On 24 January 2018 at 12:56, Saeed Ahmed (DB) <saeed.ahmed1@xxxxxxxxxxxxxx> wrote:
<package type="rpm">
<name>postgresql10-server</name>
<arch>x86_64</arch>
<version epoch="0" ver="10.1" rel="1PGDG.rhel7"/>
<checksum type="sha256" pkgid="YES">d669c07f3c670299f2f1adc5a81ec90187bffc9aca0e8ceb7aa51a9194614910</checksum>
<summary>The programs needed to create and run a PostgreSQL server</summary>
Hi Magnus Hagander,
Many thanks for the prompt response. We need a binary rpm for installation on linux RHEL7 environment and for that CHECKSUM is required. As the source tar file does not fulfill our requirement due to no expertise in compiling the source code. Is there any way as no success in finding the MD5 value for rpm on the website.
Package installation via Yum should automatically take care of verifying checksum and GPG signature (unless you manually disable PGP verification).
Yum repository where packages are hosted stores checksum and other relevant information in what is called yum db. So for example, for RHEL/CentOS 7.2, here's the Yum repository that contains relevant information on all the packages.
(Please refer to the relevant files for your minor version of RHEL/CentOS)
For information on specific packages in the repository, take a look here https://yum.postgresql.org/10/redhat/rhel-7.2-x86_64/repodata/3f8cd771d98c480622459107b80e97df46ffd9133dcba7976eab38bd6e36fbf4-primary.xml.gz.
So for example, if you wanted to get checksum for postgresql10-server rpm package, here's this excerpt from the file linked above for postgresql10-server version 10.1 rpm package:
<name>postgresql10-server</name>
<arch>x86_64</arch>
<version epoch="0" ver="10.1" rel="1PGDG.rhel7"/>
<checksum type="sha256" pkgid="YES">d669c07f3c670299f2f1adc5a81ec90187bffc9aca0e8ceb7aa51a9194614910</checksum>
<summary>The programs needed to create and run a PostgreSQL server</summary>
The highlighted entry above should give you the sha256 checksum of the package in question.
Once you have installed the same package via Yum, you can verify this checksum against the installed package by running a query against yumdb. Essentially:
yumdb info <package name>
lists out the required information. For example, for postrgesql10-server package, here's the output:
[haroon@localhost ~]$ yumdb info postgresql10-server
Loaded plugins: fastestmirror, langpacks
postgresql10-server-10.1-1PGDG.rhel7.x86_64
checksum_data = d669c07f3c670299f2f1adc5a81ec90187bffc9aca0e8ceb7aa51a9194614910
checksum_type = sha256
command_line = install postgresql10-server
from_repo = pgdg10
from_repo_revision = 1516304771
from_repo_timestamp = 1516304876
installed_by = 1000
origin_url = https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/postgresql10-server-10.1-1PGDG.rhel7.x86_64.rpm
reason = user
releasever = 7
var_infra = stock
var_uuid = 3b612142-4be3-4551-b529-66391cfe3a9d
Regards,
Haroon
