Verifying packages

All of ourDEBandRPMpackages are signed with ourGPGkey.

All packages are signed by ourGPGpublic key, available athttp://trisul.org/pubkey.gpg

Verify a rpm

The steps are

Import our public keyrpm --import http://trisul.org/pubkey.gpg
Verify usingrpm --checksig trisulpackage.rpm

Look for the OK message.

A sample verify session would look like below

[root@localhost ~]# rpm --import http://trisul.org/pubkey.gpg
[root@localhost ~]# rpm --checksig webtrisul-3.0.1065-0.el6.x86_64.rpm
webtrisul-3.0.1065-0.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

TheRPMverification was successful if you see the status end withpgp md5 OK

Verify a deb

You will be using a package calleddpkg-sigto verify the DEBs. Make sure it is installed first.

The steps are :

Import our public key into your key ring usinggpg --import pubkey.gpg
Verify usingdpkg-sig --verify pkg.deb

A sample verify session would look like below

nsmdemo@ubu22:~$ wget http://trisul.org/pubkey.gpg 
nsmdemo@ubu22:~$ gpg --import pubkey.gpg 
gpg: key A6CC1B18: public key "Unleash Networks Support (UNPL) <info@unleashnetworks.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
nsmdemo@ubu22:~$ dpkg-sig --verify trisul_3.0.1316_i386.deb 
Processing trisul_3.0.1316_i386.deb...
GOODSIG _gpgbuilder 3024CAB9A68659FE4E4E3A0639A67B00A6CC1B18 1367065944

The output of dpkg-sig —verify must start withGOODSIG

The verification was successful if you see the status line start withGOODSIG

Verify a rpm​

Verify a deb​

Verify a rpm

Verify a deb