E D R , A S I H C RSS

FrontPage CentOS_GPG

* ÀÌ°Å ÇÑÁÙÀÌ¸é µÈ´Ù
# rpm --import http://mirror.centos.org/centos-3/RPM-GPG-KEY-CentOS-3 
# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4 

Using Signature Checking in Yum

With any sort of a centralized updating system it is important to ensure that the packages one is downloading have not been tampered with. The RPM packaging system takes care of that by allowing electronic signatures on every package. Due to the nature of PGP/GPG, it is impossible (or, rather, improbably difficult) to forge that signature without having a what is called "private key", which only the administrators of Linux@DUKE have access to.

Once the gpg-checking mechanism is enabled, any package that does not verify against the "public key" you have stored on your computer will not be installed and a warning will be issued to notify you of the problem.
Enabling gpg-checking in yum

Yum is the automated updater that is installed on your Linux@DUKE machine. Every night it checks against the Linux@DUKE rpm repository and downloads any new package updates so your system is fully patched against any vulnerabilities that are discovered as time goes on.
Importing public keys

Before you can enable gpg-checking, you will need to obtain the public part of the gpg keys that were used to sign the packages provided with Centos-3.3. Here is the procedure:
For architecture: i386
su - root
rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/i386/RPM-GPG-KEY-CentOS-3
rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/i386/Linux-at-DUKE-GPG-KEY

For architecture: x86_64
su - root
rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/x86_64/RPM-GPG-KEY-CentOS-3
rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/x86_64/Linux-at-DUKE-GPG-KEY

Verifying fingerprints

If you want to be extra sure, email Linux@DUKE administrators to get the public keys first-hand: admin.at.linux.duke.edu
Editing yum.conf

Open /etc/yum.conf in your favorite editor and edit all occurances of "gpgcheck=0" to "gpgcheck=1".
Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2005-04-30 19:15:31
Processing time 0.0144 sec