tags 261123 patch tags 191840 patch tags 210970 patch tags 149029 patch severity 189116 normal merge 189116 149029 thanks
Attached is a proposed consolidated patch that should fix all of these issues. I'm considering NMUing this package with the above fixes (and probably #266573 too). Any concerns with this? Maintainer, what is your opinion on bug #231537, can the patch provided be applied safely? Regards Javier
diff -Nru debsums-2.0.13/debian/changelog debsums-2.0.13.1/debian/changelog
--- debsums-2.0.13/debian/changelog 2004-12-05 19:41:51.000000000 +0100
+++ debsums-2.0.13.1/debian/changelog 2005-01-29 16:08:46.000000000 +0100
@@ -1,3 +1,14 @@
+debsums (2.0.13.1) unstable; urgency=low
+
+ * Will not warn on locale purged files if /etc/locale.nopurge
+ exists, unless --no-locale-purge is given (Closes: #149029)
+ * Print full path when printing file paths (Closes: #210970)
+ * Document that the manpage example will not work for CD-ROM and
+ local sources, see #191840
+ * Added an option to check only configuration files (Closes: #261123)
+
+ -- Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> Sat, 29 Jan 2005
15:40:13 +0100
+
debsums (2.0.13) unstable; urgency=low
* Add template translation [nl] from Luk Claes (closes: #274903).
diff -Nru debsums-2.0.13/debian/debsums/DEBIAN/config
debsums-2.0.13.1/debian/debsums/DEBIAN/config
--- debsums-2.0.13/debian/debsums/DEBIAN/config 1970-01-01 01:00:00.000000000
+0100
+++ debsums-2.0.13.1/debian/debsums/DEBIAN/config 2004-07-24
10:47:56.000000000 +0200
@@ -0,0 +1,6 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+db_input low debsums/apt-autogen || true
+db_go || true
diff -Nru debsums-2.0.13/debian/debsums/DEBIAN/control
debsums-2.0.13.1/debian/debsums/DEBIAN/control
--- debsums-2.0.13/debian/debsums/DEBIAN/control 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/DEBIAN/control 2005-01-29
16:08:52.000000000 +0100
@@ -0,0 +1,12 @@
+Package: debsums
+Version: 2.0.13.1
+Section: admin
+Priority: optional
+Architecture: all
+Depends: perl (>= 5.8.0-3), debconf (>= 0.5) | debconf-2.0
+Installed-Size: 128
+Maintainer: Brendan O'Dea <[EMAIL PROTECTED]>
+Description: Verify installed package files against MD5 checksums.
+ debsums can verify the integrity of installed package files against
+ MD5 checksums installed by the package, or generated from a .deb
+ archive.
diff -Nru debsums-2.0.13/debian/debsums/DEBIAN/md5sums
debsums-2.0.13.1/debian/debsums/DEBIAN/md5sums
--- debsums-2.0.13/debian/debsums/DEBIAN/md5sums 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/DEBIAN/md5sums 2005-01-29
16:08:52.000000000 +0100
@@ -0,0 +1,10 @@
+693f3de8ab3c7a9281f86a34c59715f4 usr/bin/debsums
+357fbe935eac64e1c5bf04f00fec2fd6 usr/sbin/debsums_gen
+780749677ed79e5ebb9e2be74e48d518 usr/share/doc/debsums/README
+c32810ab8affebcaf872b18dd179456a usr/share/doc/debsums/copyright
+7a180f2d764a2a38ca281290ddaf26f8 usr/share/doc/debsums/changelog.gz
+38738fe95fe22160cc6cd76effc111ba usr/share/man/man1/debsums.1.gz
+c085662760b08657662a39f39bccbe15 usr/share/man/fr/man1/debsums.1.gz
+8ae06754dbb460197dd938146d3b0b04 usr/share/man/pt_BR/man1/debsums.1.gz
+6956c6284172e87337a98f12868527f3 usr/share/man/pt_BR/man8/debsums_gen.8.gz
+9071b9cc29ebea68f1c9d7c084c85c62 usr/share/man/man8/debsums_gen.8.gz
diff -Nru debsums-2.0.13/debian/debsums/DEBIAN/postinst
debsums-2.0.13.1/debian/debsums/DEBIAN/postinst
--- debsums-2.0.13/debian/debsums/DEBIAN/postinst 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/DEBIAN/postinst 2005-01-29
16:08:52.000000000 +0100
@@ -0,0 +1,13 @@
+#!/bin/sh -e
+
+APT_CONF=/etc/apt/apt.conf.d/90debsums
+
+. /usr/share/debconf/confmodule
+db_get debsums/apt-autogen
+
+if [ "$RET" = true ];
+then
+ echo 'DPkg::Post-Invoke { "if [ -x /usr/bin/debsums ]; then
/usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi"; };'
>$APT_CONF
+else
+ rm -f $APT_CONF
+fi
diff -Nru debsums-2.0.13/debian/debsums/DEBIAN/postrm
debsums-2.0.13.1/debian/debsums/DEBIAN/postrm
--- debsums-2.0.13/debian/debsums/DEBIAN/postrm 1970-01-01 01:00:00.000000000
+0100
+++ debsums-2.0.13.1/debian/debsums/DEBIAN/postrm 2005-01-29
16:08:52.000000000 +0100
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+APT_CONF=/etc/apt/apt.conf.d/90debsums
+
+rm -f $APT_CONF
+
+# Automatically added by dh_installdebconf
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_purge
+fi
+# End automatically added section
+
diff -Nru debsums-2.0.13/debian/debsums/DEBIAN/templates
debsums-2.0.13.1/debian/debsums/DEBIAN/templates
--- debsums-2.0.13/debian/debsums/DEBIAN/templates 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/DEBIAN/templates 2005-01-29
16:08:52.000000000 +0100
@@ -0,0 +1,39 @@
+Template: debsums/apt-autogen
+Type: boolean
+Default: true
+Description: Should debsum files be automatically generated by apt-get?
