Re: Hash database
On Sat, Apr 09, 2005 at 04:16:27PM +0200, Raffaele D'Elia wrote:
> Unfortunatly not. I want to verify each file installed using .deb's
> against the md5sum written inside the .deb itself.
> Debsum does this storing the hashes locally. I want the same control
> over a central db, independent from the machine I'm running debsums on.
You could extract the checksums from a set of existing .deb packages
with a simple script (example below), then put the generated file
containing all md5sums onto some shared, read-only location, and verify
whatever machine's installed files against this checksum "database".
Here's a sample script for you to get started:
#!/bin/sh
srcdir=/var/cache/apt/archives
tmpdir=/tmp/md5sums/DEBIAN
targetfile=./md5sums.all
rm -f $targetfile
for deb in $srcdir/*.deb ; do
rm -rf $tmpdir
mkdir -p $tmpdir
dpkg-deb -e $deb $tmpdir
if [ -f $tmpdir/md5sums ] ; then
cat $tmpdir/md5sums >>$targetfile
else
echo No md5sums for $deb!
fi
done
After adjusting paths and running this, you should have a file
md5sums.all. To verify against it, cd to / (all filenames associated
with the checksums are relative to /), and run md5sum:
# cd / ; md5sum -c /path/to/md5sums.all
For every mismatch, you'll get "md5sum: MD5 check failed for ...".
In case there are packages missing md5sums files (does happen), you
can generate them with "debsums --generate", and grab them from
/var/lib/dpkg/info/*.md5sums (IIRC).
Is that closer to what you want? :)
Almut
Reply to: