Re: Can I check packages integrity with debsums on sums check failed DVDs?
- To: debian-user@lists.debian.org
- Subject: Re: Can I check packages integrity with debsums on sums check failed DVDs?
- From: Sthu Deus <sthu.deus@gmail.com>
- Date: Fri, 25 Dec 2009 20:54:04 +0700
- Message-id: <[🔎] 4b34fe8e.0710660a.14be.76e3@mx.google.com>
- In-reply-to: <200907161258.14503.bss@iguanasuicide.net>
- References: <4a5cba7b.25c0100a.48c5.567f@mx.google.com> <4A5CDF14.6090501@physik.blm.tu-muenchen.de> <4a5f5d95.06e2660a.6fbc.4d1b@mx.google.com> <200907161258.14503.bss@iguanasuicide.net>
Thank You for Your time and answer, (sorry for long reply) Boyd:
>Depends on how you got the package. There is a "chain of trust" between
>your apt keyring and the package contents. The Release and Packages files
>have detached signatures, which APT verifies to ensure they are trusted and
>not corrupt. The Packages file contains multiple hashes for each .deb
>package, which APT verifies to ensure they are trusted and not corrupt. The
>.deb package might contain a .debsums file. If not .debsums can be
>generated locally.
When does apt checks the package integrity: at download or at install moment? - If at install moment - then can I download w/ the help of wget and then put into apt's package dir. so that it will install as if it was retrieved by apt but not installed. Or apt will suppose id a package is there- then it is verified already and will not test its integrity?
The, at the time of checking apt relies on keyring, then it generates checksums - why do I need them, if apt already has checked the package?
Reply to: