Practical Package Administration under Debian
|
Modified Packages
The dlocate and debsums tools make it possible to identify modified files of an installed package. Both tools use the hash function MD5 to compare the files from a Debian package with the files actually found on the disc.
dlocate uses the -md5check switch (Listing 4), but debsums manages without any additional input (Listing 5). Each tool also needs to know the name of the package that you want to monitor. In the example given, this is the interactive load indicator program htop . The OK indication in the output shows that the MD5 value corresponds to that in the Debian package, thus the file has not changed.
Listing 4
dlocate with md5check
$ dlocate -md5check htop usr/bin/htop: OK usr/share/applications/htop.desktop: OK usr/share/doc/htop/AUTHORS: OK usr/share/doc/htop/README: OK usr/share/doc/htop/changelog.Debian.gz: OK usr/share/doc/htop/changelog.gz: OK usr/share/doc/htop/copyright: OK usr/share/man/man1/htop.1.gz: OK usr/share/menu/htop: OK usr/share/pixmaps/htop.png: OK
Listing 5
debsums
$ debsums htop /usr/bin/htop OK /usr/share/applications/htop.desktop OK /usr/share/doc/htop/AUTHORS OK /usr/share/doc/htop/README OK /usr/share/doc/htop/changelog.Debian.gz OK /usr/share/doc/htop/changelog.gz OK /usr/share/doc/htop/copyright OK /usr/share/man/man1/htop.1.gz OK /usr/share/menu/htop OK /usr/share/pixmaps/htop.png OK
If instead, the goal is simply to find files that are different from the originals, then you can call debsums with the -c switch, the long version of which is --changed . debsums will need superuser rights (sudo ) in order to inspect all of the directories. Listing 6 verifies and lists as missing debsums files from the cupswrapperhl2250dn and hl2250dnlpr files.
Listing 6
debsums Differences
# debsums -c debsums: missing file /usr/local/Brother/Printer/HL2250DN/cupswrapper/brcupsconfig4 (from cupswrapperhl2250dn package) debsums: missing file /usr/share/doc/hl2250dnlpr/copyright (from hl2250dnlpr package) debsums: missing file /usr/share/doc/hl2250dnlpr/changelog.Debian.gz (from hl2250dnlpr package)
Modifications and Bugs
The changelog file executes changes that have been made from one package version to the next. Both apt-get and aptitude can use the changelog sub-command, which shows you the changes. Listing 7 demonstrates with excerpts by reference to aptitude and the package smartpm .
Listing 7
aptitude Changes
$ aptitude changelog smartpm smart (1.4-2) unstable; urgency=low * Switch to dh_python2 (Thanks to Barry Warsaw) -- Free Ekanayaka <freee@debian.org> Fri, 12 Aug 2011 17:27:20 +0100 smart (1.4-1) unstable; urgency=low * New upstream release * Drop several patches (02_fix_fetcher_test, 03_setup, 06_CVE-2009-3560.patch and 06_CVE-2009-3720.patch) as they were all merged upstream -- Free Ekanayaka <freee@debian.org> Tue, 31 May 2011 16:04:52 +0200 [...]
apt-listchanges from the package of the same name is similarly helpful. It chimes in along with package management and indicates which modifications existed prior to the installation or update of a package. You can call the tool separately at any time in order to find the information independently of installation and updates.
In Listing 8, apt-listchanges extracts modifications from the DEB package file ruby-json_1.7.3-3_i386.deb in an explicit call. The two tools, popbugs from the debian-goodies package and rc-alert from devscripts , specialize in finding release-critical bugs.
Listing 8
apt-listchanges
# apt-listchanges -f text --which=both /var/cache/apt/archives/ruby-json_1.7.3-3_i386.deb Reading Changelogs... ruby-json (1.7.3-3) unstable; urgency=high * set urgency to high, as a security bug is fixed. * Add 10-fix-CVE-2013-0269.patch, adapted from upstream to fix denial of service and unsafe object creation vulnerability. [CVE-2013-0269] (Closes: #700436). -- CÈdric Boutillier <cedric.boutillier@gmail.com> Tue, 12 Feb 2013 23:14:48 +0100 [...]
Buy this article as PDF
Pages: 7
(incl. VAT)