On Sun, 7 Feb 1999, Mitchell Maltenfort wrote:
> I've been doing the integrity checks on RPM installs, but that was to
> check against files being corrupted in download. Belatedly, I realize that
> would also check for tampering.
Of course. Actually ckecksums were invented for ckecking the
download quality. And pgp is the pack for making sure that is the
original package.
> I have textutils as part of my RH 5.2 install. I'll check the man
> pages on cksum.
And md5sum. It's somehow easier to use when it comes to ckeck
some files.
> >Else you sould get the pgp pack and compile it. In the pgp man page will
> Where do I get the pgp pack? Does it work with RPMS?
If you live outside US check out http://www.pgpi.com/ - it has
free downloads for Linux/dos/win. I guess, if you live in US you have to
use http://www.pgp.com/ (not sure about this URL). Actually you don't
need any RPM. I compiled it with just a make (no other settings). Make
sure to read the documentation - pgp is a vrey powerful tool, but if isn't
used the right way its value is null. Also the pack it's ckecked with
md4sum. So it's a good way to see it working.
> (Yes, I know RPMS are a crutch, but right now I find them a useful tool
> as well.)
After you'll read the pgp manual you'll see this is very dangerous
(in this case). And as I stated above it compiles in no time and almost
without any help from your part.
Raider
--
``Liberate tu-temet ex inferis''