What is the apt equivalent to "rpm -V" (Verify installed packages)

Question

On a RedHat/CentOS system, I can verify the installed RPMs on my system using rpm -V.

What is the Ubuntu or apt equivalent of this command?

score 31 · Accepted Answer · answered Oct 25 '10 at 19:22

31

The package "debsums" is what you want to install to perform hash checks against installed packages.

For example, to check for changed files:

sudo debsums -c

Note that not all packages ship with md5sum file lists. You can see a list of those on your system with:

sudo debsums -l

answered Oct 25 '10 at 19:22

Kees Cook

17,473

"debsums -l" is the same as "debsums --list-missing" so it will list all packages without checksums. – driax Dec 31 '13 at 21:49

score 8 · Answer 2 · answered Oct 25 '10 at 19:58

8

To followup to what Kees said, to deal with packages that don't include a buildtime generated debsums md5sum file, by default the debsums package also installs an apt hook to generate a debsums as part of the package installation process. Thus, one way to generate the debsums file for those packages that are missing them is to apt-get install --reinstall them.

answered Oct 25 '10 at 19:58

Steve Beattie

1,141

Thanks for the tip! I always assumed that the system would keep it's own list of signatures. I notice that Ubuntu binutils (which includes ld and some core tools) doesn't include a signature, which seems unwise considering that these linker tools are at the core of the system, and we need to ensure that these tools are never modified or comprimised. – Stefan Lasiewski Oct 25 '10 at 20:16
5

I found a simpler way to generate debsums for those packages that are missing them. The command sudo debsums_init will do the heavy lifting for you. It will download the packages from the repository, and will generate the md5sums for you. – Stefan Lasiewski Oct 25 '10 at 22:47

What is the apt equivalent to "rpm -V" (Verify installed packages)

2 Answers2

Linked