How to determine the integrity of a Linux package
Suppose you download a package (deb, rpm, tar … what ever) from the net. How do you determine whether the package is genuine or not. Put differently, how do you ensure that the package has not been tampered ?
There is a simple way to ensure that. You use the utility
When you download the package from a location on the net – preferably from the package author’s website, you run the command md5sum as follows :
$ md5sum package-name kdhoeio234208lsdkja390lsjd232sa package-name
The string of numbers (which is the output shown above) can then be checked with the MD5 checksum published by the packager. This method is especially useful for checking the integrity of a package before installing it.