Equivalent of `rpm -K` using `apt`












8















What is the apt equivalent of rpm -K *.rpm, where -K is defined as verifying the signature of the repository in man rpm and in Maximum RPM?



Example of a situation:



sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm









share|improve this question




















  • 4





    dpkg is the equivalent to rpm not apt. Do have a .deb you wish to install but want to verify the integrity of or are you installing something from your repositories?

    – kemotep
    13 hours ago
















8















What is the apt equivalent of rpm -K *.rpm, where -K is defined as verifying the signature of the repository in man rpm and in Maximum RPM?



Example of a situation:



sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm









share|improve this question




















  • 4





    dpkg is the equivalent to rpm not apt. Do have a .deb you wish to install but want to verify the integrity of or are you installing something from your repositories?

    – kemotep
    13 hours ago














8












8








8








What is the apt equivalent of rpm -K *.rpm, where -K is defined as verifying the signature of the repository in man rpm and in Maximum RPM?



Example of a situation:



sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm









share|improve this question
















What is the apt equivalent of rpm -K *.rpm, where -K is defined as verifying the signature of the repository in man rpm and in Maximum RPM?



Example of a situation:



sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm






debian rhel apt rpm gpg






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 9 hours ago









Stephen Kitt

175k24401479




175k24401479










asked 14 hours ago









tsujptsujp

25829




25829








  • 4





    dpkg is the equivalent to rpm not apt. Do have a .deb you wish to install but want to verify the integrity of or are you installing something from your repositories?

    – kemotep
    13 hours ago














  • 4





    dpkg is the equivalent to rpm not apt. Do have a .deb you wish to install but want to verify the integrity of or are you installing something from your repositories?

    – kemotep
    13 hours ago








4




4





dpkg is the equivalent to rpm not apt. Do have a .deb you wish to install but want to verify the integrity of or are you installing something from your repositories?

– kemotep
13 hours ago





dpkg is the equivalent to rpm not apt. Do have a .deb you wish to install but want to verify the integrity of or are you installing something from your repositories?

– kemotep
13 hours ago










1 Answer
1






active

oldest

votes


















7














The equivalent is debsig-verify, which verifies embedded signatures in .deb packages using locally-stored keys and policies.



Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506251%2fequivalent-of-rpm-k-using-apt%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    7














    The equivalent is debsig-verify, which verifies embedded signatures in .deb packages using locally-stored keys and policies.



    Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.






    share|improve this answer






























      7














      The equivalent is debsig-verify, which verifies embedded signatures in .deb packages using locally-stored keys and policies.



      Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.






      share|improve this answer




























        7












        7








        7







        The equivalent is debsig-verify, which verifies embedded signatures in .deb packages using locally-stored keys and policies.



        Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.






        share|improve this answer















        The equivalent is debsig-verify, which verifies embedded signatures in .deb packages using locally-stored keys and policies.



        Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 12 hours ago

























        answered 12 hours ago









        Stephen KittStephen Kitt

        175k24401479




        175k24401479






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506251%2fequivalent-of-rpm-k-using-apt%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            數位音樂下載

            When can things happen in Etherscan, such as the picture below?

            格利澤436b