On 06/22/16 13:15, Samuel Sieb wrote:
On 06/21/2016 10:04 PM, Antonio M wrote:
> a silly question, how do you understand that a package is signed in any
> repo?? apart from the warning of dnf, of course....
>
That would be the primary way. Otherwise, if you have rpmdevtools installed, you can
download the rpm and run rpmdev-checksig on it. That's what I used to check some
rpms
from rpmfusion to determine that they aren't signed.
Or you could run rpm -K rpmfile
This shows the output of a signed rpm
[root@meimei ~]# rpm -K aime-8.20160504-1.fc23.x86_64.rpm
aime-8.20160504-1.fc23.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
This shows the output of a non-signed rpm
[egreshko@acer ~]$ rpm -K libmpg123-1.22.4-1.fc24.x86_64.rpm
libmpg123-1.22.4-1.fc24.x86_64.rpm: sha1 md5 OK
--
You're Welcome Zachary Quinto