• Welcome to Bashguru

    Linux is one of popular version of UNIX operating System. It is open source as its source code is freely available. It is free to use. Linux was designed considering UNIX compatibility. It's functionality list is quite similar to that of UNIX and become very popular over the last several years. Our Basic motive is to provide latest information about Linux Operating system.

  • Python Programming

    Python is a comparatively simple programming language, compared to c++. Although some of the benefits of c++ are abstracted away in python, they are replaced with an overall easier to learn language with many “intuitive” features. For this reason it is common and recommended by most professionals that people new to programming start with python.

  • Perl Programming

    Perl is an open-source, general-purpose interpreted programming language. Used often for CGI, Perl is also used for graphics programming, system administration, network programming, finance, bioinformatics, and other applications. The Perl languages borrow features from other programming languages including C, shell scripting (sh), AWK, and sed. They provide powerful text processing facilities without the arbitrary data-length limits of many contemporary UNIX command line tools, facilitating easy manipulation of text files.

  • Android

    Android is an operating system based on the Linux kernel, and designed primarily for touch screen mobile devices such as smart phones and tablet computers. Android is a Linux-based software system, and similar to Linux, is free and open source software. This means that other companies can use the Android operating developed by Google and use it in their mobile devices.Android gives you a world-class platform for creating apps and games for Android users everywhere, as well as an open marketplace for distributing to them instantly.

Friday, October 7, 2011

Posted by venu k
63 comments | 12:21 PM

Note: All the commands tested on CentOs 5.x. Your output may be vary depending
on distribution and version, so your results may not always look exactly like
the listings and figures shown here. Almost all everything works well on

Why to check signature of an rpm:

The signature confirms that the package was signed by an authorized party and also confirm the integrity and origin of your file. It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages.

Checking a package's Signature:

The --checksig(or -K) option checks all the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package. Note that signatures are now verified whenever a package is read, and --checksig is useful to verify all of the digests and signatures associated with a package. If you wish to verify that a package has not been corrupted or tampered with, examine only the md5sum by typing the following command at a shell prompt (where <rpm-file> is the file name of the RPM package): rpm -K --nosignature <rpm-file> The message <rpm-file>: md5 OK is displayed. This brief message means that the file was not corrupted by the download. To see a more verbose message, replace -K with -Kvv in the command. For demonstration purpose I downloaded createrepo package from CentOs mirror and used in examples.
[root@localhost ~]# rpm -K --nosignature createrepo-0.4.11-3.el5.noarch.rpm
createrepo-0.4.11-3.el5.noarch.rpm: sha1 md5 OK
On the other hand, how trustworthy is the developer who created the package? If the package is signed with the developer's GnuPG key,you know that the developer really is who they say they are. An RPM package can be signed using Gnu Privacy Guard (or GnuPG), to help you make certain your downloaded package is trustworthy. GnuPG is a tool for secure communication; it is a complete and free replacement for the encryption technol- ogy of PGP, an electronic privacy program. With GnuPG, you can authenticate the validity of documents and encrypt/decrypt data to and from other recipients. GnuPG is capable of decrypting and verifying PGP 5.x files as well. During installation,GnuPG is installed by default. That way you can immediately start using GnuPG to verify any packages that you receive from CentOs(RHEL/Fedor a). Before doing so, you must first import CentOs's public key. If you not impo- rted correct public key, you will get following error message.
[root@localhost ~]# rpm -K createrepo-0.4.11-3.el5.noarch.rpm
createrepo-0.4.11-3.el5.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING
KEYS: GPG#e8562897)
Here the GPG in parentheses indicates that there's a problem with the signature, and the message at the end of the line (MISSING KEYS) shows what the problem is. Basically, RPM asked GPG to verify the package against a key(GPG#e8562897) that GPG didn't have, and GPG complained. It means you missed the correct public key.

How to import public keys:

Digital signatures cannot be verified without a public key. An ascii armored public key can be added to the rpm database using --import. An imported public key is carried in a header, and key ring management is performed exactly like package management. For example, all currently imported public keys can be displayed by: rpm -qa gpg-pubkey* To verify CentOs (RHEL/Fedora) packages, you must import the CentOs(RHEL/Fedora) GPG key. To do so, execute the following command at a shell prompt:
[root@localhost ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
This will create duplicate copies if one already exists. To display a list of all keys installed for RPM verification,execute the command
[root@localhost ~]# rpm -qa gpg-pubkey*
or RPM has the capacity to retrieve the key from a Mirror:
[root@ ~]# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5
[root@ ~]# rpm -qa gpg-pubkey*
Note: Depending on distribution and version, you have to change mirror link.
OK, public key imported, now check signature of the createrepo rpm.
[root@localhost ~]# rpm -K createrepo-0.4.11-3.el5.noarch.rpm
createrepo-0.4.11-3.el5.noarch.rpm: (sha1) dsa sha1 md5 gpg OK
This means that the signature of the package has been verified, and that it is not corrupted. If you want to know public key builder's name , execute the command:
[root@~]# rpm -qa gpg-pubkey\* --qf "%{name}-%{version}-%{release}-%{summary}\n"
gpg-pubkey-e8562897-459f07a4-gpg(CentOS-5 Key (CentOS 5 Official Signing Key)
gpg-pubkey-e8562897-459f07a4-gpg(CentOS-5 Key (CentOS 5 Official Signing Key)
gpg-pubkey-2689b887-42315a9a-gpg(Hewlett-Packard Company (HP Codesigning Service
Note: For showing difference I imported HP GPG key.
If you're the curious type and you want to know more information about imported GPG key, use the following command. rpm -qi <gpg-pubkey>
[root@localhost data]# rpm -qi gpg-pubkey-e8562897-459f07a4
Name : gpg-pubkey Relocations: (not relocatable)
Version : e8562897 Vendor: (none)
Release : 459f07a4 Build Date: Fri 07 Oct 2011 05:53:03 PM IST
Install Date: Fri 07 Oct 2011 05:53:03 PM IST Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(CentOS-5 Key (CentOS 5 Official Signing Key) <centos-5-key@
Description :
Version: rpm- (NSS-3)
You can view above PGP public key block directly by: vi /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 Depending on distribution, change file path.