+ Not all packages contain debsum information as is. However, debsums can
+ be installed so that apt will automatically generate debsum files of
+ installed packages. This may be useful for checking system integrity
+ later, though it should not be relied on as a security measure.
+Description-da.ISO-8859-1: Skal apt-get generere debsum-filer automatisk?
+ Ikke alle pakker indeholder debsum-oplysninger. Dog kan debsums
+ installeres således at apt automatisk vil generere debsum-filer for
+ installerede pakker. De kan være nyttige til senere at tjekke systemets
+ integritet, selvom man ikke bør stole på dem som en
+ sikkerhedsforanstaltning.
+Description-fr.ISO-8859-15: Les fichiers debsums doivent-ils être créés
automatiquement par apt-get ?
+ Tous les paquets ne contiennent pas d'information debsum (somme de
+ contrôle Debian) comme ils le devraient. Cependant, le paquet « debsums »
+ peut être installé de façon à ce qu'apt génère automatiquement les
+ fichiers debsum des paquets installés. Cela peut être utile par la suite
+ pour vérifier l'intégrité du système mais le paquet debsums ne constitue
+ pas par lui-même un outil de sécurité.
+Description-it.ISO-8859-15: I file debsum devono essere creati automaticamente
da apt-get?
+ Non tutti i pacchetti contengono le informazioni debsum però se debsums è
+ installato allora è possibile creare automaticamente i file debsum dei
+ pacchetti installati. Questi file possono essere utili in seguito per
+ controllare l'integrità del sistema anche se non devono essere scambiati
+ per una misura di sicurezza.
+Description-ja.EUC-JP: apt-get ¤Ë¤è¤Ã¤Æ debsum
¥Õ¥¡¥¤¥ë¤¬¼«Æ°Åª¤ËÀ¸À®¤µ¤ì¤ë¤è¤¦¤Ë¤·¤Þ¤¹¤«?
+ Á´¤Æ¤Î¥Ñ¥Ã¥±¡¼¥¸¤¬¤½¤Î¤Þ¤Þ debsum
+ ¾ðÊó¤ò´Þ¤ó¤Ç¤¤¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢debsums
+ ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤ë¤Î¤Ç¡¢apt ¤Ï¼«Æ°Åª¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¥Ñ¥Ã¥±¡¼¥¸¤Î
+ debsum
+
¥Õ¥¡¥¤¥ë¤òÀ¸À®¤Ç¤¤Þ¤¹¡£¤³¤ì¤Ï¡¢¸å¤Û¤É¥·¥¹¥Æ¥à¤Î´°Á´À¤ò¥Á¥§¥Ã¥¯¤¹¤ë¤Î¤Ë¤ÏÌòΩ¤Ä¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢¥»¥¥å¥ê¥Æ¥£Âкö¤È¤·¤ÆÅö¤Æ¤Ë¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+Description-nl.ISO-8859-15: Moeten de debsum-bestanden automatisch aangemaakt
worden door apt-get?
+ Niet alle pakketten bevatten debsum-informatie. Echter, debsums kan zo
+ geïnstalleerd worden dat apt automatisch debsum-bestanden zal aanmaken van
+ geïnstalleerde pakketten. Dit kan nuttig zijn voor latere
+ integriteitscontrole van het systeem, hoewel het niet mag beschouwd worden
+ als een veiligheidsmaatregel.
diff -Nru debsums-2.0.13/debian/debsums/usr/bin/debsums
debsums-2.0.13.1/debian/debsums/usr/bin/debsums
--- debsums-2.0.13/debian/debsums/usr/bin/debsums 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/usr/bin/debsums 2005-01-29
16:08:51.000000000 +0100
@@ -0,0 +1,538 @@
+#! /usr/bin/perl -w
+
+# $Id: debsums.in,v 1.8 2004/07/24 08:47:55 bod Exp $
+
+#
+# Check installed files against package md5sums or debs.
