13 PM, Skunk Worx<skunkworx@verizon.net> wrote:
>> ..
>> foo.rpm : (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#6df2196f)
>> ...
>>
>> They all say this -- which seems okay -- all things considered. They are
>> Fedora 9 update rpms from a couple years ago.
> That's just telling you RPM doesn't know about the GPG key those RPMs
> were signed with. Fedora uses a new key for every release, so there's
> no way you have the Fedora 9 package signing key installed. ;-)
>

But, they could be imported, right? I think this...

rpmkeys --import https://fedoraproject.org/static/6DF2196F.txt

will do it on F15 at least.


--
Even if you do learn to speak correct English, whom are you going to
speak it to? -- Clarence Darrow
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 03:31 AM
Andre Robatino
 
Default test local rpm file in place for consistency, size, etc.

Skunk Worx <skunkworx <at> verizon.net> writes:

> foo.rpm : (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#6df2196f)
> ...
>
> They all say this -- which seems okay -- all things considered. They are
> Fedora 9 update rpms from a couple years ago.

The old keys are available at https://fedoraproject.org/en/keys under "OBSOLETE
KEYS" if you want to download and import them.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 03:44 AM
Andre Robatino
 
Default test local rpm file in place for consistency, size, etc.

Andre Robatino <robatino <at> fedoraproject.org> writes:

> The old keys are available at https://fedoraproject.org/en/keys under "OBSOLETE
> KEYS" if you want to download and import them.

Should add that by default yum checks RPMs against ANY of your imported keys, so
you should probably uninstall obsolete keys like this after using them.
Importing a key creates a package with a name like
"gpg-pubkey-a82ba4b7-4e2df47d" which you can remove in the usual way. You can
identify which key is which by running "rpm -qi gpg-pubkey-a82ba4b7-4e2df47d |
grep ^Summary", for example. I filed
https://bugzilla.redhat.com/show_bug.cgi?id=422221 a long time ago for yum to
check that a package is signed with a specific repo's key, but it hasn't been
implemented yet.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 11-23-2011, 02:59 PM
Skunk Worx
 
Default test local rpm file in place for consistency, size, etc.

On 11/22/2011 08:44 PM, Andre Robatino wrote:
> Andre Robatino<robatino<at> fedoraproject.org> writes:
>
>> The old keys are available at https://fedoraproject.org/en/keys under "OBSOLETE
>> KEYS" if you want to download and import them.
>
> Should add that by default yum checks RPMs against ANY of your imported keys, so
> you should probably uninstall obsolete keys like this after using them.
> Importing a key creates a package with a name like
> "gpg-pubkey-a82ba4b7-4e2df47d" which you can remove in the usual way. You can
> identify which key is which by running "rpm -qi gpg-pubkey-a82ba4b7-4e2df47d |
> grep ^Summary", for example. I filed
> https://bugzilla.redhat.com/show_bug.cgi?id=422221 a long time ago for yum to
> check that a package is signed with a specific repo's key, but it hasn't been
> implemented yet.
>

Thanks Andre -- this worked great -- all of the rpms resolved to 'gpg ok'.

I truncated one file as a test and it failed.

I ran across this :

http://fedoraproject.org/wiki/Enabling_new_signing_key

...but the link for the F9 new kwy is broken and the sha1sum on the web
page doesn't match the fedora-release-9-5.transition.noarch.rpm in koji.

http://kojipkgs.fedoraproject.org/packages/fedora-release/9/5.transition/noarch/fedora-release-9-5.transition.noarch.rpm

My sha1sum says :

9374b20a8e30f6d0423e2ffaae0dc985333c2664

rpm -K passed for it and the fingerprint of the
RPM-GPG-KEY-fedora-8-and-9 key matched OBSOLETES so I decided it was
good and used it.

---
John
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 09:33 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org