Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Getting Started with MariaDB

You're reading from   Getting Started with MariaDB Explore the powerful features of MariaDB with practical examples

Arrow left icon
Product type Paperback
Published in Jun 2015
Publisher
ISBN-13 9781785284120
Length 140 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Daniel Bartholomew Daniel Bartholomew
Author Profile Icon Daniel Bartholomew
Daniel Bartholomew
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Installing MariaDB 2. Configuring MariaDB FREE CHAPTER 3. Securing MariaDB 4. Administering MariaDB 5. Using MariaDB – Databases and Tables 6. Using MariaDB – Inserting, Updating, and Deleting 7. Using MariaDB – Retrieving Data 8. Maintaining MariaDB A. MariaDB Next Steps
Index

MariaDB package security

The packages provided by the MariaDB developers are signed with a security key so that they can be verified by package managers such as yum and apt. The key signing and verification infrastructure on Linux is called Gnu Privacy Guard (GPG). It is a compatible open source version of Pretty Good Privacy (PGP), which is an industry standard data encryption, decryption, and verification system.

The identification number (GPG ID) of the MariaDB signing key is 0xcbcb082a1bb943db. For longtime users of GPG, this ID may seem a little long. That's because, until recently, it was common to share a short form of the GPG ID. This is discouraged now because of a GPG vulnerability discovered a couple years ago; however, many utilities will still display the short form by default. The long form of the ID is more secure, so this is what the MariaDB developers share when talking about the key. But, in case we want it, the short form of the ID is 1BB943DB (it's just the last eight characters of the long form ID). For the extra cautious, the full key fingerprint is:

1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB

The key IDs and fingerprint are also posted in the MariaDB Knowledge Base, which is the official location of the MariaDB documentation and is available from:

https://mariadb.com/kb/en/mariadb/gpg/

By checking the signature of the packages, Linux package managers, and more importantly, WE can verify whether the package that comes from the MariaDB developers and hasn't been tampered with since they created it.

When configuring the MariaDB repository on Debian and Ubuntu and during the initial MariaDB install on Fedora, Red Hat, and CentOS, an important task is to import the signing key. It's a good idea to verify the key by comparing it to the IDs and the fingerprint when doing so. Thankfully, this is a one-time operation. Once the key is imported, the process is fully automatic. We will only be notified if the signature check fails.

For MariaDB Windows, binary Linux, and the MariaDB source code files, we can verify them in two ways, first is by comparing the md5sum of the file we downloaded with the md5sum posted on the MariaDB downloads page next to the file. The second way is to use PGP or GPG to verify the cryptographic signature of the file. These signatures are also posted on the MariaDB downloads page.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image