On Tue 20 November 2001 15:15, you (Wojtek Pilorz) wrote:
On Mon, 19 Nov 2001, David Talkington wrote:
This command:
$ rpm --checksig --nogpg packagename
meets with my skepticism. It checks the md5 sum of an rpm package.
- From where does rpm get the sum to which it compares the
At 10:05 AM 11/21/01 +0100, Mariusz Pekala wrote:
It lets you detect if file has been changed or corrupted by accident or
error rather than by someone's malicious action.
No.
1) Modified file also has its md5 sum.
2) The md5 of the modified file will be different than the md5 of an
Chris == Chris Watt [EMAIL PROTECTED] writes:
...
Chris You can view an RPM file as three pieces: The actual installable
Chris package, the MD5 checksum of the installable package, and an
Chris (optional) GPG signature for the installable package.
I think this is still correct:
David,
--checksig checks the PGP signature. The RPM itself is signed and
thus contains the signature. I presume you mean --nopgp ? This ignores PGP
errors when verifying. Its not a md5 checksum, it doesn't check the
correctness of the file only the origin.
Steve
-Original
On Mon, 19 Nov 2001, David Talkington wrote:
This command:
$ rpm --checksig --nogpg packagename
meets with my skepticism. It checks the md5 sum of an rpm package.
- From where does rpm get the sum to which it compares the computed
value? If it comes from within the file itself,