On Thu, 2005-07-28 at 00:57 -0500, Bryan J. Smith wrote:
I'm not really up-to-snuff on the keys included with CentOS. I deploy RHEL far more than CentOS (my apologies).
I assume you already know this, but:
- Any major "packages" system (DPKG, RPM) have a way for packages to be
signed
- Most major, automated "front-ends" (APT, YUM, UP2DATE) often check for
valid signatures on packages using existing keys
- Any keys not included in the base install will need to be imported
from a trusted source, so they can then be checked on packages to guarantee they come from that trusted source
Ideally, the keys should come with the distro, but once you start adding repositories, they don't always.
--- they come with it...
as root
# updatedb # locate GPG-KEY /usr/share/doc/centos-release-4/RPM-GPG-KEY /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4 /usr/share/doc/rpm-4.3.3/RPM-GPG-KEY /usr/share/doc/rpm-4.3.3/BETA-GPG-KEY /usr/share/rhn/RPM-GPG-KEY /usr/share/rhn/BETA-RPM-GPG-KEY /usr/share/rhn/RPM-GPG-KEY-fedora /usr/share/rhn/RPM-GPG-KEY-fedora-test /usr/share/rhn/RPM-GPG-KEY-centos4
# rpm --import /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4
Craig