Validating rpm signatures, Checking which public keys are installed, Validate the signature on an rpm – HP Systems Insight Manager User Manual
Page 173: How to check rpm signatures within the sysmgmt.bin
HP has a well defined process when a security defect is found that culminates with the publication
of a security bulletin. The security bulletin provides you with a high level description of the problem
and explains how to mitigate the security defect.
Procedure 46 Subscribing to security bulletins
1.
Open a browser to the HP home page:
2.
Click the Support & Drivers tab.
3.
Click Sign up: driver, support, & security alerts, which appears under Additional Resources
in the right navigation pane.
4.
Select Business & IT Professionals to open the Subscriber's Choice web page.
5.
Do one of the following:
•
Sign in if you are a registered customer.
•
Enter your email address to sign-up now. Select Driver and Support alerts and click
Continue.
Validating RPM signatures
The RPMs for HP SIM for Linux are digitally signed with HP's official private key. You can use the
rpm-hpPublicKey.pub
provided with the HP SIM's Linux distribution or go to the official HP
website to download HP's public code signing key.
Checking which public keys are installed
Check which public keys are installed on your system with the following command:
# rpm -q grep-pubkey
Where grep-pubkey finds all the public keys installed on the system.
Alternatively, you can use the rpm -qi command to show more details about the certificates.
The following procedure installs HP's code signing public key.
# rpm --import rpm-hpPublicKey.pub
Validate the signature on an RPM
Use the rpm -checksig" command to validate and verify the digital signature of an RPM. The
output from the command indicates whether or not the RPM is correctly signed, as shown in the
example below:
# rpm --checksig
How to check RPM signatures within the sysmgmt.bin
To check RPM signatures in the sysmgmt.bin before installing HP SIM, complete the following
procedure:
chmod u+x sysmgmt.bin
./sysmgmt.bin --keep --confirm
(and type y to extract the archive and n to execute
./mxbundle.server.postinstall)
This creates a temporary directory. For example, makeself-32350-20091024210345, is where
the HP SIM RPMs will be located. You can use the rpm --checksig command to verify the HP
signature of the RPMs. After verifying the RPM, enter ./sysmgmt.bin to install HP SIM.
If you install HP SIM sysmgmt.bin without installing the HP public key, you will receive the
following warning:
Installing hpsim* ...
warning: hpsim-C.06.00.00.00.%20091027-1.i386.rpm: V3 DSA signature: NOKEY, key ID 2689b887
Validating RPM signatures
173