Re: Checking for corruption?

[Klee Dienes <klee@mit.edu>]

> Is there a way of checking the per-file checksums (other than using
> adpkg, which I had trouble with before).  I know that not many packages
> include these, but I'd like to check what I can.

The 'debsums' program, included with debmake, can be used to verify
the checksums in /var/lib/dpkg/info/*.md5sums .

Alternately, you can use the programs in the 'dpkgcert' package,
currently in Incoming (and slated for experimental).  The 'dpkgcert'
package can be used to verify a complete debian installation against
an external database of PGP-signed verification certificates (note
that this does not necessarily provide secure verification, as an
attacker could always have tampered with your python installation,
among other things).

There's a certificate database in my home directory on master.  You
can download that (it's about 6M compressed, 23M uncompressed); .  To
verify your system, use the following command:

dpkgcert-verify --index-file certificates.gdbm --installed

[ The large database size is because it contains certificates for all
packages uploaded since February, even obsolete ones.  In theory
there's a mechanism to download only the appropriate certificates
interactively from a database server, but I don't have any machine
available at the moment on which to run the server. ]

If you have any problems or questions, feel free to contact me
directly.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .