Next: , Up: Verifying the Distribution



4.1 Verifying the Tar Archive File

The swverify verifies the package in memory without installing the package in file system. If a package is signed, it will have the following files:

     <path>/catalog/
     <path>/catalog/INDEX
     ...
     <path>/catalog/<dfiles>/md5sum
     <path>/catalog/<dfiles>/sha1sum
     <path>/catalog/<dfiles>/sig_header
     <path>/catalog/<dfiles>/signature
     ...

For example:

     swverify -d  @- <somepackage-1.0.tar.gz
         # - or -
     swverify <somepackage-1.0.tar.gz