Debian – How to verify that package-installed files match originals

aptdebiandpkgintegrity

Let's say I have an installed, working and up-to-date system, and want to verify that all package-installed files on it are the same as those packaged by the respective package maintainer.

In effect, I want a list of files that are somehow different between what I have installed "now" and what I would get if I were to reinstall using the same set of packages on a blank system. Short of actually reinstalling and comparing the outcome, how would I generate such a list of files?

I realize that some differences (configuration files, for example) are to be expected, but that's okay.

I'm primarily interested in Debian Wheezy, but a good answer would explore a solution that works with any reasonably modern Linux distribution based around the same package management infrastructure (apt, dpkg and friends).

Best Answer

One way to accomplish this is to use the command debsums.

$ debsums <package>

Example

$ debsums xz-utils
/usr/bin/lzmainfo                                                             OK
/usr/bin/xz                                                                   OK
/usr/bin/xzdiff                                                               OK
/usr/bin/xzgrep                                                               OK
/usr/bin/xzless                                                               OK
/usr/bin/xzmore                                                               OK
/usr/share/doc/xz-utils/NEWS.Debian.gz                                        OK
/usr/share/doc/xz-utils/README.Debian                                         OK
/usr/share/doc/xz-utils/README.gz                                             OK
/usr/share/doc/xz-utils/copyright                                             OK
/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash                            OK
/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c                             OK
/usr/share/doc/xz-utils/faq.txt.gz                                            OK
/usr/share/doc/xz-utils/history.txt.gz                                        OK
/usr/share/man/man1/lzmainfo.1.gz                                             OK
/usr/share/man/man1/xz.1.gz                                                   OK
/usr/share/man/man1/xzdiff.1.gz                                               OK
/usr/share/man/man1/xzgrep.1.gz                                               OK
/usr/share/man/man1/xzless.1.gz                                               OK
/usr/share/man/man1/xzmore.1.gz                                               OK

Related Solutions

Debian – How to install Debian package with file extension .deb

As pointed out in the comments, if that's an exact quote of what you're typing to try to install it you're making a typo:

sudo dkpg -i file.deb

won't work, but

sudo dpkg -i file.deb

will.

Spelling is not optional when it comes to the command line.

Debian – How to List Installed Packages with Source URI, Distribution, and Section

As well as apt-cache policy, described in Braiam's answer, you can use apt-show-versions and apt-forktracer.

apt-show-versions by default will list all installed packages with the suite they come from, their version and whether they can be upgraded; for example

afl:amd64/experimental *manually* upgradeable from 1.28b-1 to 1.36b-1
agedu:amd64/testing 9723-1 uptodate
devio:armhf 1.2-1 installed: No available version in archive

With the -a option it lists the installed version and all available versions in all the repositories you have configured:

afl:amd64 1.28b-1 install ok installed
No stable version
No testing version
No unstable version
afl:amd64 1.36b-1 experimental ftp.fr.debian.org
afl:amd64/experimental *manually* upgradeable from 1.28b-1 to 1.36b-1
agedu:amd64 9723-1 install ok installed
No stable version
agedu:amd64 9723-1 testing  ftp.fr.debian.org
agedu:amd64 9723-1 unstable ftp.fr.debian.org
No experimental version
agedu:amd64/testing 9723-1 uptodate

apt-forktracer lists the packages which don't come from the standard repositories or whose installed version doesn't match those available in the standard repositories:

afl (1.28b-1) [Debian: 1.36b-1]
bb (1.3rc1-8.2) [Debian: 1.3rc1-8.1+b1 1.3rc1-8.1+b1]
biew (5.7.3.1-0.1) [SK2: 5.7.3.1-0.1]

Best Answer

Example

Related Solutions

Debian – How to install Debian package with file extension .deb

Debian – How to List Installed Packages with Source URI, Distribution, and Section

Related Question