On Fri, 11 Feb 2000, Till Rotter wrote:
Hi Everybody!
Please, can somebody tell me how to verify a md5 checksum?
I read the rpm manpage and it says something about md5 checksums there, but I don't know how to pass a given checksum to rpm. In the manpage it says something about a database, but surely the checksum of an update-package wouldn't be in a database, would it? If it were, it wouldn't be provided along with the package now, would it?
Your SuSE Linux should come with a programm /usr/bin/md5sum, provided you have installed textutil.rpm (that's where md5sum is packaged in SuSE 6.1). You can verify md5 checksums by issueing the command "md5sum whatever-package.rpm" The output will look like 6171c3ebb14dabc5bf38c9ccd4c564ad whatever-package.rpm You can then compare the computed checksum with the one given in the security announcement. If you're lucky enough, they will match. If not, there might just be something wrong with the announcement (hint, SuSE Team ... ;-) or something serious is happening here, i.e. you may have downloaded a Trojan horse. Of course, then it is not recommended to install the downloaded package ... ;-) To your other questions: rpm can verify md5 checksums of the contents of already installed packages, file by file. This is probably not what you want right now (though it may help you in case an intruder has cracked your machine, provided the rpm database can still be trusted - and then Tripwire is better anyway). Bye, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster, Germany Please sign the Linux Driver Petition on http://www.libranet.com/petition.html