[PLUG] Running RPM -Uvh gives segmentation fault
Zot O'Connor
zot at whiteknighthackers.com
Fri Jul 25 10:32:02 UTC 2003
On Thu, 2003-07-24 at 20:06, Kenneth G. Stephens wrote:
> r
>
> How about doing an rpm2cpio on the rpm and seeing if the package is
> complete. You can actually get a file list and information directly
> from the package by using:
>
> rpm -qilp package.name.rpm
>
> Ken
Eric recommended the -K option which is the same as checksig. From the
man page:
rpm {--checksig} [--nosignature] [--nodigest]
PACKAGE_FILE ...
The --checksig option checks all the digests and signatures contained
in PACKAGE_FILE to ensure the integrity and origin of the package. Note
that signatures are now verified whenever a package is read, and
--checksig is useful to verify all of the digests and signatures asso-
ciated with a package.
Digital signatures cannot be verified without a public key. An ascii
armored public key can be added to the rpm database using --import. An
imported public key is carried in a header, and key ring management is
performed exactly like package management. For example, all currently
imported public keys can be displayed by:
Now I am not sure if the internals to know if this really works, i.e. it
checks every file, or if it checks a sig to the whole cpio....
--
Zot O'Connor
http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com
More information about the PLUG
mailing list