How do I force rpm -V to verify all files?
I want to be able to validate all files against the rpm database (i.e. all files from rpm).
Example: When I ask rpm to validate a package carrying /etc/hosts, I get:
# rpm -Vv setup-2.8.14-16.el6.noarch
......... c /etc/aliases
S.5.... T. c /etc/bashrc
......... c /etc/csh.cshrc
......... c /etc/csh.login
......... c /etc/environment
......... c /etc/exports
......... c /etc/filesystems
......... c /etc/group
......... c /etc/gshadow
......... c /etc/host.conf
......... c /etc/hosts
......... c /etc/hosts.allow
(stuff deleted)
I would like to see that, e.g. /etc/hosts has changed. What should I do?
Solution
The rpm specification file can clearly state which aspects of the file should be verified by -V, and the configuration file (which shows the output in the second column by c) is usually changed and is not overwritten on update.
You can get the original file size and ownership fairly easily with rpm -qlv, so you can do ls on the same files and then compare them. For example,
rpm=setup
rpm -ql $rpm |
xargs ls -ld --time-style='+%b %d %Y' |
tr -s ' ' |
sort -k9 |
diff -u <(rpm -qlv $rpm |tr -s ' ' | sort -k9) -
Changes (- prefix from rpm, + now) or no display (prefix) can be displayed.
This is a script that gets a list of package names and gets it using --dump
Checksum info (etc.), seems to be sha256sum on my Fedora 22 instead of
An MD5SUM and compare it with a real file. Although rpm -V has an additional final field,
“Functionality is different”, this information is not provided in the dump output.
#!/bin/bash
for pkg
do rpm -q --dump "$pkg" |
while read path size mtime digest mode owner group isconfig isdoc rdev symlink
do if [ "$path" = package ] # not installed
then echo "$path $size $mtime $digest $mode"
continue
fi
S=. M=. F=. D=. L=. U=. G=. T=.
type=$(stat --format='%F' $path)
if [ "$type" = "regular file" ]
then if realsum=$(sha256sum <$path)
then [ $digest != ${realsum/ -/} ] && F=5
else F=?
fi
elif [ "$type" = "symbolic link" ]
then reallink=$(readlink $path)
[ "$symlink" != "$reallink" ] && L=L
# elif [ "$type" = "directory" ] ...
fi
eval $(stat --format='s=%s u=%U g=%G t=%Y hexmode=%f' $path)
realmode=$(printf "%07o" 0x$hexmode)
realmode6=$(printf "%06o" 0x$hexmode)
[ "$mode" != "$realmode" -a "$mode" != "$realmode6" ] && M=M
[ "$size" != "$s" ] && S=S
[ "$owner" != "$u" ] && U=U
[ "$owner" != "$g" ] && G=G
[ "$mtime" != "$t" ] && T=T
flags="$S$M$F$D$L$U$G$T"
[ "$flags" = "........" ] ||
echo "$flags $path" # missing: P capabilities
done
done