+#
+
+use strict;
+use File::Find 'find';
+use File::Temp 'tempdir';
+use File::Path 'rmtree';
+use File::Copy 'copy';
+use Getopt::Long qw/:config bundling/;
+use Digest::MD5;
+
+(my $self = $0) =~ s!.*/!!;
+my $version = <<EOT;
+$self 2.0.13.1
+
+Copyright (c) 2002 Brendan O'Dea <[EMAIL PROTECTED]>
+This is free software, licensed under the terms of the GNU General Public
+License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE.
+
+Written by Brendan O'Dea <[EMAIL PROTECTED]>, based on a program by
+Christoph Lameter <[EMAIL PROTECTED]> and Petr Cech <[EMAIL PROTECTED]>.
+EOT
+
+my $help = <<EOT;
+$self checks the MD5 sums of installed debian packages.
+
+Usage: $self [OPTIONS] [PACKAGE|DEB] ...
+
+Options:
+ -a, --all check configuration files (normally excluded)
+ -e, --config check only configuration files
+ -c, --changed report changed files (implies -s)
+ -l, --list-missing list packages which don't have an md5sums file
+ -s, --silent only report errors
+ -m, --md5sums=FILE read list of deb checksums from FILE
+ -r, --root=DIR root directory to check (default /)
+ -d, --admindir=DIR dpkg admin directory (default /var/lib/dpkg)
+ -p, --deb-path=DIR[:DIR...] search path for debs
+ -g, --generate=[all][,keep[,nocheck]]
+ generate md5sums from deb contents
+ --no-locale-purge warn on locale files even if locale-purge is used
+ --help print this help, then exit
+ --version print version number, then exit
+EOT
+
+my $gen_opt;
+GetOptions (
+ 'a|all' => \my $all,
+ 'e|config' => \my $config,
+ 'c|changed' => \my $changed,
+ 'l|list-missing' => \my $missing,
+ 's|silent' => \my $silent,
+ 'm|md5sums=s' => \my $md5sums,
+ 'r|root=s' => \my $root,
+ 'd|admindir=s' => \my $admindir,
+ 'p|deb-path=s' => \my $debpath,
+ 'generate=s' => \$gen_opt,
+ 'nolocalepurge' => \my $nolocalepurge,
+ g => sub { $gen_opt = 'missing' },
+ help => sub { print $help; exit },
+ version => sub { print $version; exit },
+) or die "Try `$self --help' for more information.\n";
+
+$root ||= '';
+$admindir ||= '/var/lib/dpkg';
+my $DPKG = $root . $admindir;
+
+my $localepurges = "";
+
+if( -r "/etc/locale.nopurge") {
+ open(LOCALE, "/etc/locale.nopurge");
+ my $line;
+ foreach $line (<LOCALE>) {
+ chop $line;
+ $localepurges .= $line."|" if $line=~ /^[a-z].+/;
+ }
+ close LOCALE;
+ $localepurges =~ s/\|$//;
+}
+
+$silent++ if $changed;
+
+my @debpath = '.';
[EMAIL PROTECTED] = map +(length) ? $_ : '.', split /:/, $debpath, -1 if
$debpath;
+
+my %generate;
+if ($gen_opt)
+{
+ for (split /,/, $gen_opt)
+ {
+ if (/^(missing|all|keep|nocheck)$/)
+ {
+ $generate{$1}++;
+ }
+ else
+ {
+ die "$self: invalid --generate value `$_'\n";
+ }
+ }
+
+ die "$self: --generate values `all' and `missing' are mutually exclusive\n"
+ if $generate{all} and $generate{missing};
+
+ $generate{missing}++ unless $generate{all} or $generate{missing};
+ $generate{keep}++ if $generate{nocheck};
+}
+
+my %installed;
+my %replaced;
+{
+ open STATUS, "$DPKG/status" or die "$self: can't open $DPKG/status ($!)\n";
+ local $/ = '';
+
+ while (<STATUS>)
+ {
+ chomp;
+ my %field = map /^(\S+):\s+(.*)/ms, split /\n(?!\s)/;
+ next unless exists $field{Package}
+ and exists $field{Version}
+ and exists $field{Status}
+ and $field{Status} =~ /\sinstalled$/;
+
+ $installed{$field{Package}}{Version} = $field{Version};
+ $installed{$field{Package}}{Conffiles} = {
+ map m!^\s*/(.*)\s+(.*)!, split /\n/, $field{Conffiles}
+ } if $field{Conffiles};
+
+ next unless exists $field{Replaces};
+ for (split /,\s*/, $field{Replaces})
+ {
+ my ($pack, $ver) = /^(\S+)(?:\s+\(([^)]+)\))?$/;
+ unless ($pack)
+ {
