6 verifying digital signatures (optional), 1 verifying the hp public key (optional), 2 verifying the signed rpms (optional) – HP StorageWorks Scalable File Share User Manual

3.5.6 Verifying Digital Signatures (optional)

Verifying digital signatures is an optional procedure for customers to verify that the contents of
the ISO image are supplied by HP. This procedure is not required.

Two keys can be imported on the system. One key is the HP Public Key, which is used to verify
the complete contents of the HP SFS image. The other key is imported into the rpm database to
verify the digital key signatures of the signed rpms.

3.5.6.1 Verifying the HP Public Key (optional)

To verify the digital signature of the contents of the ISO image, the HP Public Key must be
imported to the user's gpg key ring. Use the following commands to import the HP Public Key:

# cd /signatures

# gpg --import *.pub

Use the following commands to verify the digital contents of the ISO image:

# cd /

# gpg --verify Manifest.md5.sig Manifest.md5

The following is a sample output of importing the Public key:

# mkdir -p /mnt/loop

# mount -o loop "HPSFSG3-ISO_FILENAME".iso /mnt/loop/

# cd /mnt/loop/

# gpg --import /mnt/loop/signatures/*.pub

gpg: key 2689B887: public key "Hewlett-Packard Company (HP Codesigning Service)" imported
gpg: Total number processed: 1
gpg: imported: 1

And the verification of the digital signature:

# gpg --verify Manifest.md5.sig Manifest.md5

gpg: Signature made Tue 10 Feb 2009 08:51:56 AM EST using DSA key ID 2689B887
gpg: Good signature from "Hewlett-Packard Company (HP Codesigning Service)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FB41 0E68 CEDF 95D0 6681 1E95 527B C53A 2689 B887

3.5.6.2 Verifying the Signed RPMs (optional)

HP recommends importing the HP Public Key to the RPM database. Use the following command
as root to import this public key to the RPM database:

# rpm --import /signatures/*.pub

This import command should be performed by root on each system that installs signed RPM
packages.

3.6 Upgrade Installation

In some situations you may upgrade an HP SFS system running an older version of HP SFS
software to the most recent version of HP SFS software.

If you are upgrading from version 2.3, contact your HP representative for details about upgrade
support for both servers and clients.

If you are upgrading from one version of HP SFS G3 to a more recent version, follow the general
guidelines that follow.

32

Installing and Configuring HP SFS Software on Server Nodes