Verifying Signed Packages using GNU Privacy Guard
GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by OS does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.
Assuming the disc is mounted in /mnt/cdrom, use the following command to import it into the keyring (a database of trusted keys on the system)
To verify all the downloaded packages at once, issue the following command:
For each package, if the GPG key verifies successfully, the command returns gpg OK.
Leave a Reply
You must be logged in to post a comment.