DEBSUMS(S) User Commands DEBSUMS(S) NAME debsums - check the MD5 sums of installed Debian packages SYNOPSIS debsums [options] [package|deb] ... DESCRIPTION Verify installed Debian package files against MD5 checksum lists. OPTIONS -a, --all Also check configuration files (normally excluded). -c, --changed Report changed file list to stdout (implies -s). -l, --list-missing List packages (or debs) which don't have an MD5 sums file. -s, --silent Only report errors. -m, --md5sums=file Read list of deb checksums from file. -r, --root=dir Root directory to check (default /). -d, --admindir=dir dpkg admin directory (default /var/lib/dpkg). -p, --deb-path=dir[:dir...] Directories in which to look for debs derived from the package name (default is the current direc- tory). A useful value is /var/cache/apt/archives when using apt-get autoclean or not clearing the cache at all. And the command: apt-get --reinstall -d install `debsums -l` may be used to populate the cache with any debs not already in the cache. -g, --generate=[missing|all][,keep[,nocheck]] Generate MD5 sums from deb contents. If the argu- ment is a package name rather than a deb archive, the program will look for a deb named package_ver- sion_arch.deb in the directories given by the -p option. missing Generate MD5 sums from the deb for packages which don't provide one. all Ignore the on disk sums and use the one sup- plied in the deb, or generated from it if none exists. keep Write the extracted/generated sums to /var/lib/dpkg/info/package.md5sums. nocheck Implies keep; the extracted/generated sums are not checked against the installed pack- age. For backward compatibility, the short option -g is equivalent to --generate=missing. --help --version Print help and version information. EXAMPLES debsums foo bar Check the sums for installed packages foo and bar. debsums foo.deb bar.deb As above, using checksums from (or generated from) the archives. debsums -l List installed packages with no checksums. debsums -ca List changed package files from all installed pack- ages with checksums. debsums -cagp /var/cache/apt/archives As above, using sums from cached debs where avail- able. DPkg::Post-Invoke { "debsums --generate=nocheck -sp /var/cache/apt/archives"; }; /etc/apt/apt.conf fragment to generate missing checksums after upgrade/install. ENVIRONMENT TMPDIR Directory for extracting information and contents from package archives (/tmp by default). CAVEATS While in general the program may be run as a normal user, some packages contain files which are not globally read- able so cannot be checked. Privileges are of course also required when generating sums with the keep option set. Files which have been replaced by another package may be erroneously reported as changed. debsums is of limited use as a security tool unless the program and all required infrastructure (dpkg, perl, Digest::MD5, etc.) are executed from known safe media (such as a bootable rescue CD, see the --root option) and the checksums are take from debs (--generate=all) which are either on that media or validated using the --md5sums option. AUTHOR Written by Brendan O'Dea <bod@debian.org>. Based on a program by Christoph Lameter <clame- ter@debian.org> and Petr Cech <cech@debian.org>. COPYRIGHT Copyright (C) 2002 Brendan O'Dea <bod@debian.org> This is free software, licensed under the terms of the GNU General Public License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Debian 2002/04/14 DEBSUMS(S)