+ warn "$self: invalid Replaces for $field{Package} `$_'\n";
+ next;
+ }
+
+ push @{$replaced{$pack}{$ver || 'all'}}, $field{Package};
+ }
+ }
+
+ close STATUS;
+}
+
+my %diversion;
+for (`/usr/sbin/dpkg-divert --list`)
+{
+ my ($by) = /^(local) diversion/ ? $1 : / by (\S+)$/;
+ $diversion{$1} = [$2, $by]
+ if m!diversion of /(.*) to /(.*?)\s!;
+}
+
+my %debsum;
+if ($md5sums)
+{
+ open F, $md5sums or die "$self: can't open sums file `$md5sums' ($!)\n";
+ while (<F>)
+ {
+ my ($sum, $deb) = split;
+ $debsum{$deb} = $sum;
+ }
+}
+
+my $digest = Digest::MD5->new;
+my $tmp;
+my $status = 0;
+
[EMAIL PROTECTED] = sort keys %installed unless @ARGV;
+
+sub dpkg_cmp
+{
+ my $ver = shift;
+ my ($op, $testver) = split ' ', shift;
+ $op .= '=' if $op =~ /^[<>]$/; # convert old <, >
+ return 0 unless grep $op eq $_, qw/<< <= = => >>/;
+
+ return $op =~ /=/ if $ver eq $testver; # short cut equivalence
+ !system '/usr/bin/dpkg', '--compare-versions', $ver, $op, $testver;
+}
+
+sub is_replaced
+{
+ my ($pack, $path, $sum) = @_;
+
+ unless ($installed{$pack}{ReplacedBy})
+ {
+ return 0 unless $replaced{$pack};
+
+ while (my ($ver, $p) = each %{$replaced{$pack}})
+ {
+ next unless $ver eq 'all'
+ or dpkg_cmp $installed{$pack}{Version}, $ver;
+
+ push @{$installed{$pack}{ReplacedBy}}, @$p;
+ }
+ }
+
+ for my $p (@{$installed{$pack}{ReplacedBy} || []})
+ {
+ open S, "$DPKG/info/$p.md5sums" or next;
+ while (<S>)
+ {
+ if ($_ eq "$sum $path\n")
+ {
+ close S;
+ return 1;
+ }
+ }
+
+ close S;
+ }
+
+ 0;
+}
+
+{
+ my $width = ($ENV{COLUMNS} || 80) - 3;
+ $width = 6 if $width < 6;
+
+ sub check
+ {
+ my ($pack, $path, $sum) = @_;
+
+ $path = $diversion{$path}[0] if exists $diversion{$path}
+ and $diversion{$path}[1] ne $pack;
+
+ unless (open F, "$root/$path")
+ {
+ return 0 if ( ! $nolocalepurge && $localepurges ne ""
+ && ( ($path =~ /^usr\/share\/man\/[^\/]+?\/man[0-9]\// &&
+ $path !~ /^usr\/share\/man\/($localepurges)\/man[0-9]\//
+ ) ||
+ ($path =~ /^usr\/share\/locale\/[^\/]+?\// &&
+ $path !~ /^usr\/share\/locale\/($localepurges)\// )||
+ 0)
+ );
+
+ warn "$self: can't open $pack file $root/$path ($!)\n";
+ return 0;
+ }
+
+ $digest->addfile(\*F);
+ close F;
+
+ my $s = $digest->hexdigest;
+ if ($s eq $sum)
+ {
+ printf "%-*s OK\n", $width, "$root/$path" unless $silent;
+ return 1;
+ }
+
+ if (is_replaced $pack, $path, $s)
+ {
+ printf "%-*s REPLACED\n", $width - 6, "$root/$path" unless $silent;
+ return 1;
+ }
+
+ if ($changed)
+ {
+ print $root, "/", $path, "\n";
+ return 1;
+ }
+
+ if ($silent)
+ {
+ warn "$self: checksum mismatch $pack file $root/$path\n";
+ }
+ else
+ {
+ printf "%-*s FAILED\n", $width - 4, "$root/$path";
+ }
+
+ return 0;
+ }
+}
+
+for (@ARGV)
+{
+ my $sums;
+ my $pack;
+ my $conffiles;
+
+ # looks like a package name
+ unless (/[^a-z\d+.-]/ or /\.deb$/)
+ {
+ $pack = $_;
+ unless (exists $installed{$pack})
+ {
+ warn "$self: package $pack is not installed\n";
+ $status = 1;
+ next;
+ }
+
+ my $deb;
+ if (%generate)
+ {
+ my @v = $installed{$pack}{Version};
+ if ($v[0] =~ s/(\d+):/$1%3a/)
+ {
+ push @v, $installed{$pack}{Version};
+ $v[1] =~ s/\d+://;
+ }
+
+ for my $dir (@debpath)
+ {
+ # look for <pack>_<ver>_<arch>.deb or <pack>_<ver>.deb
+ # where <ver> may or may not contain an epoch
+ if (($deb) = grep -f, map +(glob "$dir/${pack}_$_.deb"),
+ map +("${_}_*", $_), @v)
+ {
+ $deb =~ s!^\./+!!;
+ last;
+ }
+ }
+ }
+
+ if ($generate{all})
+ {
+ unless ($deb)
+ {
+ warn "$self: no deb available for $pack\n";
+ $status = 1;
+ next;
+ }
+
+ $_ = $deb;
+ }
+ else
+ {
+ $sums = "$DPKG/info/$pack.md5sums";
+ unless (-f $sums)
+ {
+ if ($missing)
+ {
+ print "$pack\n";
