[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-diff: a tool to diff filesystem content against APT

On Thu, Dec 9, 2010 at 11:12 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> Osamu Aoki <osamu@debian.org> writes:
>
>> On Fri, Dec 10, 2010 at 12:06:45AM +0900, Osamu Aoki wrote:
>>> Hi,
>>>
>>> On Wed, Dec 08, 2010 at 12:52:28PM -0800, Tristan Schmelcher wrote:
>>> > On Tue, Dec 7, 2010 at 11:30 PM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
>>> > > Tristan Schmelcher <tristan.schmelcher@gmail.com> writes:
>>> > >>> how does it deal with configurations generated in postinstall?
>>> > I find debsums to be too basic for my needs. apt-diff is my attempt to
>>> > improve upon it. I often want to answer the question "how does package
>>> > X on my machine compare to a pristine installation?" debsums only
>>> > gives part of the answer. It can't check files that are missing
>>> > md5sums (which includes a lot of conffiles)
>>                                      ~~~~~~~~~
>>> Wrong.
>>
>> OOps..  I now see your point.  Sorry.
>>
>>> If you configure debsum correctly following manpage, md5sums are
>>> available for all packages.  Use -g option to initialize it and make
>>> sure to set the debconf boolean value debsums/apt-autogen to be "true".
>>> I understand that this is an exra hussle.
>>
>> This is talking about files missing md5sums due to packaging practice of
>> the maintainer.  conffiles are not debsums interest.
>
> Does debsums support ucf? Can it support ucf?
>
> What I mean is that often generated conffiles are installed with ucf and
> ucf keeps track of the original generated checksum and the possibly
> localy modified file and such. Does/could debsums tap into that info to
> find generated conffiles that were changed?

It would be pretty easy to tap into--the md5sums are all in
/var/lib/ucf/hashfile and it's already in the format used by md5sum
-c. But that still leaves a lot to be desired. On my machine there are
only 26 entries in that file, whereas there are 1663 conffiles without
md5sums.* As far as I know there's no metadata available to check the
integrity of those files--they have to be compared to the original
files in the .deb as apt-diff does.

*As determined by this script:

for file in /var/lib/dpkg/info/*.conffiles; do
  for line in $(cat $file); do
    line=$(sed -r 's/^\///' <<<$line)
    md5sums=$(sed -r 's/conffiles/md5sums/' <<<$file)
    if ! grep -qF $line $md5sums; then
      echo $line
    fi
  done
done | wc

>
>> By the way, etckeeper is the way to track /etc history to me.  Some
>> conffile are generated by postinst.  So not all files in /etc are in
>> package as file.
>>
>>> Making this easy is step in right direction as long as it is written in
>>> effective way.  (In order to improve debsum, we should know it well.
>>> Debsum tries to avoid downloading package as much as possible.
>>
>> Osamu)
>
> MfG
>        Goswin
>
Reply to: