Checking integrity of cached debs

02/12/2006, 22h30

Does apt-get check the integrity of cached debs before installing them?
For example, if I did

apt-get --download-only install <package>

which downloads the package to the file

/var/cache/apt/archives/<package>.version.deb

but doesn't install it, and then sometime later, after the above file
became corrupt because of a faulty hard drive, did

apt-get install <package>

(which required no new download because there is no version change) would
the corruption be detected?

In other words, is the check done after the download, before the
installation, or both?

Is there an easy way to check the integrity of cached debs and remove
corrupt ones? Also, is there an easy way to check the integrity of the
unchanging parts of installed packages?

Thanks (a lot).

Win

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

03/12/2006, 17h20

Winston Smith writes:

> Is there an easy way to check the integrity of cached debs and remove
> corrupt ones?

You can install debsums for that,

Description: Verify installed package files against MD5 checksums.
debsums can verify the integrity of installed package files against
MD5 checksums installed by the package, or generated from a .deb
archive.

--
-- Jhair

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

04/12/2006, 21h10

Winston Smith wrote:
> Is there an easy way to check the integrity of cached debs and remove
> corrupt ones? Also, is there an easy way to check the integrity of the
> unchanging parts of installed packages?

Jhair Tocancipa Triana wrote:
> You can install debsums for that,
>
> Description: Verify installed package files against MD5 checksums.
> debsums can verify the integrity of installed package files against
> MD5 checksums installed by the package, or generated from a .deb
> archive.

Thank you, Jhair. That takes care of the second question beautifully.

As for checking the integrity of a possibly un-installed cached deb like
/var/cache/apt/archives/akode_4%3a3.3.2-1_i386.deb,
this is the best I know so far:
Drop the 4%3a ("%3a" is url-ese for ":") from the base to obtain
akode_3.3.2-1_i386.deb, which you look for in the "Filename:" field of
the entries in the "Packages" files in /var/lib/apt/lists (or downloaded
packages.gz files from the mirrors in /etc/apt/sources.list). Take the
md5sum from the entry where you find it, and compare it to the actual
md5sum of the cached deb.

Win

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

06/12/2006, 02h10

On Sat, Dec 02, 2006 at 05:05:30PM -0500, Winston Smith wrote:
> Does apt-get check the integrity of cached debs before installing them?
> For example, if I did
>
> apt-get --download-only install <package>
>
> which downloads the package to the file
>
> /var/cache/apt/archives/<package>.version.deb
>
> but doesn't install it, and then sometime later, after the above file
> became corrupt because of a faulty hard drive, did
>
> apt-get install <package>
>
> (which required no new download because there is no version change) would
> the corruption be detected?
>
> In other words, is the check done after the download, before the
> installation, or both?
>
Basically, yes. The md5sum is stored by apt. It checks the downloaded
deb before installing against the stored md5sum.

> Is there an easy way to check the integrity of cached debs and remove
> corrupt ones? Also, is there an easy way to check the integrity of the
> unchanging parts of installed packages?
>
Try debsums.

Regards,

-Roberto

--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFcipS5SXWIKfIlGQRAlhiAJ0dssHTQANci46hgXZY6m AN25IvigCgttZO
miQv9b/rWfkMvVQWr5BRf2U=
=KHxc
-----END PGP SIGNATURE-----

06/12/2006, 08h20

Winston Smith wrote:
> In other words, is the check done after the download, before the
> installation, or both?

apt does check the validity of cached debs before installing them. If a
deb is corrupt it will remove it from the cache and re-download it
before installing. I don't know offhand if it checks the validity of
downloaded files before putting them in the cache.

