This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
I'm working on a project in python to validate the SHA256Sum of our packages in our repository manager versus the SHA256sums of the packages in the Red Hat API's to validate chain of custody and to solidify for our Security Team that those packages aren't modified. However, as part of our validation activities, I've been asked by a senior team member to validate package digests.
I know in the RPM util I can utilize 'RPM -Kv {{ package_name }}' after I've downloaded it locally, however I'm looking to do the same thing in Python. I'm looking for advice from someone who may have done this type of thing in python before. Is there a module I can utilize in python that would validate if the package can digests signatures?
Subreddit
Post Details
- Posted
- 2 years ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/redhat/comm...