On Wed, 02 Feb 2005 08:34:17 +0000, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > On Tue, 2005-02-01 at 18:09 -0800, Richard Hubbell wrote: > > I want to download some files from here but I don't see any checksums > > or hte like to verify the packages after download. > > > > http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/i386/ > > > > Does anyone know where I can find those? > > RPM packages have built-in MD5 and, optionally, GPG signatures. Is MD5 alone enough? I always thought MD5 and SHA1 went hand-in-hand? Anyway that's more rhetorical than a real question for you. > > If you are downloading updates for Fedora Core 3, that is presumably > because your have a Fedora Core 3 installation, in which case you can > find the GPG key at: > > /usr/share/doc/fedora-release-3/RPM-GPG-KEY-fedora Ah, thanks for that. > > Import that key into the RPM database (as root): > # rpm --import /usr/share/doc/fedora-release-3/RPM-GPG-KEY-fedora > > You can then use rpm to verify the integrity of your downloaded > packages: > > $ rpm --checksig *.rpm > > If you use a package manager like yum or apt to handle downloading and > installing updates, they can do this check for you. Ok. Thanks. Richard > > Paul. > -- > Paul Howarth <paul@xxxxxxxxxxxx>
