In: Root » » Linux
Follow these steps to verify the signature of a gzipped tarball:
You will then receive a message either that the signature is good, or that the public key cannot be found. If the public key cannot be found, you must obtain another public key, or you will not be able to verify who owns the package. Using Md5sum Sometimes, a developer will use the md5sum command to generate a hash of the file.You can use this hash and the md5sum command to ensure that the file has not been altered.The easiest way to do this is to read the hash that the developer generated, download the binary in question, and then run md5sum against it. For example, suppose that you learn that the wu-ftpd daemon (the daemon responsible for providing FTP on many sites) has a security problem.You wish to install the latest secure version. After downloading it, you run md5sum against the file: md5sum wu-ftpd-2.8.1-6.i386.rpm However, you notice that the developer’s md5sum value for the same program reads as follows: y415cfgz5bf1356cib8da6c5dd8da0k5 You should then delete the file and find another source where you can verify the md5sum hash.
|
|||||||||||||
Disclaimer
1) E-articles is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringement, please read the terms of service and contact us or use the "Report this article" button on this page to investigate the problem.
2) E-articles is not responsible for inaccuracies, falsehoods, or any other types of misinformation this article may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. |
|||||||||||||
