After downloading the packages, please verify the integrity of the downloaded package using the following procedure:
Signature Verification for RPMs
This procedure must be performed before installation. Verification of RPM packages requires GnuPG package on the system.
- Download the Zmanda public key and save it as Zmanda-dsa-rpmsig.pubkey
- Import the Zmanda public key into your personal public GPG keyring.
$ gpg --import Zmanda-dsa-rpmsig.pubkey
- Ensure that the Zmanda key was properly installed:
$ gpg --list-keys
pub 1024D/3C5D1C92 2005-11-29
uid www.zmanda.com (Please see www.zmanda.com)
- If you are using RPM 4.1 or later, Zmanda public key has to be imported into RPM keyring.
# rpm --import Zmanda-dsa-rpmsig.pubkey
- Now rpm can check the signatures of RPMs. For example:
$ rpm --checksig amanda-2.5.2-1.src.rpm
amanda-2.5.2-1.src.rpm: (sha1) dsa sha1 md5 gpg OK
Verification for Tar ball, Debian and Microsoft installer packages
This procedure must be performed before installation.
- Compute MD5 checksum of the downloaded package. For example:
$ md5sum amanda-2.5.2.tar.gz
- Verify that the checksum (the string of hexadecimal digits) matches the one displayed on the download page for the package.