I had to download few rpm packages, some of these packages are provided with checksums, what are they for ? Are they necessary to have the rpm installed ?
The checksums are used to make sure you downloaded the complete file and or wasn't modified by a third party or a bad connection.
Many sites that host files will also host a checksum file that it can be compared against. To run that comparison for, say, an md5 checksum you could do the following:
Given downloaded.file
is the downloaded file, and you have a checksum (file.md5) file that looks like this
8ead7f214e53482b06ef82727d8ba4e4 downloaded.file
You would run
md5sum -c file.md5
The output would be
downloaded.file: OK
if the file has a matching sum. If the sum is not matching, you know that the file that you received is not the same as the file that the host intended. Whether it's malicious or not, you know you need to retry your download.