Package Verification

After downloading the packages, please verify the integrity of the downloaded package using the following procedure:

Signature Verification for RPMs

This procedure must be performed before installation. Verification of RPM packages requires GnuPG package on the system.

  1. Download the Zmanda public key and save it as Zmanda-dsa-rpmsig.pubkey
  2. Import the Zmanda public key into your personal public GPG keyring.
    $ gpg --import Zmanda-dsa-rpmsig.pubkey
  3. Ensure that the Zmanda key was properly installed:
    $ gpg --list-keys
    /home/<user name>/.gnupg/pubring.gpg
    pub 1024D/3C5D1C92 2005-11-29
    uid (Please see
  4. If you are using RPM 4.1 or later, Zmanda public key has to be imported into RPM keyring.
    # rpm --import Zmanda-dsa-rpmsig.pubkey
  5. Now rpm can check the signatures of RPMs. For example:
    $ rpm --checksig amanda-2.5.2-1.src.rpm
    amanda-2.5.2-1.src.rpm: (sha1) dsa sha1 md5 gpg OK

Verification for Tar ball, Debian and Microsoft installer packages

This procedure must be performed before installation.

  1. Compute MD5 checksum of the downloaded package. For example:
    $ md5sum amanda-2.5.2.tar.gz
  2. Verify that the checksum (the string of hexadecimal digits) matches the one displayed on the download page for the package.

If the package integrity verification fails, please try downloading the package again. Please report the incident to

info At Zmanda

Feedback form