+ next;
+ }
+
+ unless ($generate{missing})
+ {
+ warn "$self: no md5sums for $pack\n";
+ next;
+ }
+
+ unless ($deb)
+ {
+ warn "$self: no md5sums for $pack and no deb available\n"
+ unless $generate{nocheck} and $silent;
+
+ next;
+ }
+
+ undef $sums;
+ $_ = $deb;
+ }
+ }
+
+ next if $missing;
+ }
+
+ unless ($sums)
+ {
+ unless (-f and /\.deb$/)
+ {
+ warn "$self: invalid package name `$_'\n";
+ $status = 1;
+ next;
+ }
+
+ my $deb = $_;
+ my %field = map /^(\S+):\s+(.*)/ms, split /\n(?!\s)/,
+ `dpkg --field '$deb' Package Version Conffiles 2>/dev/null`;
+
+ unless (exists $field{Package} and $field{Version})
+ {
+ warn "$self: $deb does not seem to be a valid debian archive\n";
+ $status = 1;
+ next;
+ }
+
+ $pack = $field{Package};
+ unless (exists $installed{$pack})
+ {
+ warn "$self: package $pack is not installed\n";
+ $status = 1;
+ next;
+ }
+
+ unless ($installed{$pack}{Version} eq $field{Version})
+ {
+ warn "$self: package $pack version $field{Version} !=",
+ " installed version $installed{$pack}{Version}\n";
+
+ $status = 1;
+ next;
+ }
+
+ if ($md5sums)
+ {
+ if (exists $debsum{$deb})
+ {
+ open F, $deb or die "$self: can't open $deb ($!)\n";
+ $digest->addfile(\*F);
+ close F;
+
+ unless ($digest->hexdigest eq $debsum{$deb})
+ {
+ warn "$self: checksum missmatch for $deb; not checked\n";
+ $status = 1;
+ next;
+ }
+ }
+ else
+ {
+ warn "$self: no checksum available for $deb\n";
+ }
+ }
+
+ unless ($tmp)
+ {
+ my $catch = sub { exit 1 };
+ $SIG{$_} = $catch for qw/HUP INT QUIT TERM/;
+
+ $tmp = tempdir CLEANUP => 1
+ or die "$self: can't create temporary directory ($!)\n";
+ }
+
+ my $control = "$tmp/DEBIAN";
+ $sums = "$control/md5sums";
+ rmtree $control if -d $control;
+
+ system 'dpkg', '--control', $deb, $control
+ and die "$self: can't extract control info from $deb\n";
+
+ if ($missing)
+ {
+ print "$deb\n" unless -s $sums;
+ next;
+ }
+
+ my %conf;
+ if (open F, "$control/conffiles")
+ {
+ while (<F>)
+ {
+ chomp;
+ $conf{$1}++ if m!^/?(.+)!;
+ }
+
+ close F;
+ }
+
+ if (!-s $sums)
+ {
+ my $unpacked = "$tmp/$pack";
+ print "Generating missing md5sums for $deb..." unless $silent;
+ system 'dpkg', '--extract', $deb, $unpacked
+ and die "$self: can't unpack $deb\n";
+
+ $conffiles = {};
+ open SUMS, ">$sums" or die "$self: can't create $sums ($!)\n";
+ my $skip = (length $unpacked) + 1;
+
+ find sub {
+ return if -l or ! -f;
+ open F, $_ or die "$self: can't open $_ ($!)\n";
+ $digest->addfile(\*F);
+ close F;
+ my $md5 = $digest->hexdigest;
+ my $path = substr $File::Find::name, $skip;
+ if (delete $conf{$path})
+ {
+ $conffiles->{$path} = $md5;
+ }
+ else
+ {
+ print SUMS "$md5 $path\n";
+ }
+ }, $unpacked;
+
+ close SUMS;
+ rmtree $unpacked;
+
+ print "done.\n" unless $silent;
+
+ warn "$self: extra conffiles listed in $deb: (",
+ (join ', ', keys %conf), ")\n" if %conf;
+ }
+
+ if ($generate{keep})
+ {
+ my $target = "$DPKG/info/$pack.md5sums";
+ copy $sums, $target
+ or die "$self: can't copy sums to $target ($!)\n";
+ }
+ }
+
+ next if $generate{nocheck};
+
+ $conffiles = $installed{$pack}{Conffiles} || {}
+ unless $conffiles;
+
+ open SUMS, $sums or die "$self: can't open $sums ($!)\n";
+ while (<SUMS>)
+ {
+ chomp;
+ my ($sum, $path) = split ' ', $_, 2;
+ unless ($path and $sum =~ /^[0-9a-f]{32}$/)
+ {
+ warn "$self: invalid line ($.) in md5sums for $pack: $_\n";
+ next;
+ }
+
+ if ($config) {
+ next if ! exists $conffiles->{$path};
+ $status = 1 unless check $pack, $path, $sum;
+ } else {
+ next if exists $conffiles->{$path};
+ $status = 1 unless check $pack, $path, $sum;
+ }
+ }
+
+ close SUMS;
+
