Bug#187019: more than md5 verification for dpkg [Was: dpkg versus rpm: rpm has --verify]

To: 187019@bugs.debian.org
Subject: Bug#187019: more than md5 verification for dpkg [Was: dpkg versus rpm: rpm has --verify]
From: "Clément \"nodens\" Hermann" <nodens@perso.homelinux.org>
Date: Wed, 29 Oct 2003 04:03:18 +0100
Message-id: <[🔎] 3F9F2DF6.3030109@perso.homelinux.org>
Reply-to: "Clément \"nodens\" Hermann" <nodens@perso.homelinux.org>, 187019@bugs.debian.org

Now that I'm a bit more comfortable with debian, I come back to my oldidea :)

More than md5 information (I agree, I can have that with debsums), rpmkeeps informations about rights, ownership, and modification date offiles (except file generated by postinst scripts, of course).


example applications:

If I had information in the database on what right the file had when itwas installed, I could repair a broken package, and even a whole systemdamaged by a wrong manipulation of chmod (chmod 700 /* for instance).If I had information about modification date, I could know wether apackage has been manually altered after installation, say, by changing abinary file.This can happen when you need something package currently does notprovide. If you start maintainig a system you didn't install or didn'tmaintained before, this information is more than valuable. You know thatyou should be careful with "iproute" package because "tc" binary is notthe one that shipped with the package (replaced by friend or foe)

I had in mind to create a script that could analyze and possibly repair(by modifying rigths/ownership or reinstalling package) a package list,using debsums for retrieving md5 if necessary; but I was frustrated todiscover that nothing in the package database currently give me thisinformation.

This "apt-recover" could work by populating a database on a virtualsystem that install every new package (and eventually remove it afterhaving gathered information it needs), but this would be so neat if wehad permissions/ownership/date for every file in the package, not justfor "dpkg-statoverrided" files. even just permission/ownership would begreat.

The inpact on disk space should not be very sensible. The inpact oninstallation time could be, if this information was gathered duringinstall. If so, we could build this along the package.

Do you think there would be an heavy inpact on dpkg functions if thisinformation where added, in a file that could look like .md5sums file ?


Would it be best to add this at installation or build time ?

Best regards, and please forgive my poor english ;)

Reply to:

Prev by Date: Processed: Re: Bug#198339: #198339: help2man: help2man.postinst fails because "GNU admin" section is missing
Next by Date: Bug#187019: more than md5 verification for dpkg [Was: dpkg versus rpm: rpm has --verify]
Previous by thread: Processed: Re: Bug#198339: #198339: help2man: help2man.postinst fails because "GNU admin" section is missing
Next by thread: Bug#187019: more than md5 verification for dpkg [Was: dpkg versus rpm: rpm has --verify]
Index(es):
- Date
- Thread