rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
To display a list of all keys installed for RPM verification, execute the command:
rpm -qa gpg-pubkey*
For the Red Hat key, the output includes:
gpg-pubkey-37017186-45761324
To display details about a specific key, use rpm -qi followed by the output from the previous
command:
rpm -qi gpg-pubkey-37017186-45761324
10.3.2. Verifying Signature of Packages
To check the GnuPG signature of an RPM file after importing the builder's GnuPG key, use the
following command (replace <rpm-file> with the filename of the RPM package):
rpm -K <rpm-file>
If all goes well, the following message is displayed: md5 gpg OK. This means that the signature of the
package has been verified, and that it is not corrupt.
10.4. Practical and Common Examples of RPM Usage
RPM is a useful tool for both managing your system and diagnosing and fixing problems. The best
way to make sense of all of its options is to look at some examples.
• Perhaps you have deleted some files by accident, but you are not sure what you deleted. To verify
your entire system and see what might be missing, you could try the following command:
rpm -Va
If some files are missing or appear to have been corrupted, you should probably either re-install the
package or uninstall and then re-install the package.
• At some point, you might see a file that you do not recognize. To find out which package owns it,
enter:
rpm -qf /usr/bin/ggv
The output would look like the following:
ggv-2.6.0-2
Verifying Signature of Packages
129