Package verification ? (Best practice)
Hmmm...
On Sun, Oct 05, 2003 at 09:38:30AM +1000, Brian May wrote:
> On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien Ninoles wrote:
> > Although your proposition seems more complete, have you try
> > debsums and checksecurity? debsums with the following
> > feature in /etc/apt/apt.conf
> >
> > DPkg::Post-Invoke {
> > "debsums --generate=nocheck -sp /var/cache/apt/archives";
> > };
> >
> > Can be very handy in creating md5sums (BTW, I think it's a bug
> > against policy to include md5sums in control files).
>
> Is there some way you can do the same thing for packages installed with
> dpkg only and without apt-get? The apt-get layer would appear to be the
> wrong layer for this task IMHO.
Very true.
By the way(thus changing title), the equivalent for above less
interesting but still very good trick, I recommended:
6.4.13 Verify installed package files
debsums enables verification of installed package files against MD5
checksums. Some packages do not have available MD5 checksums. A possible
temporary fix for sysadmins:
# cat >>/etc/apt/apt.conf.d/90debsums
DPkg::Post-Install-Pkgs {"xargs /usr/bin/debsums -sg";};
^D
per Joerg Wendland joergland@debian.org (untested).
This one is better since it will be more compatible package upgrade by using
apt.conf.d/ . But "-p" option maybe needed. "--generate=nocheck" seems good idea.
Post-Install-Pkgs with xargs
Post-Install without xargs
I do not know which is better.
Anyone have better suggestion?
(Maybe adding "apt-get --reinstall -d install `debsums -l`" trick is
also needed.)
Osamu
PS: Full section of above quote is available as:
http://www.debian.org/doc/manuals/reference/ch-package.en.html#s-debsums
Reply to: