From 35939888ffac617cbfc52c71cf2ea01f0f3a1115 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 5 Mar 1996 15:44:50 +0000 Subject: [PATCH] add verify and PGP stuff CVS patchset: 458 CVS date: 1996/03/05 15:44:50 --- rpm.8 | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 79 insertions(+), 5 deletions(-) diff --git a/rpm.8 b/rpm.8 index ec4bf29..88df4f4 100644 --- a/rpm.8 +++ b/rpm.8 @@ -10,7 +10,7 @@ build, install, query, verify, update, and uninstall individual software packages. A \fIpackage\fP consists of an archive of files, and package information, including name, version, and description. -There are size basic modes of operation, and each takes a different +There are five basic modes of operation, and each takes a different set of options. They are \fIbuild\fP, \fIinstall\fP, \fIquery\fP, \fIverify\fP, \FIsignature check\fP, and \fIuninstall\fP. @@ -22,7 +22,7 @@ set of options. They are \fIbuild\fP, \fIinstall\fP, \fIquery\fP, .br .I "\fBrpm \-\-checksig +\fP" .br -.I "\fBrpm \-u +\fP" +.I "\fBrpm \-e +\fP" .br .I "\fBrpm \-b\fIO\fB [build\-options] +\fP" @@ -101,6 +101,10 @@ Remove the build tree after the packages are made. .IP "\fB\-\-test\fP" Do not execute any build stages. Implies \fB\-\-keep\-temps\fP. Useful for testing out spec files. +.IP "\fB\-\-sign\fP" +Embed a PGP signature in the package. This signature can be used +to verify the integrity and the origin of the package. See the +section on PGP SIGNATURES for /etc/rpmrc details. .SH QUERY OPTIONS There are two sets of options for querying: package selection, and @@ -144,9 +148,35 @@ verifying compares the size, MD5 sum, permissions, type, owner and group of each file. Any discrepencies are displayed. The package specification options are the same as for package querying. +The format of the output is a string of 8 characters, an optional "\fBc\fP" +denoting a configuration file, and then the file name. Each of the 8 +characters denotes the result of a comparison of one aspect of the file +to that aspect as recorded in the RPM database. A single "\fB.\fP" (period) +means the test passed. The following characters denote failure of certain +tests: + +.IP "\fB5\fP" +MD5 sum +.IP "\fBS\fP" +File size +.IP "\fBL\fP" +Symlink +.IP "\fBT\fP" +Mtime +.IP "\fBD\fP" +Device +.IP "\fBU\fP" +User +.IP "\fBG\fP" +Group +.IP "\fBM\fP" +Mode (includes permissions and file type) + .SH SIGNATURE CHECKING -This checks the PGP signature built into a package to ensure it came from -a particular source. The PGP configuration information is read from /etc/rpmrc. +This checks the PGP signature built into a package to ensure the integrity +and the origin of the package. +PGP configuration information is read from /etc/rpmrc. +See the section on PGP SIGNATURES for details. .SH REBUILD OPTION @@ -165,7 +195,6 @@ There is one more option that can be used to invoke rpm: This causes rpm to search the locations listed in /etc/rpmrc for any rpm matching those listed as arguments on the command line. - .SH GENERAL OPTIONS These options can be used in all the different modes. .IP "\fB\-vv\fP" @@ -183,6 +212,51 @@ Print a single line containing the version number of rpm being used. .IP "\fB\-\-root \fP" Use the directory given as top level directory for all operations. +.SH PGP SIGNATURES + +In order to use the signature feature RPM must be able to run PGP +(it must be installed and in your path), and it must be able to +find a public key ring with RPM public keys in it. By default, +RPM looks in /usr/lib/rpm for both pubring.pgp and secring.pgp +(which is used during package builds). If your key rings are not +located there you must set the following on your /etc/rpmrc + +.IP "\fBpgp_path\fP" +Replacement path for /usr/lib/rpm. Must contain your key rings. +.IP "\fBpgp_pubring\fP" +The full path to your public key ring. +.IP "\fBpgp_secring\fP" +The full path to your public key ring. +.PP +The bare minimum you need to do to get PGP singature checking working +is install PGP and run the following: + +.nf +mkdir -p /usr/lib/rpm +cd /usr/lib/rpm +cp /mnt/crom/RPM-PGP-KEY . +touch config.txt +pgp -ka RPM-PGP-KEY pubring.pgp +.fi + +You should then be able to check the signatures of packages produced +by Red Hat Software using pgp \-K. + +If you want to be able to sign packages you create yourself, you also +need to create your own public and secret key pair (see the PGP manual). +In addition to the above /etc/rpmrc entries, you should add the following: + +.IP "\fBsignature\fP" +The signature type. Right now only pgp is supported. +.IP "\fBpgp_name\fP" +The name of the "user" whose key you wish to use to sign your packages. +.PP + +When building packages you then add \-\-sign to the command line. +You will be prompted for your pass phrase, and your package will +be built and signed. + + .SH FILES .nf /etc/rpmrc -- 2.7.4