This package uses a simple RPM query to generate a hash, or rpm-manifest, of the set of RPMs installed on a given host. The manifest is deterministic, so:
-
If two hosts have the same manifest, those two hosts have the same combination of RPMs, including epoch, name, version, and release.
-
If two hosts have different manifests, those two hosts have a different combination of RPMs.
IMPORTANT: An rpm-manifest is not a tool for comparing configuration files or detecting intrusions.
If you compute the rpm-manifest for a given kickstart,
you can compare the actual manifest during %post
to
the expected manifest as a go-no-go check of the build.
Given a set of hosts, has anybody changed the build by updating, installing, or removing RPMs?
The following output shows the manifests for each host in a set of presumably identical hosts.
pc-pp01a : ad52c23663e76c4eb7cee27c0d3613ab
pc-pp01b : f65b8d62011ec3ab59ac816a088e7c0a
pc-pp02a : 6422646db863598ea705a1e5806f5b08
pc-pp02b : baa1e43c95dd58cd367ab289fe042d67
pc-pp03a : baa1e43c95dd58cd367ab289fe042d67
pc-pp03b : baa1e43c95dd58cd367ab289fe042d67
pc-pp04a : baa1e43c95dd58cd367ab289fe042d67
pc-pp04b : baa1e43c95dd58cd367ab289fe042d67
pc-pp05a : baa1e43c95dd58cd367ab289fe042d67
pc-pp05b : baa1e43c95dd58cd367ab289fe042d67
pc-pp06a : baa1e43c95dd58cd367ab289fe042d67
pc-pp06b : baa1e43c95dd58cd367ab289fe042d67
pc-pp07a : 5a67d2db48b5396968bac87c631bbb98
pc-pp07b : 89a1f692b9659a5928413c56213b0c95
pc-pp08a : baa1e43c95dd58cd367ab289fe042d67
pc-pp08b : baa1e43c95dd58cd367ab289fe042d67
pc-pp09a : baa1e43c95dd58cd367ab289fe042d67
pc-pp09b : baa1e43c95dd58cd367ab289fe042d67
If you pipe the above output to awk '{print $NF} | sort | uniq -c
,
it becomes clear that somebody has modified some of the hosts:
1 5a67d2db48b5396968bac87c631bbb98
1 6422646db863598ea705a1e5806f5b08
1 89a1f692b9659a5928413c56213b0c95
1 ad52c23663e76c4eb7cee27c0d3613ab
13 baa1e43c95dd58cd367ab289fe042d67
1 f65b8d62011ec3ab59ac816a088e7c0a