Re: automatic import of rpm keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 14.Jun.2013, at 13:20, James Hogarth wrote:

> I think I am getting a little confused about these trust things.
>> How am *I* supposed to verify the validity of those public keys.
>> 
> 
> 
> If you really want to be sure what you should do is compare them from your
> system to a trusted source such as the CentOS website, CentOS main
> repositories, CentOS IRC channel or here ;)

So I hardcode the keys in my %post and compare them to what was installed, instead of blindly importing them

…snip
# import the pgp key
cmp /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 - <<GUGU
-----BEGIN PGP PUBLIC KEY BLOCK-----
shiny KEY GOES HERE
-----END PGP PUBLIC KEY BLOCK-----
GUGU

if [ $? == 0 ]; then
   rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
fi
snap...

still not quite sure what to do if the key does not match in the previous comparison.
however, here are the keys I know of and if someone keys does not match she might raise her hands.

(what is the RPM-GPG-KEY-CentOS-Security-6 key for?)

# gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
pub  4096R/C105B9DE 2011-07-03 CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@xxxxxxxxxx>
      Key fingerprint = C1DA C52D 1664 E8A4 386D  BA43 0946 FCA2 C105 B9DE

# gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-6 
pub  4096R/D0FF3D16 2011-07-03 CentOS-6 Debuginfo Key (CentOS-6 Debuginfo Signing Key) <centos-6-debug-key@xxxxxxxxxx>
      Key fingerprint = 69B3 0F26 BA2B 3AA4 C27C  E4F5 3B75 CF79 D0FF 3D16

# gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Security-6 
pub  4096R/FE837F6F 2011-07-03 CentOS-6 Security Key (CentOS-6 Official Security Key) <centos-6-security-key@xxxxxxxxxx>
      Key fingerprint = 0830 F43C 928A A5A8 A6F1  AF97 0B13 2C3F FE83 7F6F

# gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Testing-6 
pub  4096R/EF1D6DB8 2011-07-03 CentOS-6 Testing Key (CentOS-6 Test and Beta Signing Key) <centos-6-testing-key@xxxxxxxxxx>
      Key fingerprint = 4233 9C29 8BC4 352C A4F9  7504 119C 1A87 EF1D 6DB8

-- 
Markus
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux