Thanks guys for the replies, although they weren't what I was looking for. I agree that "yum is supposed to do that for me". And it does it well.
However, I needed to prove the below statements to my upper management (who is not technical which is why they want all this).
-The hash/checksum of the libXfont rpm file (not each file the installed, thanks anyway though unSpawn).
-This has to be the rpm file that yum downloaded.
-It has to match the hash/checksum that the vendor gives.
I talked to Red Hat, they gave me an interesting solution, so I figured I'd share it. The biggest problem I had with management is proving to them that the hash/checksum of the rpm file I was looking 'was in fact the exact file that yum downloaded' (even though we all know yum does that for us, management wanted to see the checksum values).
Red Hat told me that when you install a package via yum, yum does download an rpm, then validates its hash/checksum, installs the package, updates the yumdb, then removes the rpm. So I was like...great, so the rpm file is removed, how can I get the hash for that file.
I asked if I could somehow 'query that yum db' they mentioned to get the hash/checksum of the rpm file that was used and they said yes.
Here is what they recommended for my situation (and I agree it is redundant to prove to someone what yum already proves, but anyway):
1. Query the package to get the name
# rpm -q libXfont
libXfont-1.4.5-2.el6.x86_64
2. Download the file that yum will download when using the yum upgrade command (this was key for me):
# yumdownloader $result_from_one_above
...
Loaded plugins: product-id, refresh-packagekit, rhnplugin
This system is receiving updates from RHN Classic or RHN Satellite.
libXfont-1.4.5-2.el6.x86_64.rpm
3. Now validate via sha256 (or whatever checksum type you want) of the rpm file in step 2
# sha256sum libXfont-1.4.5-2.el6.x86_64.rpm
9be0c46a152aef5b8b64e2b17cf01b1c62ede2f0f6fa68a5b91b34dcd7bccd69 libXfont-1.4.5-2.el6.x86_64.rpm
4. Now query the db (that yum updates) for the hash/checksum of the rpm package that yum installed (this was the other key for me):
# yumdb info libXfont
libXfont-1.4.5-2.el6.x86_64
changed_by = 500
checksum_data = 9be0c46a152aef5b8b64e2b17cf01b1c62ede2f0f6fa68a5b91b34dcd7bccd69
checksum_type = sha256
command_line = update
from_repo = rhel-x86_64-server-6
from_repo_timestamp = 1381166124
installed_by = 4294967295
reason = dep
releasever = 6Server
checksum_data = 9be0c46a152aef5b8b64e2b17cf01b1c62ede2f0f6fa68a5b91b34dcd7bccd69
9be0c46a152aef5b8b64e2b17cf01b1c62ede2f0f6fa68a5b91b34dcd7bccd69
This was what yum upgrade already does, I know. But I had to prove that what yum installed had the same checksum as the rpm that Red Hat provided for a patch. They basically were going to force me to download rpms and install manually instead of using yum...gotta love management.
Hope this helps clarify what I needed and helps someone in the future.