4.0 Verifying the RPM Package Signatures

All RPM packages on the Novell ZENworks 7.3 Linux Management and Novell ZENworks 7.3 Linux Management with Interim Release 1 media are signed by Novell. To ensure that the RPM packages have not been tampered with, you can verify the RPM package signatures.

  1. At the Linux machine, mount the product media of the ZENworks Linux Management version you want to install by using the mount device mountpoint command.

    For example, to install ZENworks 7.3 Linux Management, mount the product media by using mount /dev/cdrom /zlm73.

    If you are using an ISO image rather than a physical media, copy the ISO to a temporary folder on the Linux machine, then mount the image by using the following command: mount -o loop /tempfolderpath/isoimagename.iso mountpoint

    Replace tempfolderpath with the path to the temporary folder and replace mountpoint with the path to the file system location you want to mount the image. The path specified by mountpoint must already exist.

    For example:

    mount -o loop /zlm73/ZEN73_LinuxMgmt.iso /zlm73/install

  2. At the command line, change to the mount point.

  3. Import the public key by using the following command:

    rpm --import ./zlm73-publickey

  4. Verify the RPM packages by using the following command:

    rpm -K RPM_file

    For example:

    rpm -K mount_point/data/packages/zlm7de-runtime-deps/sles-9-x86_64/novell-zenworks-server-7.3.0-0.x86_64.rpm

    Rather than verifying packages individually, you can use the following script to verify all of the RPM packages on the media:

    for i in ’find mount_point/data/packages -name *.rpm’ ;
    do rpm -K $i ;
    done