I am wondering doesn’t Fedora verify file hashes with RPM ?
If not ,is it possible to set it up ?
rpm does check file hash values as well as other attributes of the files. For example to check if the systemd packace is OK run
rpm -V systemd
to check all packages.
For some files you might get Permission denied, in which case run the command with sudo.
The reason behind my question is that I am running VM Fedora 36 Workstation to test out SCAP Workbench. Now some warnings came up which I want to deal with. These are : Enable FIPS mode , Configure System Cryptography Policy and after I enforced the SELinux state to enforcing I got Verify File Hashes with RPM. Now I want to try to understand and solve these issues. Why is this happening and how to solve these warnings ?
P.S. I like discussing these kind of questions with this community because I always receive a new look at things and ideas just start popping up.
$ rpm -Va --noconfig | grep '^..5' to verify file hashes with RPM. If the hashes are erroneous The package can then be reinstalled to restore the file. Run the following command to determine which package owns the file:
$ rpm -qf FILENAME
The package can be reinstalled from a dnf repository using the command:
$ sudo dnf reinstall PACKAGENAME
Alternatively, the package can be reinstalled from trusted media using the command:
$ sudo rpm -Uvh PACKAGENAME
Now I just need to figure out how to setup FiPS mode and configure the systems cryptography policy with no software protests and malfunctioning.