How do i verify dbus-1.12.20-8.el9.x86_64.rpm checksum

Rocky Linux General
1

Hi, I downloaded the rpm from Index of /pub/rocky/9/BaseOS/x86_64/os/Packages/d/. how do i verify the checksum?

File: dbus-1.12.20-8.el9.x86_64.rpm

2

Hi @HairulMisni is there a reason why you are installing this as a single RPM rather than just running dnf install dbus which should update any dependencies and do the checks for you? Or better yet, simply doing a dnf upgrade to take you to the latest version of all packages for RL 8?

3

Hi there, reason been, im simulating my company environment which my server does not have an internet access thus, after running a tenable scan, there s a few vulnerabilities findings such as c ares and dbus that needs to be patched or update.

before i patched, i need to verify its checksum and installed packages.

do u have any guide that i can refer to on how to install the updates manually?

thanks.

5

Hello Hariul,
I downloaded and obtained the checksum. Maybe this will assist you. See below:

~/Downloads $ sha256sum dbus-1.12.20-8.el9.x86_64.rpm 
f9ab612861c66de02ad73a0ffb56b2f83b71de2326ea595ffeac47eea517e18f  dbus-1.12.20-8.el9.x86_64.rpm
6

HI thanks for the checksum…

7

What you can do, is on a Rocky 9 machine that does have internet connectivity, is to do this using dnf download command:

[root@rocky9 ~]# dnf download dbus

dbus-1.12.20-8.el9.x86_64.rpm                   111 kB/s | 6.8 kB     00:00

then use the sha256sum command as @marty-mcfly used:

[root@rocky9 ~]# sha256sum dbus-1.12.20-8.el9.x86_64.rpm 
f9ab612861c66de02ad73a0ffb56b2f83b71de2326ea595ffeac47eea517e18f  dbus-1.12.20-8.el9.x86_64.rpm

Using dnf download instead of manually downloading the package from a repo means that dnf was used to already check/verify the checksum of the package being downloaded. That means we’ve definitely got the correct one, and not let’s say something that may or may not have come from the correct source, or a package that may have been altered. The sha256sum command would therefore no longer be needed, unless you wished to check/compare it with a package you had downloaded with alternate means, like you had done from a mirror manually - for example.

The package can then be transferred to the server that is offline and then installed appropriately.

1 Like