Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-63687

[spike] Allow querying rpm checksums for installed rpms

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • rhel-9.6
    • None
    • rpm
    • None
    • rhel-sst-cs-software-management
    • ssg_core_services
    • 8
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request

      Add feature to "rpm -q" function to keep track of an installation package's SHA1, MD5, and SHA256 value

      3. What is the nature and description of the request?

      We want to be able to  query installed packages to check whether the SHA1, SHA256, and MD5 sums for a currently installed package match what the originally installed package had. Not for installed files, but for the rpms themselves. We want to do this without having to download the rpm. For example:

       
      #### The following is an example of a list of checksums for the RHEL 9.2 bash rpm
      $ cd /var/www/html/RHEL9.2-x86_64/BaseOS/Packages
      $ for chksum in md5sum sha1sum sha256sum;do
      > $chksum ./bash-5.1.8-6.el9_1.x86_64.rpm
      > done
      f84aec1fe6f72d235e868c41e3bb2453  ./bash-5.1.8-6.el9_1.x86_64.rpm
      e601a53f60cf83fb76cdaa83a0f1b78b99ba4d60  ./bash-5.1.8-6.el9_1.x86_64.rpm
      90603777c369e7e4266971d06a7c0bc33f3493b7ddf6904a7d141abe2e7b287f  ./bash-5.1.8-6.el9_1.x86_64.rpm
      ...
      #### I would like to be able to able to do something like the following to connect the two.
      $ rpm --nodigest -q bash --qf="%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\t%{PACKAGEMD5}\n"
      bash-5.1.8-6.el9_1.x86_64       f84aec1fe6f72d235e868c41e3bb2453  
      $ rpm --nodigest -q bash --qf="%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\t%{PACKAGESHA1}\n"
      bash-5.1.8-6.el9_1.x86_64       e601a53f60cf83fb76cdaa83a0f1b78b99ba4d60
      $ rpm --nodigest -q bash --qf="%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\t%{PACKAGESHA256}\n"
      bash-5.1.8-6.el9_1.x86_64       90603777c369e7e4266971d06a7c0bc33f3493b7ddf6904a7d141abe2e7b287f 

       

      4. Why does the customer need this? (List the business requirements here)

      This would help us to improve the integrity of our RHEL installations. We are looking to ensure the package installation tracked in the rpmdb is consistent with its configuration in dnf repodata. The package checksum is known when the package is pulled down to be installed, and it could be added to the rpmdb to be checked with a query tag.

       

      5. How would the customer like to achieve this? (List the functional requirements here)

      • When an rpm is installed, save its checksum data to the rpmdb.
      • Add a function to rpm --query so that the checksum can be inspected after an rpm is installed.

      6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

      • Checking the first requirement probably would not be possible without the implementation of the rpm -q feature.
      • Once rpm is able to query the rpmdb to check the SHA1/SHA256/MD5 sum of installed packages, install a new rpm and then query its checksum and compare it with what we see when querying the rpm file directly.

      7. Is there already an existing RFE upstream or in Red Hat Bugzilla?

      No

      8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL8, RHEL9)?

      RHEL 9

       

      9. Is the sales team involved in this request and do they have any additional input?

      No

       

      10. List any affected packages or components.

      rpm

       

      11. Would the customer be able to assist in testing this functionality if implemented?

      yes

              rhn-support-pmatilai Panu Matilainen
              rhn-support-lagordon Kaitlin Gordon
              packaging-team-maint packaging-team-maint
              Software Management QE Software Management QE
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: