search for: checksig

Hi list, Trying to upgrade someone's workstation here to 5.2 (was installed from a 5.0 DVD I think). The RPMs on our internal mirror are in-tact and pass a 'rpm -- checksig' test, yet when I run a 'yum upgrade' a large portion of them are corrupted and fail the GPG check. This seems to be isolated to yum, as downloading the RPM directly via FTP with wget or lftpget provides an RPM that *does* pass the GPG check. I have upgraded key packages to the la...

...06408bae76bf581d2bf69 screen-3.9.4-3.i386.rpm 09277e5b10b709ac2d974b952cb29e9b screen-3.9.4-3.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig 'filename' If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 'filename' 10. References: From mail@mail.redhat.com Oct 17:20:32 1999 -0400 Received: (qmail 1551 inv...

I thought I'd install the binary RPM for Red Hat 7.1. Following the advice from the ReadMe I checked the GPG signature (sorry, I have very little idea what it is) of the .rpm files. Here is what I got. % rpm --checksig *.rpm R-base-1.3.1-3.i386.rpm: md5 GPG NOT OK R-recommended-1.3.1-1.i386.rpm: md5 (GPG) OK (MISSING KEYS: GPG#97D3544E) Does it indicate any problem? Thanks, Vadim -------------------------------------------------- DISCLAIMER This e-mail, and any attachments thereto, is intended only for use...

...majordomo-1.94.5-2.i386.rpm 89e327c6c92acc97db34e541f34c0c67 6.1/sparc/majordomo-1.94.5-2.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Thanks to Brock Tellier at btellier@USA.NET for noting the vulnerability in resen...

...75ff7a sparc/wu-ftpd-2.6.0-1.sparc.rpm 7e30ea42e82908752b943621580f6f1c SRPMS/wu-ftpd-2.6.0-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 10. References: CERT Advisory CA-99-13 Multiple Vulnerabilities in WU-FTPD http://www.cert.org...

...c/emacs-leim-20.7-1.sparc.rpm a6ae2d4b6afcb0022d59183b12472361 6.2/sparc/emacs-nox-20.7-1.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.securityfocus.com/bid/1125 From mail@mail.redhat.com Jun 19:00:12...

...icator-4.73-1.i386.rpm aea9965093a8202196f637e8385035d9 6.2/i386/netscape-navigator-4.73-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A

...m-utils-6.0.1s11-1.4.2.sparc.rpm 0aa30be9b859eca2e003bb983c4839f5 SRPMS/am-utils-6.0.1s11-1.4.2.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp <filename> 10. References: N/A Cristian - -- - -------------------------------------------------------------...

...sparc/mailx-8.1.1-16.sparc.rpm fa63980aed3bdd2c9c14dcca6745c56c 6.2/sparc/perl-5.00503-11.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.securityfocus.com/vdb/bottom.html?vid=1547 http://bugs.perl.org/perlbu...

Downloaded from http://vault.centos.org/debuginfo/4/i386/ The file I received was 23-Aug-2006 06:18 298M. My ls showed 312932522. I presume this is an approximate match. Validation failed. # rpm --checksig kernel-debuginfo-2.6.9-42.0.2.EL.i686.rpm kernel-debuginfo-2.6.9-42.0.2.EL.i686.rpm: sha1 MD5 NOT OK The i586 file validates OK. TIA -- Bill

...pd-linux-2.5.3-15.i386.rpm 8f54499ea64372f17a5707d4615edddc 6.2/sparc/mopd-linux-2.5.3-15.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.openbsd.org/security.html#27 Thanks to Matt Power <mhpower@MIT.EDU...

...b 6.2/i386/ntop-1.3.1-1.i386.rpm e6415fc286119023f321ce7e5bdbfce9 6.2/sparc/ntop-1.3.1-1.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A Copyright(c) 2000 Red Hat, Inc. ________________________________________...

...6/umb-scheme-3.2-12.i386.rpm 372da7c9c61ad6f242e5eeff9d6f943b 6.2/sparc/umb-scheme-3.2-12.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Thanks to Prasanth A. Kumar for pointing this error out. Copyright(c) 2000 Red...

...2000-1.src.rpm 61e9f5fed71cbb784f2e1352cb98fb1a 6.2/noarch/Zope-Hotfix-DTML-08_09_2000-1.noarch.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert Copyright(c)...

...MS/mailman-2.0beta5-1.src.rpm 53561915ca8b245b98bd78f3e3a8fd9d 3.2/i386/mailman-2.0beta5-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A Copyright(c) 2000 Red Hat, Inc.

...Package Name -------------------------------------------------------------------------- N/A These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A

.../i386/BitchX-1.0c16-1.i386.rpm 2317c93fa3ed3a0ee0566ecd1c6d98ad 6.2/sparc/BitchX-1.0c16-1.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Thanks to Colten Edwards <edwards@bitchx.dimension6.com> for making us awar...

...6.2/SRPMS/kwintv-0.7.5-2.src.rpm 72e10bb7dfb96a7c655a7f3db79d47a1 6.2/i386/kwintv-0.7.5-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: N/A

...6_16_2000-1.src.rpm dee87d4dd038b1a10f6e46a0883197b3 6.2/noarch/Zope-Hotfix-06_16_2000-1.noarch.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert

.../i386/gnuplot-3.7.1-5.i386.rpm 3eb615e63b37108f75db4819f03c02df 6.2/sparc/gnuplot-3.7.1-5.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 10. References: N/A