  1. Hello,

    Thank you, good article but your page formatting is a mess.

  2. thanks for sharing

  3. Easy to observe all given information,it's very helpful in my studies.I hope this type of information.these information was more effective content.
    php training in chennai

  4. This post great guide me and also tell us how to run a program thanks for share it sop format for mba .

  5. I have read your blog its very attractive and impressive. I like it your blog.

    Java Training in Chennai Core Java Training in Chennai Core Java Training in Chennai

    Java Online Training Java Online Training Core Java 8 Training in Chennai Java 8 Training in Chennai JavaEE Training in Chennai JavaEE Training in Chennai

  6. I am very grateful to you for posting this publication and I would want to post something, which might be interesting for you too. custom writing service Enjoy reading!

  7. Happy Wheels: With a slightly different twist you will get a real sensation of the accident. It can happen to everyone, including you. You will be given a real picture of how accidents can occur and lead to bone fractures, loss of consciousness, and death.
    happy wheels demo


  8. APK OI: Download the latest free software, apps , games for Android.

  9. Great post. I was checking continuously this blog and I am impressed!
    Very useful info specifically the last part :) I care for such info much.
    I was looking for this certain information for a very long time.
    Thank you and best of luck word cookies answers | word cookies game | word cookies game answers | hotmail email login | hotmail account login

  10. Inspiring writings and I greatly admired what you have to say , I hope you continue to provide new ideas for us all and greetings success always for you..Keep update more information..
    Python Training in Chennai

  11. Thank your site! information your share is useful to me!
    - trump twitter

  12. This is so fun! What a great idea. Also I love how authentic you seem to be. Your style and passion for blogging is contagious. Thank you for sharing your life!

  13. Thank for your post! It is easy to understand, detailed and meticulous! I have had a lot of harvest after watching this article from you! I feel it interesting, your post gave me a new perspective! I have read many other articles about the same topic, but your article convinced me! I hope you continue to have high quality articles like this to share with veryone!
    slither io

  14. The article is very good, I like it very much.Here I learned a lot, then I will pay more attention to you.I am impressed by the quality of information on this website .
    abcya | brainpop

  15. That's a good style, friend! Try yourself as a creative writer.You can definitely earn something!

  16. Thank for your post. It's very helpful. By the way, follow my website to get tips about

  17. Very Interesting and wonderfull information keep sharing
    wifi hack pro apk


  18. Great post. I was checking constantly this blog and I'm impressed! Extremely helpful info particularly the last part :) I care for such information a lot. I was looking for this certain information for a long time. Thank you and best of luck. gmail.com login

  19. That's a good style, friend! Try yourself as a creative writer.You can definitely earn something!

  20. Great pleasure that I can read this blog.

  21. Great article, really very helpful content you made. Thank you, keep sharing.

    Best Mobility Services | Austere Technology Solutions

  22. You wrote it very well, it is very nice to read this.

  23. wow...nice blog, very helpful information. Thanks for sharing.

    Best Cloud Services | Austere Technology Solutions

  24. Good article and knowledge for me! I found a lot of information here! This article is really good for all newbie here. Thank you for sharing with us!

  25. AvriqPrinter RepairPrinter InstalltionWifi trouble shooting
    Software InstalltionI have just found this website while searching over the internet, you have posted valuable information which i like reading.
    Virus removal

  26. This is exactly what I need to find. Thank you so much!!
    gmail account login

  27. This article is very much helpful and i hope this will be an useful information for the needed one.Keep on updating these kinds of informative things...

    Embedded System training in Chennai | Embedded system training institute in chennai | PLC Training institute in chennai | IEEE final year projects in chennai | VLSI training institute in chennai

  28. Wow...Excellent informative blog, really helpful. Thank you.

    Best CMA Training in hyd | ISFS

  29. Great Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end.
    Selenium Training in Bangalore | Selenium Training in Bangalore | Selenium Training in Bangalore | Selenium Training in Bangalore

  30. Hey friends if you want best amazing adventures game then must try roblox robux its best

  31. It is really a great and useful piece of info. I’m glad that you shared this helpful info with us. Thanks for sharing such nice article, keep on updating.

    Spark Training in Chennai
    Spark with Scala Training in Chennai

  32. Selenium is one of the most popular automated testing tool used to automate various types of applications. Selenium is a package of several testing tools designed in a way for to support and encourage automation testing of functional aspects of web-based applications and a wide range of browsers and platforms and for the same reason, it is referred to as a Suite.

    Selenium Interview Questions and Answers
    Javascript Interview Questions
    Human Resource (HR) Interview Questions

  33. Your article gives lots of information to me. Thanks for sharing.
    acca course in hyderabad | ISFS