Validating rpm signatures, Checking which public keys are installed, Validate the signature on an rpm – HP Systems Insight Manager User Manual

Page 125: How to check rpm signatures within the sysmgmt.bin

Advertising
background image

HP has a well defined process when a security defect is found that culminates with the publication of a
security bulletin. The security bulletin provides you with a high level description of the problem and explains
how to mitigate the security defect.

Procedure A-4 Subscribing to security bulletins

1.

Open a browser to the HP home page:

http://www.hp.com

2.

Click the Support & Drivers tab.

3.

Click Sign up: driver, support, & security alerts, which appears under Additional Resources in the right
navigation pane.

4.

Select Business & IT Professionals to open the Subscriber's Choice web page.

5.

Do one of the following:

Sign in if you are a registered customer.

Enter your email address to sign-up now. Select Driver and Support alerts and click Continue.

Validating RPM signatures

The RPMs for Systems Insight Manager for Linux are digitally signed with HP's official private key. You can
use the rpm-hpPublicKey.pub provided with the Systems Insight Manager's Linux distribution or go to
the official HP website to download HP's public code signing key.

Checking which public keys are installed

Check which public keys are installed on your system with the following command:

# rpm -q gpg-pubkey

Where gpg-pubkey finds all the public keys installed on the system.

Alternatively, you can use the rpm -qi command to show more details about the certificates.

The following procedure installs HP’s code signing public key.

# rpm --import rpm-hpPublicKey.pub

Validate the signature on an RPM

Use the rpm –-checksig command to validate and verify the digital signature of an RPM. The output from
the command indicates whether or not the RPM is correctly signed, as shown in the example below:

# rpm - -checksig <hpsimrpm>

How to check RPM signatures within the sysmgmt.bin

To check RPM signatures in the sysmgmt.bin before installing Systems Insight Manager, complete the
following procedure:

chmod +x sysmgmt.bin
./sysmgmt.bin --keep --confirm
(and type “y” to extract the archive and “n” to execute
./mxbundle.server.postinstall)

This creates a temporary directory. For example, makeself-32350-20091024210345, is where the
Systems Insight Manager RPMs will be located. You can use the rpm --checksig command to verify the
HP signature of the RPMs. After verifying the RPM, enter ./sysmgmt.bin to install Systems Insight Manager.

If you install Systems Insight Manager sysmgmt.bin without installing the HP public key, you will receive
the following warning:

Installing hpsim* ...

warning: hpsim-C.06.00.00.00.%20091027-1.i386.rpm: V3 DSA signature: NOKEY, key ID 2689b887

Validating RPM signatures

125

Advertising
Popular Brands
Popular manuals