On Wed, 02 Feb 2005 03:24:41 -0500, David L Norris <dave@xxxxxxxxxxxx> wrote: > On Tue, 2005-02-01 at 18:09 -0800, Richard Hubbell wrote: > > I want to download some files from here but I don't see any checksums > > or hte like to verify the packages after download. > > > > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/ > > Ideally, you should be using yum instead of downloading individual RPM > files. yum verifies the package integrity using GPG encryption keys. Guess I'm old fashioned. > RPM will do the same if you import the keys. > > > Does anyone know where I can find those? > > They are built-in to the RPM package itself: > rpm --checksig somepackage.rpm > > If you want to verify that the package hasn't been altered you really > should import the appropriate GPG keys and verify the GPG signature: > http://www.fedorafaq.org/#gpgsig Ok, also a key in the install (as another poster pointed out) > > For example: > $ rpm --checksig xosd-2.2.12-1.1.fc3.rf.i386.rpm > xosd-2.2.12-1.1.fc3.rf.i386.rpm: (sha1) dsa sha1 md5 gpg OK Thanks for the detail. Richard > > -- > David Norris > http://www.webaugur.com/dave/ > ICQ - 412039 > > >
