Signature Checking Using
GnuPG
52
1 new user ID
gpg: key 5072E1F5: "MySQL Release Engineering <[email protected]>"
53 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new user IDs: 1
gpg: new signatures: 53
If you want to import the key into your RPM configuration to validate RPM install packages, you should
be able to import the key directly:
shell>
rpm --import mysql_pubkey.asc
If you experience problems or require RPM specific information, see
Section 2.6.4, “Signature
Checking Using
RPM
”
.
After you have downloaded and imported the public build key, download your desired MySQL package
and the corresponding signature, which also is available from the download page. The signature file
has the same name as the distribution file with an
.asc
extension, as shown by the examples in the
following table.
Table 2.1. MySQL Package and Signature Files for Source files
File Type
File Name
Distribution file
mysql-standard-5.0.96-linux-i686.tar.gz
Signature file
mysql-standard-5.0.96-linux-i686.tar.gz.asc
Make sure that both files are stored in the same directory and then run the following command to verify
the signature for the distribution file:
shell>
gpg --verify package_name.asc
If the downloaded package is valid, you will see a "Good signature" similar to:
shell>
gpg --verify mysql-standard-5.0.96-linux-i686.tar.gz.asc
gpg: Signature made Tue 01 Feb 2011 02:38:30 AM CST using DSA key ID 5072E1F5
gpg: Good signature from "MySQL Release Engineering <[email protected]>"
The
Good signature
message indicates that the file signature is valid, when compared to the
signature listed on our site. But you might also see warnings, like so:
shell>
gpg --verify mysql-standard-5.0.96-linux-i686.tar.gz.asc
gpg: Signature made Wed 23 Jan 2013 02:25:45 AM PST using DSA key ID 5072E1F5
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "MySQL Release Engineering <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A4A9 4068 76FC BD3C 4567 70C8 8C71 8D3B 5072 E1F5
That is normal, as they depend on your setup and configuration. Here are explanations for these
warnings:
• gpg: no ultimately trusted keys found: This means that the specific key is not "ultimately trusted" by
you or your web of trust, which is okay for the purposes of verifying file signatures.
• WARNING: This key is not certified with a trusted signature! There is no indication that the signature
belongs to the owner.: This refers to your level of trust in your belief that you possess our real public
key. This is a personal decision. Ideally, a MySQL developer would hand you the key in person,
but more commonly, you downloaded it. Was the download tampered with? Probably not, but this
decision is up to you. Setting up a web of trust is one method for trusting them.
See the GPG documentation for more information on how to work with public keys.
Summary of Contents for 5.0
Page 1: ...MySQL 5 0 Reference Manual ...
Page 18: ...xviii ...
Page 60: ...40 ...
Page 396: ...376 ...
Page 578: ...558 ...
Page 636: ...616 ...
Page 844: ...824 ...
Page 1234: ...1214 ...
Page 1427: ...MySQL Proxy Scripting 1407 ...
Page 1734: ...1714 ...
Page 1752: ...1732 ...
Page 1783: ...Configuring Connector ODBC 1763 ...
Page 1793: ...Connector ODBC Examples 1773 ...
Page 1839: ...Connector Net Installation 1819 2 You must choose the type of installation to perform ...
Page 2850: ...2830 ...
Page 2854: ...2834 ...
Page 2928: ...2908 ...
Page 3000: ...2980 ...
Page 3122: ...3102 ...
Page 3126: ...3106 ...
Page 3174: ...3154 ...
Page 3232: ...3212 ...