Issue
I would like write my own verification program, ensuring files downloaded from a yum repo have the same checksum as they came with. This is akin to yum-verify.
On Ubuntu, this is done by gathering the contents of .md5sums files. I believe on RedHat, this information is kept in Berkeley DB files located /var/lib/rpm. Utilizing db_dump on BaseNames, Packages, Sha1header, and Sigmd5, I explored the files and do not think they are self-explanatory.
Basically, how can I verify the checksum of a given file programmatically (no bash scripting utilizing yum-verify)?
TIA.
Solution
See rpm --verify code in lib/verify.c for how to retrieve/verify file digests using C.
Python bindings likely have enough methods to retrieve/verify file digests (but I can't think of any Python app that is widely used that implements rpm file digest verification intelligently)
Answered By - Jeff Johnson Answer Checked By - Marie Seifert (WPSolving Admin)