+ next unless ! $config and $all and %$conffiles;
+ while (my ($path, $sum) = each %$conffiles)
+ {
+ $status = 1 unless check $pack, $path, $sum;
+ }
+}
+
+exit $status;
diff -Nru debsums-2.0.13/debian/debsums/usr/sbin/debsums_gen
debsums-2.0.13.1/debian/debsums/usr/sbin/debsums_gen
--- debsums-2.0.13/debian/debsums/usr/sbin/debsums_gen 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/usr/sbin/debsums_gen 2005-01-29
16:08:51.000000000 +0100
@@ -0,0 +1,70 @@
+#! /bin/sh
+# Generate Checksums
+# Christoph Lameter <[EMAIL PROTECTED]> October 19, 1997
+#
+# Modified January 30, 1999 by Ben Collins - added ability to generate
+# md5sums for specified packages on command line. Also added -l option for
+# listing packages with no md5sums file, and a -f option for overwriting
+# the md5sums file on listed packages
+
+cd /
+
+if [ "$1" = "-l" ]
+then
+ echo "Checking for packages without md5sums list "
+ for i in /var/lib/dpkg/info/*.list
+ do
+ PACKAGE="`expr $i : '/var/lib/dpkg/info/\(.*\)\.list'`"
+ if [ ! -f /var/lib/dpkg/info/$PACKAGE.md5sums ]
+ then
+ echo -n "$PACKAGE "
+ fi
+ done
+ echo
+ echo done.
+ exit 0
+fi
+
+FORCE=""
+if [ "$1" = "-f" ]
+then
+ FORCE="(forcing) "
+ shift
+fi
+
+if [ "$1" ]
+then
+ echo -n "${FORCE}Generating md5sums for "
+ for i in $*
+ do
+ if [ -s /var/lib/dpkg/info/$i.list ]
+ then
+ if [ ! -f /var/lib/dpkg/info/$i.md5sums ] || [ -n "$FORCE" ]
+ then
+ md5sum `cat /var/lib/dpkg/info/$i.list`
>/var/lib/dpkg/info/$i.md5sums 2>/dev/null
+ echo -n "$i "
+ else
+ echo -n "($i.md5sums exists)"
+ fi
+ else
+ echo -n "($i.list does not exist) "
+ fi
+ done
+else
+ echo -n "Generating md5sums for "
+ for i in /var/lib/dpkg/info/*.list
+ do
+ PACKAGE="`expr $i : '/var/lib/dpkg/info/\(.*\)\.list'`"
+
+ if [ ! -f /var/lib/dpkg/info/$PACKAGE.md5sums ] && [ -s $i ]
+ then
+ # Package list includes directories. So just ignore md5sums
+ # errormessages on those
+ md5sum `cat $i` >/var/lib/dpkg/info/$PACKAGE.md5sums 2>/dev/null
+ echo -n "$PACKAGE "
+ fi
+ done
+fi
+
+echo
+echo "Done."
Los ficheros binarios
debsums-2.0.13/debian/debsums/usr/share/doc/debsums/changelog.gz y
debsums-2.0.13.1/debian/debsums/usr/share/doc/debsums/changelog.gz son distintos
diff -Nru debsums-2.0.13/debian/debsums/usr/share/doc/debsums/copyright
debsums-2.0.13.1/debian/debsums/usr/share/doc/debsums/copyright
--- debsums-2.0.13/debian/debsums/usr/share/doc/debsums/copyright
1970-01-01 01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/usr/share/doc/debsums/copyright
2004-06-13 06:06:06.000000000 +0200
@@ -0,0 +1,11 @@
+Copyright (c) 2002, 2004 Brendan O'Dea <[EMAIL PROTECTED]>
+
+debsums is licensed under the terms of the GNU General Public License (GPL),
+version 2 or later, as published by the Free Software Foundation.
+
+See the file COPYING in the source, /usr/share/common-licenses/GPL, or
+<http://www.gnu.org/copyleft/gpl.txt> for the terms of the latest
+version of the GNU General Public License.
+
+debsums was originally written by Christoph Lameter <[EMAIL PROTECTED]>,
+and subsequently maintained by Petr Cech <[EMAIL PROTECTED]>.
diff -Nru debsums-2.0.13/debian/debsums/usr/share/doc/debsums/README
debsums-2.0.13.1/debian/debsums/usr/share/doc/debsums/README
--- debsums-2.0.13/debian/debsums/usr/share/doc/debsums/README 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums/usr/share/doc/debsums/README
2002-01-24 13:09:33.000000000 +0100
@@ -0,0 +1,20 @@
+
+debsums: Check the integrity of the packages files
+ Suspecting a package has been compromised by another application
+ or a virus or so? Run this tool to find out if anything happened
+ to the files.
