Hi, I downloaded the rpm from Index of /pub/rocky/9/BaseOS/x86_64/os/Packages/d/. how do i verify the checksum?
File: dbus-1.12.20-8.el9.x86_64.rpm
Hi, I downloaded the rpm from Index of /pub/rocky/9/BaseOS/x86_64/os/Packages/d/. how do i verify the checksum?
File: dbus-1.12.20-8.el9.x86_64.rpm
Hi @HairulMisni is there a reason why you are installing this as a single RPM rather than just running dnf install dbus
which should update any dependencies and do the checks for you? Or better yet, simply doing a dnf upgrade
to take you to the latest version of all packages for RL 8?
Hi there, reason been, im simulating my company environment which my server does not have an internet access thus, after running a tenable scan, there s a few vulnerabilities findings such as c ares and dbus that needs to be patched or update.
before i patched, i need to verify its checksum and installed packages.
do u have any guide that i can refer to on how to install the updates manually?
thanks.
Hello Hariul,
I downloaded and obtained the checksum. Maybe this will assist you. See below:
~/Downloads $ sha256sum dbus-1.12.20-8.el9.x86_64.rpm
f9ab612861c66de02ad73a0ffb56b2f83b71de2326ea595ffeac47eea517e18f dbus-1.12.20-8.el9.x86_64.rpm
HI thanks for the checksum…
What you can do, is on a Rocky 9 machine that does have internet connectivity, is to do this using dnf download
command:
[root@rocky9 ~]# dnf download dbus
dbus-1.12.20-8.el9.x86_64.rpm 111 kB/s | 6.8 kB 00:00
then use the sha256sum command as @marty-mcfly used:
[root@rocky9 ~]# sha256sum dbus-1.12.20-8.el9.x86_64.rpm
f9ab612861c66de02ad73a0ffb56b2f83b71de2326ea595ffeac47eea517e18f dbus-1.12.20-8.el9.x86_64.rpm
Using dnf download
instead of manually downloading the package from a repo means that dnf was used to already check/verify the checksum of the package being downloaded. That means we’ve definitely got the correct one, and not let’s say something that may or may not have come from the correct source, or a package that may have been altered. The sha256sum
command would therefore no longer be needed, unless you wished to check/compare it with a package you had downloaded with alternate means, like you had done from a mirror manually - for example.
The package can then be transferred to the server that is offline and then installed appropriately.