Re: Package verification and "/usr/bin/install" tool replacements

On Sat, Oct 04, 2003 at 04:39:49AM +1000, Kim Lester wrote: > Some of the ideas I have implemented include a "pkg info" file in each > package > containing the > pathname > uid, gid (numeric) > md5sum, > size (useful to humans) > mode > symlink target (for syml

Re: Package verification

On Wednesday 08 October 2003 09:04, Andreas Metzler wrote: > 'chown -R ...' accidentally excuted in the wrong directory comes to > my mind. Or filesystem corruption after a hard crash. But then not only files from packages, but also user files are subject of corruption. Using a tool like integrit

Re: Package verification

Matthew Palmer <[EMAIL PROTECTED]> wrote: > On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote: >> There is no way to verify/correct the MODE, USER, GROUP, TYPE >> of any files installed in a pkg. >> If I am wrong please point out where, with an installed pkg >> (and preferably without hav

Re: Package verification

On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote: > There is no way to verify/correct the MODE, USER, GROUP, TYPE > of any files installed in a pkg. > If I am wrong please point out where, with an installed pkg > (and preferably without having a copy of the .dpkg around) > once can tell

Re: Package verification

On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote: > There is no way to verify/correct the MODE, USER, GROUP, TYPE > of any files installed in a pkg. That appears to be the case, partly because permissions may be changed from those files which are contained withing the .deb file via t

RE: Package verification

rds kim > -Original Message- > From: Brian May [mailto:[EMAIL PROTECTED] > Sent: Sunday, October 05, 2003 9:39 AM > To: Fabien Ninoles > Cc: Kim Lester; debian-devel@lists.debian.org > Subject: Re: Package verification and "/usr/bin/install" tool > replaceme

Re: Package verification and "/usr/bin/install" tool replacements

On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien Ninoles wrote: > Although your proposition seems more complete, have you try > debsums and checksecurity? debsums with the following > feature in /etc/apt/apt.conf > > DPkg::Post-Invoke { > "debsums --generate=nocheck -sp /var/cache/apt/arc

Re: Package verification and "/usr/bin/install" tool replacements

Kim Lester wrote: Although debian packages may contain md5sums it seems package verification is not available (unless I have missed something). Although your proposition seems more complete, have you try debsums and checksecurity? debsums with the following feature in /etc/apt/apt.conf DPkg::Post

RE: Package verification and "/usr/bin/install" tool replacements

this latter group My solution does. regards kim > -Original Message- > From: Rene Engelhard [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 04, 2003 5:45 AM > To: debian-devel@lists.debian.org > Subject: Re: Package verification and "/usr/bin/install"

Re: Package verification and "/usr/bin/install" tool replacements

Hi, Kim Lester wrote: > Although debian packages may contain md5sums it seems package > verification is > not available (unless I have missed something). Probably you missed debsums... Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org |

Re: Package Verification

I'd rather avoid the sum(1) checksum, because there are two implementations of sum(1), the BSD and SYSV, that output different checksums for the same data. Too many people will get confused when they see the wrong sum. Bruce  -- Bruce Perens <[EMAIL PROTECTED]> Pixar Animation Studios

Re: Package Verification

Bruce said, regarding Packages file info: > I think a field with the size _and_ MD5 checksum on the same line would > be helpful. We don't collect this information anywhere else, to my knowledge. The sum(1) checksum might also be useful. I know that sum(1) has been characterized here as "totally

Re: Package Verification

From: Ian Jackson <[EMAIL PROTECTED]> > I suppose we could put the file size in the Packages file; it just > might get a bit cluttered with all of this information. What do > people feel about this ? I think a field with the size _and_ MD5 checksum on the same line would be helpful. We don't coll

Re: Package Verification

brian white writes ("Re: Package Verification "): > This is fine, but it doesn't help with verifying packages on > non-Debian systems as is required by people who must do an actual FTP > >from another machine. As for the format, feel free to alter it. I > figure

Re: Package Verification

>> I'd like to suggest another field to be automatically added to the >> "Packages" files that exist at the top of each hierarchy in the >> distribution. I'd like to see a "Checksum:" field that can be used to >> verify the correct download of these packages. I think including both >> an 'md5sum'

Re: Package Verification

brian white writes ("Package Verification "): > I'd like to suggest another field to be automatically added to the > "Packages" files that exist at the top of each hierarchy in the > distribution. I'd like to see a "Checksum:" field that can be used to > verify the correct download of these packag