On Mon, Sep 18, 2000 at 08:18:39AM -0300, Mario Olimpio de Menezes wrote: > On Sun, 17 Sep 2000, Michael S. Fischer wrote: > > > Can someone please tell me how to use the Debian packaging tools to > > scan a system for changed files based on the md5sums contained in the > > .debs? > > I've used a simple for bash, like this: > > for F in `ls /var/lib/dpkg/info/*md5sums`; do md5sum -c $F; done debsums is a simpler then that ;-) [eb@socrates eb]$ debsums yaboot usr/sbin/ybin OK usr/sbin/ofpath OK usr/lib/yaboot/yaboot OK usr/lib/yaboot/ofboot OK [...] or omit the package name and it verifies all packages. (that have md5sums) > this work for all packages that have a md5sums file in info directory. this is a problem since lots don't > BTW, is there a official repository for md5sum files? I asking because > if I get cracked, how can I trust the md5sum files from my machine? if you get cracked you cant trust anything even md5sum or the kernel or anything. > I think it would be good if debian site has a page/link so that we can > dnld all md5sum files from a trusted source and check against our files. what i think would be cool is if dpkg had a tripwire function built in, so when you install new packages or upgrade at the end you could enter a GPG passphrase and have the md5s signed. (not foolproof i know but no less then tripwire or aide) even better use something like sha1 or ripmd160 (something like that). OpenBSD ports come with all 3 hashs. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpjVBJANpoLZ.pgp
Description: PGP signature