Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Verifying Software Package Integrity
Before installing the software package, you are advised to check whether the software package is incomplete or damaged due to network or storage device faults.
Procedure
- Upload the software package and digital signature file obtained in Downloading Software Packages to any directory on the Linux OS, for example, /opt.
The software package and the .asc digital signature file must be stored in the same directory.
- Configure the OpenPGP public key. For details, see Configuring the OpenPGP Public Key.
- Run the following command to check whether the software package is valid:
Command: gpg --verify "digital signature file"
Example: gpg --verify "mini_developerkit_source.rar.asc"
Information similar to the following is displayed:
gpg: assuming signed data in `mini_developerkit_source.rar' gpg: Signature made Sat 15 Jun 2019 09:50:10 PM CST using RSA key ID 27A74824 gpg: Good signature from "OpenPGP signature key for Huawei software (created on 30th Dec,2013) <support@huawei.com>"
- In the command output, 27A74824 is the public key ID.
- If "Good signature" is returned and no "WARNING" or "FAIL" message is returned, the signature is valid and the integrity of the software package passes the verification.
- If "WARNING" or "FAIL" is returned, the verification fails. See What Do I Do If a "WARNING" or "FAIL" Message Is Returned When I Check the Integrity of a Software Package? to handle the problem.
