[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Verification?

Colin Watson wrote:
> On Wed, May 08, 2002 at 12:10:45PM -0400, Joey Hess wrote:
> > Colin Watson wrote:
> > > Of course, this doesn't help you if a cracker alters
> > > /var/lib/dpkg/info/*.md5sums - but it sounds like 'rpm --verify' has the
> > > same proviso. The debsums(1) man page talks about this under CAVEATS.
> > 
> > Another neat trick you can pull if you have the CD you installed from or
> > a local mirror or something is to yank the tarball out of each deb and
> > use tar to verify it against what's on your disk. There is a simple
> > command line that Jim Dennis came up with to do this, but I've lost it.
> 
> Nifty. This seems to work:
> 
>   dpkg --fsys-tarfile foo.deb | tar -C / -d

Yeah that's the one. Checks permissions, modification times, and file
contents.

-- 
see shy jo


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: