MySQL 5.6 Reference Manual Including MySQL NDB Cluster 7.3-7.4 Reference Guide
For RPM packages, there is no separate signature. RPM packages have a built-in GPG signature and MD5 checksum. You can verify a package by running the following command:
shell> rpm --checksig package_name
.rpm
Example:
shell> rpm --checksig MySQL-server-5.6.51-0.linux_glibc2.5.i386.rpm
MySQL-server-5.6.51-0.linux_glibc2.5.i386.rpm: md5 gpg OK
If you are using RPM 4.1 and it complains about (GPG)
NOT OK (MISSING KEYS: GPG#5072e1f5)
, even though you
have imported the MySQL public build key into your own GPG
keyring, you need to import the key into the RPM keyring
first. RPM 4.1 no longer uses your personal GPG keyring (or
GPG itself). Rather, RPM maintains a separate keyring because
it is a system-wide application and a user's GPG public
keyring is a user-specific file. To import the MySQL public
key into the RPM keyring, first obtain the key, then use
rpm --import to import the key. For
example:
shell> gpg --export -a 5072e1f5 > 5072e1f5.asc shell> rpm --import 5072e1f5.asc
Alternatively, rpm also supports loading the key directly from a URL, and you can use this manual page:
shell> rpm --import https://docs.oracle.com/cd/E17952_01/mysql-5.6-en/checking-gpg-signature.html
If you need to obtain the MySQL public key, see Section 2.1.4.2, “Signature Checking Using GnuPG”.