How to verify that a package (rpm) has not been corrupted or tampered

If you wish to verify that a package has not been corrupted or tampered with, examine only the md5sum by typing the following command at a shell prompt (where is the file name of the RPM package):

rpm -K --nosignature

e.g) # rpm -K --nosignature amarok-1.4.10-26.1.i586.rpm
amarok-1.4.10-26.1.i586.rpm: sha1 md5 OK

The message : md5 OK is displayed. This brief message means that the file was not corrupted by the download. To see a more verbose message, replace -K with -Kvv in the command.

# rpm -Kvv --nosignature amarok-1.4.10-26.1.i586.rpm               

D: Expected size:      3243261 = lead(96)+sigs(772)+pad(4)+data(3242389)

D:   Actual size:      3243261

amarok-1.4.10-26.1.i586.rpm:

    Header SHA1 digest: OK (36ec55a4b71ed8f444961591529356d91c7301a8)

    MD5 digest: OK (2f02fb879d6a4968f4cc3d403d0d0e2d)

D: May free Score board((nil))