To verify Nokia RPM-file GPG signatures
Purpose
The following steps describe how to verify that RPM files downloaded from Nokia are GPG-signed by Nokia.
Steps
1 |
Log in as the root user on a station that has no network connection to any station in a current or proposed NFM-P deployment. |
2 |
Import the NSP GPG public key.
|
3 |
If you are performing the procedure on an NFM-P main server, import the td-agent and rockyofficial public keys.
|
4 |
Enter the following to verify that the imported GPG public key is from Nokia: # rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' ↵ Output like the following is displayed if the key is from Nokia: gpg-pubkey-version-release --> gpg(Nokia Corporation (NOKIA-RPM-GPG-KEY) <portal.support@nokia.com>) |
5 |
If the command output indicates a provider other than Nokia or other recognizable providers, contact technical support. |
6 |
Record the version and release values. |
7 |
Enter the following for each key: # rpm -qi gpg-pubkey-version-release ↵ The GPG key information is displayed; the following is the Nokia GPG public key information: Name : gpg-pubkey Version : version Release : release Architecture: (none) Install Date: date time Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : date time Build Host : localhost Relocations : (not relocatable) Packager : Nokia Corporation (NOKIA-RPM-GPG-KEY) <portal.support@nokia.com> Summary : gpg(Nokia Corporation (NOKIA-RPM-GPG-KEY) <portal.support@nokia.com>) Description : -----BEGIN PGP PUBLIC KEY BLOCK----- GSG public key information -----END PGP PUBLIC KEY BLOCK----- |
8 |
To verify an RPM-file signature using the GPG key, enter the following: # rpm -v -K RPM_file ↵ where RPM_file is the absolute path of the RPM file to check Signing information like the following is displayed. RPM_file: Header V4 RSA/SHA1 Signature, key ID key_ID: OK Header SHA1 digest: OK (SHA1_message_digest) V4 RSA/SHA1 Signature, key ID key_ID: OK MD5 digest: OK (MD5_message_digest) Signature : (none) rpm -qpi RPM_file Name : RPM-file Epoch : 0 Version : R.r.0 Release : rel.v Architecture: x86_64 Install Date: (not installed) Group : Applications/Communications Size : file_size License : YYYY, Nokia Signature : RSA/SHA1, date time, Key ID key_ID Source RPM : RPM_file Build Date : data time Build Host : hostname Relocations : (not relocatable) Packager : Nokia Vendor : Nokia URL : http://www.nokia.com Summary : content_descriptor Description : |
9 |
Review the information. The Signature output is as shown above for a signed file; for an unsigned file, the Signature output is the following: Signature : (none) |
10 |
If the key ID matches the version recorded in Step 6 for the Nokia key, and the file is signed, the file is valid; otherwise, contact technical support. |
11 |
Close the console window. End of steps |