Topic: [SOLVED] - Verify repository (remirepo) with GPG
Hi all,
I need to perform a fresh install of remi-release-7.rpm (available on [repo]https://rpms.remirepo.net) on a new virtual machine but the admin sys requires the file to be checked before installation.
Problem : I am not very comfortable with GPG.
I retrieved the public key provided ([repo]/RPM-GPG-KEY-remi) and save it in a remi.gpg file.
I imported it with the following command :
gpg --import remi.gpg
If I check the fingerprint (gpg --with-fingerprint remi.gpg) the fingerprint matches with that provided in [repo]/KEYS.txt
I downloaded the .rpm file and now I would like to verify it.
What are the correct steps ?
The manual says the first parameter of --verify option must be a sig file, but no sig file is provided in the website (remirepo). Or what am I not understanding ?
Thanks in advance for your help.
Best regards,