How to verify that package-installed files match originals?
Solution 1
One way to accomplish this is to use the command debsums
.
$ debsums <package>
Example
$ debsums xz-utils
/usr/bin/lzmainfo OK
/usr/bin/xz OK
/usr/bin/xzdiff OK
/usr/bin/xzgrep OK
/usr/bin/xzless OK
/usr/bin/xzmore OK
/usr/share/doc/xz-utils/NEWS.Debian.gz OK
/usr/share/doc/xz-utils/README.Debian OK
/usr/share/doc/xz-utils/README.gz OK
/usr/share/doc/xz-utils/copyright OK
/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash OK
/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c OK
/usr/share/doc/xz-utils/faq.txt.gz OK
/usr/share/doc/xz-utils/history.txt.gz OK
/usr/share/man/man1/lzmainfo.1.gz OK
/usr/share/man/man1/xz.1.gz OK
/usr/share/man/man1/xzdiff.1.gz OK
/usr/share/man/man1/xzgrep.1.gz OK
/usr/share/man/man1/xzless.1.gz OK
/usr/share/man/man1/xzmore.1.gz OK
Solution 2
You can use
dpkg -V <package>
I test it and it works also on configuraton files.
After modifying /etc/iceweasel/profile/bookmarks.html
and running dpkg -V iceweasel
, I obtain the following output
??5?????? c /etc/iceweasel/profile/bookmarks.html
Note that only modified files are displayed and according to the dpkg man page, the output format is similar to rpm
.
Related videos on Youtube
user
Updated on September 18, 2022Comments
-
user over 1 year
Let's say I have an installed, working and up-to-date system, and want to verify that all package-installed files on it are the same as those packaged by the respective package maintainer.
In effect, I want a list of files that are somehow different between what I have installed "now" and what I would get if I were to reinstall using the same set of packages on a blank system. Short of actually reinstalling and comparing the outcome, how would I generate such a list of files?
I realize that some differences (configuration files, for example) are to be expected, but that's okay.
I'm primarily interested in Debian Wheezy, but a good answer would explore a solution that works with any reasonably modern Linux distribution based around the same package management infrastructure (apt, dpkg and friends).
-
slm almost 10 yearsPossibly related: unix.stackexchange.com/questions/72746/…
-
user almost 10 years@slm unix.stackexchange.com/a/72778/2465 does have something that I could probably adapt, too. Thanks for that pointer.
-
-
user almost 10 yearsNot precisely what I was hoping for because not all files actually have stored checksums, but this does seem to get me reasonably close at least:
dpkg -l | awk '/^ii/ { print $2 }' | xargs debsums | grep -vE 'OK$'
It's worth noting that debsums reads locally stored checksums; that is not a problem if you're only concerned about accidental corruption, but potentially a problem if you're concerned about an active, intelligent attacker. -
slm almost 10 years@MichaelKjörling - I did not research further but would be very surprised if
dpkg
didn't offer a facility to do this too. In my cursory searches I did not turn up anything though. RPM does offer a check and as is the case both RPM anddpkg
generally are on par with each other.