[tor-bugs] #5147 [Tor bundles/installation]: wrong/no signatures on FC packages
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Feb 17 08:56:40 UTC 2012
#5147: wrong/no signatures on FC packages
-----------------------------------------+----------------------------------
Reporter: qbi | Owner: erinn
Type: defect | Status: closed
Priority: major | Milestone:
Component: Tor bundles/installation | Version: Tor: unspecified
Resolution: not a bug | Keywords:
Parent: | Points:
Actualpoints: |
-----------------------------------------+----------------------------------
Changes (by erinn):
* status: new => closed
* resolution: => not a bug
Comment:
The rpm signatures are different, in the sense that rpm has its own
signing & verification mechanism that uses gpg but isn't like our normal
package signatures. It's something used internally by the rpm program. I
make those according to standard rpm packaging procedures with these
commands:
for i in *rpm; do gpg --export --armor F1F5C9B5 > $i.asc; done
for i in *rpm; do rpm --addsign $i; done
Which is a long way of saying that you don't need to manually verify the
signatures on the packages, but if you do, you should do it the rpm way.
(rpm -K foo.rpm, I think)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5147#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list