MariaDB RPM packages since MariaDB 5.1.55 are signed.

The key we use has an id of 1BB943DB and the key fingerprint is:

1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB

To check the signature you first need to import the public part of the key like so:

gpg --keyserver hkp://pgp.mit.edu --recv-keys 1BB943DB

Next you need to let pgp know about the key like so:

gpg --export --armour 1BB943DB > mariadb-signing-key.asc
sudo rpm --import mariadb-signing-key.asc

You can check to see if the key was imported with:

rpm -qa gpg-pubkey*

Once the key is imported, you can check the signature of the MariaDB RPM files by running the something like the following in your download directory:

rpm --checksig $(find . -name '*.rpm')

The output of the above will look something like this (make sure gpg shows up on each OK line):

me@desktop:~$ rpm --checksig $(find . -name '*.rpm')
./kvm-rpm-centos5-amd64/rpms/MariaDB-test-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
./kvm-rpm-centos5-amd64/rpms/MariaDB-server-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
./kvm-rpm-centos5-amd64/rpms/MariaDB-client-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
./kvm-rpm-centos5-amd64/rpms/MariaDB-shared-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
./kvm-rpm-centos5-amd64/rpms/MariaDB-devel-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
./kvm-rpm-centos5-amd64/rpms/MariaDB-debuginfo-5.1.55-98.el5.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
./kvm-rpm-centos5-amd64/srpms/MariaDB-5.1.55-98.el5.src.rpm: (sha1) dsa sha1 md5 gpg OK

See Also

• Installing MariaDB RPM Files
• Troubleshooting MariaDB Installs on RedHat/CentOS