Checking MariaDB RPM Package Signatures
MariaDB RPM packages since MariaDB 5.1.55 are signed.
The key we use has an id of
1BB943DB and the key fingerprint is:
1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB
To check the signature you first need to import the public part of the key like so:
gpg --keyserver hkp://pgp.mit.edu --recv-keys 1BB943DB
Next you need to let pgp know about the key like so:
gpg --export --armour 1BB943DB > mariadb-signing-key.asc sudo rpm --import mariadb-signing-key.asc
You can check to see if the key was imported with:
rpm -qa gpg-pubkey*
Once the key is imported, you can check the signature of the MariaDB RPM files by running the something like the following in your download directory:
rpm --checksig $(find . -name '*.rpm')
The output of the above will look something like this (make sure gpg shows up on each OK line):
me@desktop:~$ rpm --checksig $(find . -name '*.rpm') ./kvm-rpm-centos5-amd64/rpms/MariaDB-test-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK ./kvm-rpm-centos5-amd64/rpms/MariaDB-server-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK ./kvm-rpm-centos5-amd64/rpms/MariaDB-client-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK ./kvm-rpm-centos5-amd64/rpms/MariaDB-shared-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK ./kvm-rpm-centos5-amd64/rpms/MariaDB-devel-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK ./kvm-rpm-centos5-amd64/rpms/MariaDB-debuginfo-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK ./kvm-rpm-centos5-amd64/srpms/MariaDB-5.1.55-98.el5.src.rpm: (sha1) dsa sha1 md5 gpg OK
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.