Google Linux Software Repositories

Overview

Google’s Linux software packages will automatically configure the repository settings necessary to keep your Google Linux applications up-to-date. Please download and install packages from the appropriate product pages.

The Linux Package Signing Key

Google’s Linux packages are signed with a GNU Privacy Guard (GPG) key. Google’s packages will automatically configure your package manager to verify product updates with the public signing key, but you may also install it separately if, for instance, you want to verify the integrity of an initial package download. Follow the instructions below to manually configure your package manager to use the key.

Key Details

Command line key installation for APT

On an APT-based system (Debian, Ubuntu, etc.), download the key and then use apt to install it.

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

Recent versions of apt-get will automatically attempt to verify packages on download. If an appropriate key is not found or if the package is corrupted, you will get a message like the following:

WARNING: The following packages cannot be authenticated!
packagename

Command line key installation for RPM

On an RPM-based system (Fedora, SUSE, Mandriva, RHEL, etc.), download the key and then use rpm to install it.

wget https://dl-ssl.google.com/linux/linux_signing_key.pub
sudo rpm --import linux_signing_key.pub

You can verify the key installation by running:

rpm -qi gpg-pubkey-7fac5991-*

To manually verify an RPM package, you can run the command:

rpm --checksig -v packagename.rpm
Google