Re: How to verify package integrity after they have been downloaded?
"Alexander Konovalenko" <alexkon@gmail.com> writes:
> I would like to verify that some .deb files I downloaded a while ago
> (using apt) haven't been tampered with. (Actually, I'll be doing this
> kind of thing more than once.) I have the appropriate Release,
> Release.gpg and Packages files.
>From the top of my head:
grep-dctrl "" -s Filename,Size,MD5sum dists/lenny/*/binary-*/Packages \
| paste -s -d" \n"
| while read FILE SIZE MD5SUM; do
NAME=$(basename $FILE | cut -d_ -f1)
VER=$(basename $FILE | cut -d_ -f2)
ARCH=$(basename $FILE | cut -d_ -f3)
find dir/with/debs -name ${NAME}_*${VER}_${ARCH} \
| while read F; do
MD5=$(md5sum $F | cut -b-32)
S=$(wc -c < $F)
if ! [ $MD5SUM = $MD5 ]; then
echo MD5sum mismatch in $F
fi
if ! [ $SIZE = $S ]; then
echo Size mismatch in $F
fi
done
done
MfG
Goswin
Reply to: