Ask Your Question
0

how to verify a file downloaded from http://dl.fedoraproject.org/pub/epel?

asked 2017-01-26 16:53:54 -0600

I downloaded pymongo-2.1.1-1.el6.x86 64.rpm from http://dl.fedoraproject.org/pub/epel/...64/. My boss (who is very security focused) won't let me install it until I've verified the file has not been hacked. I know how to get the md5 checksum for the file but I can't find any info listed on that site stating what this md5 checksum should be.

Where are the md5 checksums listed? Or just to backup a bit, should I be using another approach to the verification?

thanks

kyle smith

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-01-26 22:48:32 -0600

masteroman gravatar image

Why don't you just enable epel repository on your distribution? Since you've mentioned el6 package I assume you're trying to enable it on CentOS 6 or RHEL 6 machine?

You just install repository with:

yum install epel-release.noarch

And then install package by issuing

yum install pymongo

It will ask you to import GPG key first time you install something from that repository, and that is how it verifies that package hasn't been tampered with.

edit flag offensive delete link more

Comments

Boss says no external repos allowed.

kysmith0 gravatar imagekysmith0 ( 2017-01-27 11:27:29 -0600 )edit

And packages installed outside of repositories that are then never updated are OK? A bit weird I have to say... Without using repositories you're basically limiting yourself to manually checking for updates and updating that package manually. When you have multiple packages that quickly becomes a headache. This is exactly the reason why you might consider using repository. And it isn't that epel is some sort of random, non-trusted, external repository. Heck, you can enable it from official repositories ;-)

masteroman gravatar imagemasteroman ( 2017-01-27 15:32:18 -0600 )edit

Thanks for your input. I'm still hoping to find a way to verify this package.

kysmith0 gravatar imagekysmith0 ( 2017-01-31 17:08:13 -0600 )edit

Question Tools

1 follower

Stats

Asked: 2017-01-26 16:33:00 -0600

Seen: 124 times

Last updated: Jan 26 '17