minor
This commit is contained in:
parent
4b20841d6e
commit
fdf52868cc
@ -749,11 +749,41 @@ ERC settings: `smartctl -l scterc /dev/sda` or setting `smartctl -l scterc,150,1
|
||||
- https://man7.org/linux/man-pages/man8/integritysetup.8.html
|
||||
|
||||
|
||||
## pacman based integrity check
|
||||
```
|
||||
pacutils: sudo paccheck --md5sum --quiet
|
||||
AUR: sudo check-pacman-mtree.lua -a
|
||||
```
|
||||
|
||||
## apt based integrity check
|
||||
<!--
|
||||
(https://askubuntu.com/posts/891158/timeline)
|
||||
|
||||
For checking the integrity of an individual file in a package against the repositories, there's no easy way short of downloading the package. The repositories typically provide these files:
|
||||
|
||||
* `Release{,.gpg}`, `InRelease` \- these provide the hashes of the `Packages` files.
|
||||
* The `Packages` file provides hashes of the packages.
|
||||
* The `Contents` file, where present, provides filelists of packages.
|
||||
|
||||
There's no file which provides the hashes of individual files - these are contained in the packages (`DEBIAN/md5sums` in the `control` archive).
|
||||
|
||||
So, if you don't trust the local system:
|
||||
|
||||
1. You'll have to download the `Contents` file (if available).
|
||||
2. Match the file to the package using that file and download the package.
|
||||
3. Then use the `md5sums` to verify the file.
|
||||
|
||||
If a `Contents` file is not available, and you don't trust the local system, have fun downloading _every_ package to see what provided the file.
|
||||
|
||||
This does not scale.
|
||||
-->
|
||||
|
||||
```
|
||||
#!/usr/bin/bash
|
||||
|
||||
sed -n '/Conffiles/,/Description/p' /var/lib/dpkg/status | grep -v Conffiles | grep -v Description | awk '{print $2 " " $1}' > dpkg_hash.md5sum
|
||||
md5sum -c --quiet dpkg_hash.md5sum
|
||||
echo $?
|
||||
debsums
|
||||
```
|
||||
At least this gets you a step in front of someone.
|
Loading…
Reference in New Issue
Block a user