|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] checking rpm integrity
From: dproc (dproc
dol.net)Date: Fri Apr 07 2000 - 21:33:12 CDT
- Next message: Marc Heuse: "[suse-security] SuSEfirewall 2.2beta: SAMBA and masquerade forwarding support!"
- Previous message: Markus Gaugusch: "Re: [suse-security] Cracking passwd file on suse systems"
- In reply to: Volker Kuhlmann: "[suse-security] checking rpm integrity"
- Next in thread: Volker Kuhlmann: "Re: [suse-security] checking rpm integrity"
- Reply: dproc: "Re: [suse-security] checking rpm integrity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 07 Apr 2000, Volker Kuhlmann wrote:
> Stupid question: when I download an updated rpm for SuSE, how do I check
> whether it's realy come from SuSE???
> It does not seem to be a very reliable way to go. I find that
>
> > md5sum -c ~/t/m
> update/6.4/kpa1/kreatecd-0.3.8b-0.i386.rpm: FAILED
.... I am getting the same problem. Just downloaded the
above file and I get:
# md5sum kreatecd-0.3.8b-0.i386.rpm
a9ad2ebb07c094d49658efd6b0941c73 kreatecd-0.3.8b-0.i386.rpm
This is different to Volker's result:
> > md5sum update/6.4/kpa1/kreatecd-0.3.8b-0.i386.rpm
> ec64fd1187373f48c02922eb71ae2f7a update/6.4/kpa1/kreatecd-0.3.8b-0.i386.rpm
>
But also differs from the announcement:
09cbe9a08cf2b0d5d5d0b1963c3edbcd ftp://ftp.s....
So I just downloaded the htdig update for 6.3:
# md5sum -b htdig-3.1.5-0.i386.rpm
cf847dffc94c759e7fd7c3d1ab54de40 *htdig-3.1.5-0.i386.rpm
And the announcement says:
0e302f0ebe4772a3f84ad8390f62c4e8 ftp://ftp.suse.c....
What are Volker and I doing wrong? It makes me feel like a
newbie all over again.
My md5sum is from an old SuSE CD rpm "textutil-1.22-18"
# md5sum --version
md5sum (GNU textutils) 1.22
> Question: why does SuSE not pgp/gpg sign their rpms?
If I knew how to work md5sum right I would be happy. With
pgp I think we have compatibility, licence and US export
issues (**is it legal in France to use pgp for signature
checking??) The SuSE CDs have pgp version 2.6.2 (as do
RedHat CDs I think), but it seems that many suse-security
list members use version 5 source release or version 6
binary release. 5 and 6 are not be compatible with my
version of rpm, I think.
GPG is very young for me to totally trust it, yet. Does it
work with rpm?
Regards, dproc
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Next message: Marc Heuse: "[suse-security] SuSEfirewall 2.2beta: SAMBA and masquerade forwarding support!"
- Previous message: Markus Gaugusch: "Re: [suse-security] Cracking passwd file on suse systems"
- In reply to: Volker Kuhlmann: "[suse-security] checking rpm integrity"
- Next in thread: Volker Kuhlmann: "Re: [suse-security] checking rpm integrity"
- Reply: dproc: "Re: [suse-security] checking rpm integrity"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]