+
+To generate md5sums in debian/rules from any package:
+
+1. chdir to debian/tmp (or whatever it is called)
+
+2. Run the following commands (excerpt from debstd)
+
+ md5sum `find * -type f ! -regex "DEBIAN/.*"` >DEBIAN/md5sums </dev/null
+ chmod 644 DEBIAN/md5sums
+
+Christoph Lameter <[EMAIL PROTECTED]>
+
+3. The same can be accomplished by running dh_md5sums
+
+Petr Cech <[EMAIL PROTECTED]>
Los ficheros binarios
debsums-2.0.13/debian/debsums/usr/share/man/fr/man1/debsums.1.gz y
debsums-2.0.13.1/debian/debsums/usr/share/man/fr/man1/debsums.1.gz son distintos
Los ficheros binarios
debsums-2.0.13/debian/debsums/usr/share/man/man1/debsums.1.gz y
debsums-2.0.13.1/debian/debsums/usr/share/man/man1/debsums.1.gz son distintos
Los ficheros binarios
debsums-2.0.13/debian/debsums/usr/share/man/man8/debsums_gen.8.gz y
debsums-2.0.13.1/debian/debsums/usr/share/man/man8/debsums_gen.8.gz son
distintos
Los ficheros binarios
debsums-2.0.13/debian/debsums/usr/share/man/pt_BR/man1/debsums.1.gz y
debsums-2.0.13.1/debian/debsums/usr/share/man/pt_BR/man1/debsums.1.gz son
distintos
Los ficheros binarios
debsums-2.0.13/debian/debsums/usr/share/man/pt_BR/man8/debsums_gen.8.gz y
debsums-2.0.13.1/debian/debsums/usr/share/man/pt_BR/man8/debsums_gen.8.gz son
distintos
diff -Nru debsums-2.0.13/debian/debsums.postrm.debhelper
debsums-2.0.13.1/debian/debsums.postrm.debhelper
--- debsums-2.0.13/debian/debsums.postrm.debhelper 1970-01-01
01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/debsums.postrm.debhelper 2005-01-29
16:08:52.000000000 +0100
@@ -0,0 +1,6 @@
+# Automatically added by dh_installdebconf
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_purge
+fi
+# End automatically added section
diff -Nru debsums-2.0.13/debian/debsums.substvars
debsums-2.0.13.1/debian/debsums.substvars
--- debsums-2.0.13/debian/debsums.substvars 1970-01-01 01:00:00.000000000
+0100
+++ debsums-2.0.13.1/debian/debsums.substvars 2005-01-29 16:08:52.000000000
+0100
@@ -0,0 +1 @@
+misc:Depends=debconf (>= 0.5) | debconf-2.0
diff -Nru debsums-2.0.13/debian/files debsums-2.0.13.1/debian/files
--- debsums-2.0.13/debian/files 1970-01-01 01:00:00.000000000 +0100
+++ debsums-2.0.13.1/debian/files 2005-01-29 16:08:52.000000000 +0100
@@ -0,0 +1 @@
+debsums_2.0.13.1_all.deb admin optional
diff -Nru debsums-2.0.13/debsums.1 debsums-2.0.13.1/debsums.1
--- debsums-2.0.13/debsums.1 2002-09-09 14:37:22.000000000 +0200
+++ debsums-2.0.13.1/debsums.1 2005-01-29 16:08:09.000000000 +0100
@@ -11,12 +11,25 @@
.RI [ package | deb ]
\&...
.SH DESCRIPTION
-Verify installed Debian package files against MD5 checksum lists.
+.I debsums
+will verify installed Debian package files against MD5 checksum lists and
+provide a list of those files that hold a different MD5 checksum as
+opposed to the checksum listed provided in
+.RI /var/lib/dpkg/info/ package .md5sums.
+.P
+.I debsums
+can generate the checksum list for packages that don't provide one. It is
+also aware of
+.I locale-purge
+and will not check purged locale files.
.SH OPTIONS
.TP
.BR \-a ", " \-\-all
Also check configuration files (normally excluded).
.TP
+.BR \-e ", " \-\-config
+\fBOnly\fR check configuration files.
+.TP
.BR \-c ", " \-\-changed
Report changed file list to stdout (implies
.BR \-s ).
@@ -51,6 +64,9 @@
.IP
may be used to populate the cache with any debs not already in the
cache.
+.I Note:
+This will not work for CD-ROM and other local sources as there is no
+cache file for them under \fI/var/cache\fR.
.TP
.BR \-g ", " \-\-generate =[ missing | all ][, keep [, nocheck ]]
Generate MD5 sums from deb contents. If the argument is a package
@@ -84,6 +100,10 @@
is equivalent to
.BR \-\-generate=missing .
.LP
+.BR \-\-no\-locale\-purge
+.PD
+Will print debsums errors for purged locale.
