Equivalent of `rpm -K` using `apt`
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
add a comment |
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?
– kemotep
Mar 14 at 11:05
I don't have a.deb
only anrpm
. I could usealien
to convert it into a.deb
though. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al.
– tsujp
Mar 15 at 2:54
Well that's part of the problem. You did not mention that you were usingalien
. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between thedeb
andrpm
anyway. As user Stephen Kitt points out, if the maintainers of the package did not usedebsig-verify
for thedeb
version of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you.
– kemotep
Mar 15 at 10:45
add a comment |
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
debian rhel apt rpm gpg
edited Mar 14 at 14:11
Stephen Kitt
181k25414493
181k25414493
asked Mar 14 at 9:57
tsujptsujp
325211
325211
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?
– kemotep
Mar 14 at 11:05
I don't have a.deb
only anrpm
. I could usealien
to convert it into a.deb
though. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al.
– tsujp
Mar 15 at 2:54
Well that's part of the problem. You did not mention that you were usingalien
. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between thedeb
andrpm
anyway. As user Stephen Kitt points out, if the maintainers of the package did not usedebsig-verify
for thedeb
version of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you.
– kemotep
Mar 15 at 10:45
add a comment |
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?
– kemotep
Mar 14 at 11:05
I don't have a.deb
only anrpm
. I could usealien
to convert it into a.deb
though. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al.
– tsujp
Mar 15 at 2:54
Well that's part of the problem. You did not mention that you were usingalien
. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between thedeb
andrpm
anyway. As user Stephen Kitt points out, if the maintainers of the package did not usedebsig-verify
for thedeb
version of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you.
– kemotep
Mar 15 at 10:45
4
4
dpkg
is the equivalent to rpm
not apt
. Do have a .deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?– kemotep
Mar 14 at 11:05
dpkg
is the equivalent to rpm
not apt
. Do have a .deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?– kemotep
Mar 14 at 11:05
I don't have a
.deb
only an rpm
. I could use alien
to convert it into a .deb
though. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al.– tsujp
Mar 15 at 2:54
I don't have a
.deb
only an rpm
. I could use alien
to convert it into a .deb
though. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al.– tsujp
Mar 15 at 2:54
Well that's part of the problem. You did not mention that you were using
alien
. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between the deb
and rpm
anyway. As user Stephen Kitt points out, if the maintainers of the package did not use debsig-verify
for the deb
version of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you.– kemotep
Mar 15 at 10:45
Well that's part of the problem. You did not mention that you were using
alien
. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between the deb
and rpm
anyway. As user Stephen Kitt points out, if the maintainers of the package did not use debsig-verify
for the deb
version of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you.– kemotep
Mar 15 at 10:45
add a comment |
1 Answer
1
active
oldest
votes
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506251%2fequivalent-of-rpm-k-using-apt%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
add a comment |
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
add a comment |
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
edited Mar 14 at 11:22
answered Mar 14 at 11:16
Stephen KittStephen Kitt
181k25414493
181k25414493
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506251%2fequivalent-of-rpm-k-using-apt%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?– kemotep
Mar 14 at 11:05
I don't have a
.deb
only anrpm
. I could usealien
to convert it into a.deb
though. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al.– tsujp
Mar 15 at 2:54
Well that's part of the problem. You did not mention that you were using
alien
. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between thedeb
andrpm
anyway. As user Stephen Kitt points out, if the maintainers of the package did not usedebsig-verify
for thedeb
version of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you.– kemotep
Mar 15 at 10:45