Equivalent of `rpm -K` using `apt`
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
add a comment |
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?
– kemotep
13 hours ago
add a comment |
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
What is the apt
equivalent of rpm -K *.rpm
, where -K
is defined as verifying the signature of the repository in man rpm
and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
debian rhel apt rpm gpg
debian rhel apt rpm gpg
edited 9 hours ago
Stephen Kitt
175k24401479
175k24401479
asked 14 hours ago
tsujptsujp
25829
25829
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?
– kemotep
13 hours ago
add a comment |
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?
– kemotep
13 hours ago
4
4
dpkg
is the equivalent to rpm
not apt
. Do have a .deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?– kemotep
13 hours ago
dpkg
is the equivalent to rpm
not apt
. Do have a .deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?– kemotep
13 hours ago
add a comment |
1 Answer
1
active
oldest
votes
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506251%2fequivalent-of-rpm-k-using-apt%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
add a comment |
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
add a comment |
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
The equivalent is debsig-verify
, which verifies embedded signatures in .deb
packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt
will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
edited 12 hours ago
answered 12 hours ago
Stephen KittStephen Kitt
175k24401479
175k24401479
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506251%2fequivalent-of-rpm-k-using-apt%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
dpkg
is the equivalent torpm
notapt
. Do have a.deb
you wish to install but want to verify the integrity of or are you installing something from your repositories?– kemotep
13 hours ago