Does linux have a signature system for executables?

Solution 1:

Software that is in the repositories does not really need a signature. We can assume that the software coming from those can be trusted.

But it is possible to check it through its md5 checksum. Launchpad page on MD5 checksum step 2:

Step 2: Open a terminal, change to the directory where you have saved the file and accompanying signature, then enter the following:

gpg --verify signaturefilename

Replace signaturefilename with the signature's filename.

gpg will now try to check the signature against the signer's public key. If your version of gpg is configured to retrieve public keys automatically, you can skip to step 4. Otherwise, you'll need to fetch the signer's public key manually.

Solution 2:

DigSig (Digital Signature... in the Kernel) and DSI (Distributed Security Infrastructure), but unfortunately, this project is no longer maintained.

DigSig, is a Linux kernel module, which checks RSA digital signatures of ELF binaries and libraries before they are run. Binaries are to be signed with BSign.

DSI (Distributed Security Infrastructure), is a security framework which targets distributed environments, and is meant to address any specific security issue such platforms may be concerned with. More particularly, it is meant to address security needs of carrier-grade Linux clusters, for the telecommunication domain.^DigSig