[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt archive verification tool

On 13/04/17 22:28, peter green wrote:
On 13/04/17 15:36, peter green wrote:
The census code might be useful as an illustration but I think it
would be better to write a new tool for the purpose.

If the apt repository is managed by reprepro, you can use the checkpool command.
The main reason I want this is checking our historical snapshots are intact.

Unfortunately while these were created by reprepro the reprepro databases were not saved as part of the snapshot. So using checkpool is not an option.

I'm currently hacking together a quick and dirty python script.

Well here it is.


1. The script only looks at sha1 hashes. If there is no sha1 hash for a file it won't be checked.
2. The script relies on having uncompressed Packages and Sources files available and listed in the Release files.
3. It only checks files referenced from the release files. There is no checking of the release files themselves.

If you want to reuse the script you can consider it to be under the zlib License

Reply to: