Verify RPM Packages (RHEL)

On this page

Before you Begin

Steps

The MongoDB release team digitally signs MongoDB Compass packages to certify that packages are a valid and unaltered MongoDB release. Before you install MongoDB Compass, you can use the digital signature to validate the package.

This page describes how to verify .rpm packages on RHEL operating systems.

Before you Begin

If you don't have MongoDB Compass installed, download the MongoDB Compass binary from the Download Center.

Steps

Import the MongoDB Compass public key in gpg and rpm

curl https://pgp.mongodb.com/compass.asc | gpg --import
rpm --import https://pgp.mongodb.com/compass.asc

If the key imports successfully, the command returns:

gpg: key CEED0419D361CB16: public key "MongoDB Compass Signing Key <compass@mongodb.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

If you have previously imported the key, the command returns:

gpg: key A8130EC3F9F5F923: "MongoDB Compass Signing Key <compass@mongodb.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Verify the rpm file

rpm --checksig <path_to_compass_rpm_file>

If the file is signed, the command returns:

<path_to_compass_rpm_file> digests signatures OK

Back

Use GPG

Verify Windows Packages