To verify the integrity of an installed RPM package on your system:
Open a terminal or command prompt on your Linux system.
Run the following command to verify the RPM package:
rpm -V
Replace with the name of the RPM package you want to verify. You can use the package name, not the RPM file name.
The rpm command will check the package and display the result of the verification. It may output various combinations of letters to indicate the status of different attributes of the package.
The output format is as follows:
S.5....T. /path/to/file
Here are some common letters and their meanings:
S (file Size): The file size differs from what is expected.
M (file Mode): The file mode (permissions) differs from what is expected.
5 (MD5 checksum): The MD5 checksum of the file differs from what is expected.
D (device): The file is a device file, which should not be changed.
L (readLink): The symbolic link target is incorrect.
U (user): The file owner is different from what is expected.
G (group): The file group is different from what is expected.
T (mtime): The file modification time differs from what is expected.
If there is no output from the command, it means that all attributes of the package are intact, and the package is verified successfully.
If there are any changes reported by the rpm -V
command, it’s possible that the package has been modified or corrupted. In such cases, you might want to investigate further or consider reinstalling the package from a trusted source.
Remember that rpm -V
verifies the package attributes but does not verify the digital signature of the package. If you want to check the digital signature of an RPM package, you should use the rpm -K
command.