RH413 Unit 2 Managing Software Updates

原创

石路驿站 2018-04-08 10:56:10 博主文章分类：Linux ©著作权

文章标签 RH413 Managing Software Updates 文章分类 考试认证

©著作权归作者所有：来自51CTO博客作者石路驿站的原创作品，请联系作者获取转载授权，否则将追究法律责任

GPG Package Signature Verification

In the /etc/yum.conf in the [main] section: gpgcheck = 1,yum requires a valid GPG signature on packages being installed with yum. gpgkey = parameter,which is the location of where the GPG public key is located.

We can import GPG key by manual:

rpm --import <GPG-KEY FILE>

check imported Key:

rpm -qa gpg-pubkey gpg-pubkey-f4a80eb5-53a7ff4b

check gpg key info:

rpm -qi gpg-pubkey-f4a80eb5-53a7ff4b

Name : gpg-pubkey Version : f4a80eb5 Release : 53a7ff4b Architecture: (none) Install Date: Tue 09 Jan 2018 03:48:02 PM CST Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : Mon 23 Jun 2014 06:19:55 PM CST Build Host : localhost Relocations : (not relocatable) Packager : CentOS-7 Key (CentOS 7 Official Signing Key) security@centos.org Summary : gpg(CentOS-7 Key (CentOS 7 Official Signing Key) security@centos.org) Description : -----BEGIN PGP PUBLIC KEY BLOCK-----

remove a gpg: rpm -e gpg-pubkey-f4a80eb5-53a7ff4b

verify a package via GPG:

rpm -K libwvstreams-4.6.1-11.el7.i686.rpm libwvstreams-4.6.1-11.el7.i686.rpm: rsa sha1 (md5) pgp md5 OK more details: rpm -vvK libwvstreams-4.6.1-11.el7.i686.rpm D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/.key D: couldn't find any keys in /var/lib/rpm/pubkeys/.key D: loading keyring from rpmdb D: opening db environment /var/lib/rpm cdb:0x401 D: opening db index /var/lib/rpm/Packages 0x400 mode=0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Name 0x400 mode=0x0 D: read h# 310 Header SHA1 digest: OK (489efff35e604042709daf46fb78611fe90a75aa) D: added key gpg-pubkey-f4a80eb5-53a7ff4b to keyring D: Using legacy gpg-pubkey(s) from rpmdb D: Expected size: 684412 = lead(96)+sigs(1284)+pad(4)+data(683028) D: Actual size: 684412 libwvstreams-4.6.1-11.el7.i686.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: OK Header SHA1 digest: OK (fda2415ae941f6b0627b075d7c29f91b2ce23bfb) V3 RSA/SHA256 Signature, key ID f4a80eb5: OK MD5 digest: OK (3347aa6209d498f962301a4b23c98056) D: closed db index /var/lib/rpm/Name D: closed db index /var/lib/rpm/Packages D: closed db environment /var/lib/rpm

Validate RPM Scripts:

rpm -qip --scripts libwvstreams-4.6.1-11.el7.i686.rpm Name : libwvstreams Version : 4.6.1 Release : 11.el7 Architecture: i686 Install Date: (not installed) Group : System Environment/Libraries Size : 2103622 License : LGPLv2+ Signature : RSA/SHA256, Fri 04 Jul 2014 11:28:32 AM CST, Key ID 24c6a8a7f4a80eb5 Source RPM : libwvstreams-4.6.1-11.el7.src.rpm Build Date : Wed 11 Jun 2014 10:29:54 AM CST Build Host : worker1.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem http://bugs.centos.org Vendor : CentOS URL : https://code.google.com/p/wvstreams/ Summary : WvStreams is a network programming library written in C++ Description : WvStreams aims to be an efficient, secure, and easy-to-use library for doing network applications development. postinstall program: /sbin/ldconfig postuninstall program: /sbin/ldconfig

we also can add some parameter when install rpm.

rpm -ivh [--noscritps] [--notriggers] xxx.rpm

rpm -Va missing /var/run/pulse S.5....T. c /etc/yum/pluginconf.d/langpacks.conf

Explain:

S file Size differs M Mode differs (includes permissions and file type) 5 digest (formerly MD5 sum) differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs P caPabilities differ