Integrity Check from Trusted Sources

Every released or patch version of the downloadable product packages from VMware comes with its MD5 and SHA1 checksums in the VMware Customer Connect portal. The checksums can be used to verify if the downloaded file is intact, and in its original form. The above statement also applies to VMware Aria Operations installation PAK files (for cluster and cloud proxy upgrade, management packs, content packs, compliance packs, and so on).

Integrity Check from Untrusted Sources

If there is a lack of information about the download source, the digital signature of VMware Aria Operations installation PAK files can be verified manually before applying it. You can run the following steps to verify if the package contents have the correct signature by the trusted certificate.

Procedure

  1. Put the PAK file in /storage/db/. The directory of the primary node of the cluster.
    1. This can be achieved either by copying the PAK file to the target machine (using scp).
    2. Or by downloading the PAK file from the source (using wget).
  2. Use the command below to verify the signature:
    python /usr/lib/vmwarevcopssuite/utilities/pakManager/bin/vcopsPakManager.py --action
    query_pak_signature –pak <path_to_pak_file>

    If the signature is valid, the following output will be printed:

    {
     "invalid_reason": null,
     "is_signature_valid": true,
     "is_signature_valid_certificate_untrusted": null,
     "is_signed": true,
     "pak_id": "PAK_NAME",
     "pak_version": "VERSION",
     "platform": [
     "Linux VA"
     ],
     "vcopssuiteinstall_build_number": null,
     "vcopssuiteinstall_build_type": null,
     "vcopssuitevm_build_number": "BUILD_NUMBER",
     "vcopssuitevm_build_type": "BUILD_TYPE"
    }

    Otherwise, in case of an invalid signature, the following output will be printed:

    {
     "invalid_reason": "MESSAGE",
     "is_signature_valid": false,
     "is_signature_valid_certificate_untrusted": null,
     "is_signed": false,
     "pak_id": "PAK_NAME",
     "pak_version": "VERSION",
     "platform": [
     "Windows",
     "Linux Non-VA",
     "Linux VA"
     ],
     "vcopssuiteinstall_build_number": null,
     "vcopssuiteinstall_build_type": null,
     "vcopssuitevm_build_number": null,
     "vcopssuitevm_build_type": null
    }