[opensuse] Are repositories files signed ?
Are repositories files signed ? I mean, if I mirror one official repository here, and someone change one rpm file, will zypper complain about ? -- (o_ //\ Dsant, from Lyon, France V_/_ forum@votreservice.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014-04-07 15:15, Dsant wrote:
Are repositories files signed ? I mean, if I mirror one official repository here, and someone change one rpm file, will zypper complain about ?
AFAIK, yes. The rpm signature itself is not currently checked, I understand, but the metadata of the repo contains checksums of each file, and the metadata files are signed. That's how the public mirror infrastructure is verified... no different than your private mirror. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlNCrBYACgkQja8UbcUWM1zNiAEAgTsFNVPYzEsovtQNnDoqTY2f 4g+Qwa4o/LSgmHyQsGwBAI0MXh/qa3XehQtxQKE22UR4PHG7J8qrx7dWW7RcMQSY =b6dr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 07/04/14 10:15, Dsant escribió:
Are repositories files signed ?
Yes.
I mean, if I mirror one official repository here, and someone change one rpm file, will zypper complain about ?
Zypper will not install corrupted packages. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Carlos E. R.
-
Cristian Rodríguez
-
Dsant