Tuesday, February 5, 2013

Verify developers' LibreOffice by GPG

To know if the file for installing developers' LibreOffice is corrupt, I used gpg. I downloaded the developers' version of LibreOffice (This is not for general users! This is not for production either!).

The commands below helped me to check the integrity of that file before installing LibreOffice.

$ gpg --verify LibreOffice_4.0.0.3_Linux_x86_deb.tar.gz.asc LibreOffice_4.0.0.3_Linux_x86_deb.tar.gz
gpg: Signature made Thu 31 Jan 2013 02:43:50 PM HKT using RSA key ID AFEEAEA3
gpg: Can't check signature: public key not found




$ gpg --keyserver hkp://keys.gnupg.net --recv-keys AFEEAEA3
gpg: requesting key AFEEAEA3 from hkp server keys.gnupg.net
gpg: key AFEEAEA3: public key "LibreOffice Build Team (CODE SIGNING KEY) " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)



$ gpg --verify LibreOffice_4.0.0.3_Linux_x86_deb.tar.gz.asc LibreOffice_4.0.0.3_Linux_x86_deb.tar.gz
gpg: Signature made Thu 31 Jan 2013 02:43:50 PM HKT using RSA key ID AFEEAEA3
gpg: Good signature from "LibreOffice Build Team (CODE SIGNING KEY) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C283 9ECA D940 8FBE 9531  C3E9 F434 A1EF AFEE AEA3



References
Checking the integrity of files
http://www.gnupg.org/download/integrity_check.en.html

Developers' LibreOffice
http://dev-builds.libreoffice.org/pre-releases/deb/x86/

No comments: