8

Let's say I have an installed, working and up-to-date system, and want to verify that all package-installed files on it are the same as those packaged by the respective package maintainer.

In effect, I want a list of files that are somehow different between what I have installed "now" and what I would get if I were to reinstall using the same set of packages on a blank system. Short of actually reinstalling and comparing the outcome, how would I generate such a list of files?

I realize that some differences (configuration files, for example) are to be expected, but that's okay.

I'm primarily interested in Debian Wheezy, but a good answer would explore a solution that works with any reasonably modern Linux distribution based around the same package management infrastructure (apt, dpkg and friends).

user
  • 28,161
  • 13
  • 75
  • 138
  • Possibly related: http://unix.stackexchange.com/questions/72746/get-diff-changes-between-original-files-installed-with-apt-and-current-files – slm May 31 '14 at 23:57
  • @slm http://unix.stackexchange.com/a/72778/2465 does have something that I could probably adapt, too. Thanks for that pointer. – user Jun 01 '14 at 14:34

2 Answers2

6

You can use

dpkg -V <package>

I test it and it works also on configuraton files.

After modifying /etc/iceweasel/profile/bookmarks.html and running dpkg -V iceweasel, I obtain the following output

??5?????? c /etc/iceweasel/profile/bookmarks.html

Note that only modified files are displayed and according to the dpkg man page, the output format is similar to rpm.

Ortomala Lokni
  • 4,665
  • 3
  • 31
  • 58
5

One way to accomplish this is to use the command debsums.

$ debsums <package>

Example

$ debsums xz-utils
/usr/bin/lzmainfo                                                             OK
/usr/bin/xz                                                                   OK
/usr/bin/xzdiff                                                               OK
/usr/bin/xzgrep                                                               OK
/usr/bin/xzless                                                               OK
/usr/bin/xzmore                                                               OK
/usr/share/doc/xz-utils/NEWS.Debian.gz                                        OK
/usr/share/doc/xz-utils/README.Debian                                         OK
/usr/share/doc/xz-utils/README.gz                                             OK
/usr/share/doc/xz-utils/copyright                                             OK
/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash                            OK
/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c                             OK
/usr/share/doc/xz-utils/faq.txt.gz                                            OK
/usr/share/doc/xz-utils/history.txt.gz                                        OK
/usr/share/man/man1/lzmainfo.1.gz                                             OK
/usr/share/man/man1/xz.1.gz                                                   OK
/usr/share/man/man1/xzdiff.1.gz                                               OK
/usr/share/man/man1/xzgrep.1.gz                                               OK
/usr/share/man/man1/xzless.1.gz                                               OK
/usr/share/man/man1/xzmore.1.gz                                               OK
slm
  • 363,520
  • 117
  • 767
  • 871
  • 1
    Not precisely what I was hoping for because [not all files actually have stored checksums](http://serverfault.com/a/322554/58408), but this does seem to get me reasonably close at least: `dpkg -l | awk '/^ii/ { print $2 }' | xargs debsums | grep -vE 'OK$'` It's worth noting that debsums reads locally stored checksums; that is not a problem if you're only concerned about accidental corruption, but potentially a problem if you're concerned about an active, intelligent attacker. – user Jun 01 '14 at 14:33
  • @MichaelKjörling - I did not research further but would be very surprised if `dpkg` didn't offer a facility to do this too. In my cursory searches I did not turn up anything though. RPM does offer a check and as is the case both RPM and `dpkg` generally are on par with each other. – slm Jun 01 '14 at 14:37