35.3 Verifying Samba s PGP Signature


35.3 Verifying Samba's PGP Signature

It is strongly recommended that you verify the PGP signature for any source file before installing it. Even if you're not downloading from a mirror site, verifying PGP signatures should be a standard reflex. Many people today use the GNU GPG toolset in place of PGP. GPG can substitute for PGP.

With that said, go ahead and download the following files:

 
 $ wget http://us1.samba.org/samba/ftp/samba-2.2.8a.tar.asc $ wget http://us1.samba.org/samba/ftp/samba-pubkey.asc 

The first file is the PGP signature for the Samba source file; the other is the Samba public PGP key itself. Import the public PGP key with:

 
 $ gpg --import samba-pubkey.asc 

and verify the Samba source code integrity with:

 
 $ gzip -d samba-2.2.8a.tar.gz $ gpg --verify samba-2.2.8a.tar.asc 

If you receive a message like, " Good signature from Samba Distribution Verification Key... " then all is well. The warnings about trust relationships can be ignored. An example of what you would not want to see would be:

 
 gpg: BAD signature from Samba Distribution Verification Key 


Official Samba-3 HOWTO and Reference Guide
The Official Samba-3 HOWTO and Reference Guide, 2nd Edition
ISBN: 0131882228
EAN: 2147483647
Year: 2005
Pages: 297

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net