--
see shy jo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFddrCd8HHehbQuO8RAqoSAJ9hv7M5g8E6QFy/MO5jmlEO0k40VQCgxQQh
qegZItNJYSqmg0mGzS5BjiU=
=drB/
-----END PGP SIGNATURE-----

02/12/2006, 22h30	#1
Winston Smith Messages: n/a Hébergeur:	Checking integrity of cached debs Does apt-get check the integrity of cached debs before installing them? For example, if I did apt-get --download-only install <package> which downloads the package to the file /var/cache/apt/archives/<package>.version.deb but doesn't install it, and then sometime later, after the above file became corrupt because of a faulty hard drive, did apt-get install <package> (which required no new download because there is no version change) would the corruption be detected? In other words, is the check done after the download, before the installation, or both? Is there an easy way to check the integrity of cached debs and remove corrupt ones? Also, is there an easy way to check the integrity of the unchanging parts of installed packages? Thanks (a lot). Win -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

03/12/2006, 17h20	#2
Jhair Tocancipa Triana Messages: n/a Hébergeur:	Re: Checking integrity of cached debs Winston Smith writes: > Is there an easy way to check the integrity of cached debs and remove > corrupt ones? You can install debsums for that, Description: Verify installed package files against MD5 checksums. debsums can verify the integrity of installed package files against MD5 checksums installed by the package, or generated from a .deb archive. -- -- Jhair -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

04/12/2006, 21h10	#3
Winston Smith Messages: n/a Hébergeur:	Re: Checking integrity of cached debs Winston Smith wrote: > Is there an easy way to check the integrity of cached debs and remove > corrupt ones? Also, is there an easy way to check the integrity of the > unchanging parts of installed packages? Jhair Tocancipa Triana wrote: > You can install debsums for that, > > Description: Verify installed package files against MD5 checksums. > debsums can verify the integrity of installed package files against > MD5 checksums installed by the package, or generated from a .deb > archive. Thank you, Jhair. That takes care of the second question beautifully. As for checking the integrity of a possibly un-installed cached deb like /var/cache/apt/archives/akode_4%3a3.3.2-1_i386.deb, this is the best I know so far: Drop the 4%3a ("%3a" is url-ese for ":") from the base to obtain akode_3.3.2-1_i386.deb, which you look for in the "Filename:" field of the entries in the "Packages" files in /var/lib/apt/lists (or downloaded packages.gz files from the mirrors in /etc/apt/sources.list). Take the md5sum from the entry where you find it, and compare it to the actual md5sum of the cached deb. Win -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

06/12/2006, 02h10	#4
Roberto C. Sanchez Messages: n/a Hébergeur:	Re: Checking integrity of cached debs On Sat, Dec 02, 2006 at 05:05:30PM -0500, Winston Smith wrote: > Does apt-get check the integrity of cached debs before installing them? > For example, if I did > > apt-get --download-only install <package> > > which downloads the package to the file > > /var/cache/apt/archives/<package>.version.deb > > but doesn't install it, and then sometime later, after the above file > became corrupt because of a faulty hard drive, did > > apt-get install <package> > > (which required no new download because there is no version change) would > the corruption be detected? > > In other words, is the check done after the download, before the > installation, or both? > Basically, yes. The md5sum is stored by apt. It checks the downloaded deb before installing against the stored md5sum. > Is there an easy way to check the integrity of cached debs and remove > corrupt ones? Also, is there an easy way to check the integrity of the > unchanging parts of installed packages? > Try debsums. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFcipS5SXWIKfIlGQRAlhiAJ0dssHTQANci46hgXZY6m AN25IvigCgttZO miQv9b/rWfkMvVQWr5BRf2U= =KHxc -----END PGP SIGNATURE-----

06/12/2006, 08h20	#5
Joey Hess Messages: n/a Hébergeur:	Re: Checking integrity of cached debs Winston Smith wrote: > In other words, is the check done after the download, before the > installation, or both? apt does check the validity of cached debs before installing them. If a deb is corrupt it will remove it from the cache and re-download it before installing. I don't know offhand if it checks the validity of downloaded files before putting them in the cache. -- see shy jo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFddrCd8HHehbQuO8RAqoSAJ9hv7M5g8E6QFy/MO5jmlEO0k40VQCgxQQh qegZItNJYSqmg0mGzS5BjiU= =drB/ -----END PGP SIGNATURE-----

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email