When trying to install an rpm package with rpm, rpm gives a rather cryptic error message if the md5 checksum of the file fails. All rpm says is: error: foo.rpm cannot be installed Instead rpm should explain the problem in more detail. Something like this: MD5 checksum failed. file is corrupt. foo.rpm cannot be install Bit corruption of packages is not uncommon, especially when they have been transported over ftp. The IP checksum actually misses a disturbing number of bit errors.
By design, rpm does not check MD5 sums during install (this is a separate operation rpm --checksig). The error message that you are seeing comes from a failure to correctly read the package header. The likeliest failures in trying to read the header are 1) incorrect magic number 2) truncated header which have equally cryptic (but distinguishable!) error messages.
This is such a bad error I can not believe that you defend it error: foo.rpm cannot be installed Gives no hint that the problem is with the package file. Clearly you need to create a simple santiy check that the package file is not corupt This could be as simple as checking the file magic number (incase the file is totally hosed) and checking that the file length is larger then the payload size listed in the header magic number section(in case it was truncated). See scripts/rpmdiff for an example of sanity checking