FrontPage › CentOS_GPG
* ÀÌ°Å ÇÑÁÙÀÌ¸é µÈ´Ù
# rpm --import http://mirror.centos.org/centos-3/RPM-GPG-KEY-CentOS-3 # rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4
Using Signature Checking in Yum
With any sort of a centralized updating system it is important to ensure that the packages one is downloading have not been tampered with. The RPM packaging system takes care of that by allowing electronic signatures on every package. Due to the nature of PGP/GPG, it is impossible (or, rather, improbably difficult) to forge that signature without having a what is called "private key", which only the administrators of Linux@DUKE have access to.
Once the gpg-checking mechanism is enabled, any package that does not verify against the "public key" you have stored on your computer will not be installed and a warning will be issued to notify you of the problem.
Enabling gpg-checking in yum
Enabling gpg-checking in yum
Yum is the automated updater that is installed on your Linux@DUKE machine. Every night it checks against the Linux@DUKE rpm repository and downloads any new package updates so your system is fully patched against any vulnerabilities that are discovered as time goes on.
Importing public keys
Importing public keys
Before you can enable gpg-checking, you will need to obtain the public part of the gpg keys that were used to sign the packages provided with Centos-3.3. Here is the procedure:
For architecture: i386
For architecture: i386
su - root rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/i386/RPM-GPG-KEY-CentOS-3 rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/i386/Linux-at-DUKE-GPG-KEY
For architecture: x86_64
su - root rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/x86_64/RPM-GPG-KEY-CentOS-3 rpm --import http://install.linux.duke.edu/pub/linux/base/centos-3.3/x86_64/Linux-at-DUKE-GPG-KEY
Verifying fingerprints
If you want to be extra sure, email Linux@DUKE administrators to get the public keys first-hand: admin.at.linux.duke.edu
Editing yum.conf
Editing yum.conf
Open /etc/yum.conf in your favorite editor and edit all occurances of "gpgcheck=0" to "gpgcheck=1".