+.TP
.B \-\-help
.PD 0
.TP
@@ -144,6 +164,12 @@
from known safe media (such as a bootable rescue CD, see the \-\-root
option) and the checksums are take from debs (\-\-generate=all) which
are either on that media or validated using the \-\-md5sums option.
+.PP
+If you are looking for an integrity checkers that can run from safe
+media, do integrity checks on checksum databases and can be easily
+configured to run periodically to warn the admin of changes you should
+better look at other tools like: \fIaide\fR, \fIintegrit\fR,
+\fIsamhain\fR, or \fItripwire\fR.
.SH AUTHOR
Written by Brendan O'Dea <[EMAIL PROTECTED]>.
.br
diff -Nru debsums-2.0.13/debsums.in debsums-2.0.13.1/debsums.in
--- debsums-2.0.13/debsums.in 2004-07-24 10:47:55.000000000 +0200
+++ debsums-2.0.13.1/debsums.in 2005-01-29 16:07:28.000000000 +0100
@@ -34,6 +34,7 @@
Options:
-a, --all check configuration files (normally excluded)
+ -e, --config check only configuration files
-c, --changed report changed files (implies -s)
-l, --list-missing list packages which don't have an md5sums file
-s, --silent only report errors
@@ -43,6 +44,7 @@
-p, --deb-path=DIR[:DIR...] search path for debs
-g, --generate=[all][,keep[,nocheck]]
generate md5sums from deb contents
+ --no-locale-purge warn on locale files even if locale-purge is used
--help print this help, then exit
--version print version number, then exit
EOT
@@ -50,6 +52,7 @@
my $gen_opt;
GetOptions (
'a|all' => \my $all,
+ 'e|config' => \my $config,
'c|changed' => \my $changed,
'l|list-missing' => \my $missing,
's|silent' => \my $silent,
@@ -58,6 +61,7 @@
'd|admindir=s' => \my $admindir,
'p|deb-path=s' => \my $debpath,
'generate=s' => \$gen_opt,
+ 'nolocalepurge' => \my $nolocalepurge,
g => sub { $gen_opt = 'missing' },
help => sub { print $help; exit },
version => sub { print $version; exit },
@@ -67,6 +71,19 @@
$admindir ||= '/var/lib/dpkg';
my $DPKG = $root . $admindir;
+my $localepurges = "";
+
+if( -r "/etc/locale.nopurge") {
+ open(LOCALE, "/etc/locale.nopurge");
+ my $line;
+ foreach $line (<LOCALE>) {
+ chop $line;
+ $localepurges .= $line."|" if $line=~ /^[a-z].+/;
+ }
+ close LOCALE;
+ $localepurges =~ s/\|$//;
+}
+
$silent++ if $changed;
my @debpath = '.';
@@ -215,7 +232,16 @@
unless (open F, "$root/$path")
{
- warn "$self: can't open $pack file $path ($!)\n";
+ return 0 if ( ! $nolocalepurge && $localepurges ne ""
+ && ( ($path =~ /^usr\/share\/man\/[^\/]+?\/man[0-9]\// &&
+ $path !~ /^usr\/share\/man\/($localepurges)\/man[0-9]\//
+ ) ||
+ ($path =~ /^usr\/share\/locale\/[^\/]+?\// &&
+ $path !~ /^usr\/share\/locale\/($localepurges)\// )||
+ 0)
+ );
+
+ warn "$self: can't open $pack file $root/$path ($!)\n";
return 0;
}
@@ -225,29 +251,29 @@
my $s = $digest->hexdigest;
if ($s eq $sum)
{
- printf "%-*s OK\n", $width, $path unless $silent;
+ printf "%-*s OK\n", $width, "$root/$path" unless $silent;
return 1;
}
if (is_replaced $pack, $path, $s)
{
- printf "%-*s REPLACED\n", $width - 6, $path unless $silent;
+ printf "%-*s REPLACED\n", $width - 6, "$root/$path" unless $silent;
return 1;
}
if ($changed)
{
- print $path, "\n";
+ print $root, "/", $path, "\n";
return 1;
}
if ($silent)
{
- warn "$self: checksum mismatch $pack file $path\n";
+ warn "$self: checksum mismatch $pack file $root/$path\n";
}
else
{
- printf "%-*s FAILED\n", $width - 4, $path;
+ printf "%-*s FAILED\n", $width - 4, "$root/$path";
}
return 0;
@@ -491,13 +517,18 @@
next;
}
- next if exists $conffiles->{$path};
- $status = 1 unless check $pack, $path, $sum;
+ if ($config) {
+ next if ! exists $conffiles->{$path};
+ $status = 1 unless check $pack, $path, $sum;
+ } else {
+ next if exists $conffiles->{$path};
+ $status = 1 unless check $pack, $path, $sum;
+ }
}
close SUMS;
- next unless $all and %$conffiles;
+ next unless ! $config and $all and %$conffiles;
while (my ($path, $sum) = each %$conffiles)
{
$status = 1 unless check $pack, $path, $sum;
signature.asc
Description: Digital signature
