[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: checksum of files in an rpm



On Thu, Mar 20, 2003 at 11:16:31AM +0100, Michael Kuss wrote:
> Hi,
> 
> I'm using rpm version 4.1 (the one that comes with RH8.0).  I built an
> rpm.  Before installing, I can check the integrity:
> 
> [root@r2d2 root]# rpm --checksig /tmp/openafs-kernel-1.2.8-rh8.0.1.a.i386.rpm
> /tmp/openafs-kernel-1.2.8-rh8.0.1.a.i386.rpm: sha1 md5 OK
> 
> 
> So, it seems the rpm is ok.  However, if I try to install I get:

Specifically, the sha1 digest on the header and the md5 digest on
header+payload are OK.

> 
> 
> [root@r2d2 root]# rpm -Uvh /tmp/openafs-kernel-1.2.8-rh8.0.1.a.i386.rpm
> Preparing...                ########################################### [100%]
>    1:openafs-kernel         ########################################### [100%]
> error: unpacking of archive failed on file /usr/vice/etc/modload/libafs-2.4.18-14-i686.bm.o;3e7828d7: cpio: MD5 sum mismatch
> 

This is a md5 digest on the file contents, performed while writing the file.
That is different than the package digests, and performed in a different
context, so it's shouldn't be surprising that different results are
possible.

Early termination of output would cause the digest to be miscomputed,
so would memory and hardware problems, unusual behavior from your
file system, lots of other causes.

Add -vv and examine output. There are other debugging options too,
including --fsmdebug to see file install steps, and --rpmiodebug to see
every I/O operation performed by rpm.

Then there's strace if you don't believe anything at all in rpm is
implemented correctly ;-)

> How do I check the integrity of every single file of a package, before 
> installing it?

Cheapest way is to install package into a chroot, Other solutions include
extracting md5sums from package using a query, unpack payload using rpm2cpio,
and write shell script that walks tree computing md5 digests of
files using /usr/bin/md5sum to compare with what is in query.

> 
> I can dump checksums for each file, but where does it tell me that they 
> are valid?
> 
> root@r2d2 root]# rpm -qp --dump /tmp/openafs-kernel-1.2.8-rh8.0.1.a.i386.rpm
> /usr/vice/etc/modload/SymTable 4983 1048034665 b1d5e6236aac47537234e354820228ff 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-athlon.mp.o 662770 1048021516 1cf4788363defeb2c3a2cf6deb9ce6f7 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-athlon.o 542191 1048020737 6600260e62f51a1a036b97b95f294253 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i386.mp.o 661463 1048020931 8c19914a06bb669d72f425b797c56db6 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i386.o 541202 1048020198 4a62f8c26d7b0d241138c5b8bcac7aca 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i586.mp.o 662069 1048021125 90f1e5698a8542a2b77d679f28d5ddb2 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i586.o 541602 1048020378 3510f33e3949df02b4fc2c0cf4b6cbe8 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i686.bm.o 662802 1048021904 5dcf7c259ec4639735cbdfc67a91653c 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i686.ep.o 662148 1048021708 879e9454f40cffc2d00413774086d7c9 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i686.mp.o 662802 1048021321 14739194a82c0950b3f839047f3f97bd 0100644 root root 0 0 0 X
> /usr/vice/etc/modload/libafs-2.4.18-14-i686.o 542311 1048020557 18d157a8fcde7f6d01b26a8b78e83ccb 0100644 root root 0 0 0 X
> 
> It lists the checksums, but doesn't give a hint if they are valid.
> 
> BTW, a rebuild (takes several hours on a 1GHz) gave an uncorrupted rpm, so
> that's not a problem anymore.  But before installing certain packages, I
> would like to be sure that they are ok.

The packages are ok if both sha1 and md5 are ok.

73 de Jeff

-- 
Jeff Johnson	ARS N3NPQ
jbj@redhat.com (jbj@jbj.org)
Chapel Hill, NC





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []