Daily Archives: February 24, 2013

To ensure that the system can cryptographically verify update packages (and also connect to the Red Hat Network to receive them if desired),
run the following command to ensure that the system has the Red Hat GPG key properly installed: $rpm -q –queryformat “%{SUMMARY}\n” gpg-pubkey
The command should return the string:    gpg(Red Hat, Inc. (release key <[email protected]>)

To verify that the Red Hat GPG key itself has not been tampered with, its fingerprint can be compared to the one from Red Hat’s web site at http://www.redhat.com/security/team/key. The following command can be used to print the installed release key’s fingerprint, which is actually contained in the file referenced below:
$ gpg –quiet –with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
More information on package signing is also available at https://fedoraproject.org/keys.

The first step in configuring a system for updates is to register with the Red Hat Network (RHN).
For mostsystems,this is done during the initial installation. Successfully registered systems will appear on the RHN web site.
If the system is not listed, run the Red Hat Network Registration tool, which can be found in the
Applications menu under System Tools
or on the command line:
# rhn_register
Follow the prompts on the screen. If successful, the system will appear on the RHN web site and be subscribed to one or more software update channels.
Additionally, a new daemon, rhnsd, will be enabled.

If the system will not have access to the Internet, it will not be able to directly subscribe to the RHN update repository.
Updates will have to be downloaded from the RHN web site manually. The command line tool yum and the graphical front-ends pirut and pup can be
configured to handle this situation.