l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Jun 23 20:44

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] rpmverify
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] rpmverify



Sorry, this is a bit long... if you don't want to read it all, 
concentrate on the excerpt from the man page for rpm.  Essentially, its 
behavior is that you say

	# rpm --verify package

and it responds with silence if nothing has changed.  If something has 
changed, it prints a semi-cryptic string of characters for each file 
that has changed, the meaning of which is documented in the rpm man 
page.  So if you wanted to check all of the packages installed on the 
machine, you would write a script that gets a list of installed packages 
(using 'rpm -qa'), and then runs 'rpm --verify ...' on each package.  
You'll get a list of files that have changed and how... it's up to you 
to decide which changes constitute "damage", but obviously it's abnormal 
for binaries to change, and normal for things like configuration files 
to change (but you knew that :)

Check out the documentation below.

Matt

An excerpt from RPM(8):

    VERIFY OPTIONS
        The general form of an rpm verify command is

        rpm {-V|--verify} [select-options] [--nodeps]  [--nofiles]
        [--nomd5] [--noscripts]

        Verifying   a   package  compares  information  about  the
        installed files in the package with information about  the
        files  taken  from  the package metadata stored in the rpm
        database.  Among  other  things,  verifying  compares  the
        size,  MD5 sum, permissions, type, owner and group of each
        file.  Any discrepencies are displayed.  Files  that  were
        not installed from the package, for example, documentation
        files excluded on installation using  the  "--excludedocs"
        option, will be silently ignored.

        The  package selection options are the same as for package
        querying (including package manifest files as  arguments).
        Other options that can be used only in verify mode are:

        --nodeps
               Don't verify dependencies.

        --nofiles
               Don't verify files.

        --nomd5
               Don't verify file MD5 checksums.

        --noscripts
               Don't execute the %verifyscript scriptlet (if any).

        The format of the output is a string of  8  characters,  a
        possible  "c"  denoting a configuration file, and then the
        file name. Each of the 8 characters denotes the result  of
        a  comparison  of attribute(s) of the file to the value of
        those attribute(s) recorded in the database.  A single "."
        (period)  means the test passed, while a single "?"  indi?
        cates the test could not be performed (e.g.  file  permis?
        sions   prevent  reading).  Otherwise,  the  (mnemonically
        emBoldened) character denotes failure of the corresponding
        --verify test:

        S file Size differs

        M Mode differs (includes permissions and file type)
        --verify test:

        S file Size differs

        M Mode differs (includes permissions and file type)

        5 MD5 sum differs

        D Device major/minor number mis-match

        L readLink(2) path mis-match

        U User ownership differs

        G Group ownership differs

        T mTime differs

-----

I've never used rpmverify, but here's the usage "documentation", such as 
it is.  Looks like maybe this is meant to fill the role of the script I 
suggested above, and then some.

# rpmverify --help
Usage: rpmverify [OPTION...]

Query options (with -q or --query):
   -c, --configfiles             list all configuration files
   -d, --docfiles                list all documentation files
   --dump                        dump basic file information
   -l, --list                    list files in package
   --queryformat=QUERYFORMAT     use the following query format
   -s, --state                   display the states of the listed files
   -v, --verbose                 display a verbose file listing
   -a, --all                     query/verify all packages
   -f, --file                    query/verify package(s) owning file
   -g, --group                   query/verify package(s) in group
   -p, --package                 query/verify a package file (i.e. a 
binary
                                 *.rpm file)
   --querytags                   display known query tags
   --specfile                    query a spec file
   --whatrequires                query/verify the package(s) which 
require a
                                 dependency
   --whatprovides                query/verify the package(s) which 
provide a
                                 dependency

Verify options (with -V or --verify):
   --nomd5[|=0x1]                don't verify MD5 digest of files
   --nofiles[|=0x10000]          don't verify files in package
   --nodeps[|=0x20000]           don't verify package dependencies
   --noscript[|=0x40000]         don't execute %verifyscript (if any)
   -a, --all                     query/verify all packages
   -f, --file                    query/verify package(s) owning file
   -g, --group                   query/verify package(s) in group
   -p, --package                 query/verify a package file (i.e. a 
binary
                                 *.rpm file)
   --querytags                   display known query tags
   --specfile                    query a spec file
   --whatrequires                query/verify the package(s) which 
require a
                                 dependency
   --whatprovides                query/verify the package(s) which 
provide a
                                 dependency

Common options for all rpm modes:
   --version                     print the version of rpm being used
   --quiet                       provide less detailed output
   -v, --verbose                 provide more detailed output
   --define='<name> <body>'      define macro <name> with value <body>
   --eval=<expr>+                print macro expansion of <expr>+
   -r, --root=<dir>              use <dir> as the top level directory 
(default:
                                 "/")
   --macros=<file:...>           read <file:...> instead of default macro
                                 file(s)
   --rcfile=<file:...>           read <file:...> instead of default rpmrc
                                 file(s)
   --showrc                      display final rpmrc and macro 
configuration

Options implemented via popt alias/exec:

Help options:
   -?, --help                    Show this help message
   --usage                       Display brief usage message

On Sunday, June 23, 2002, at 07:52 PM, msimons@moria.simons-clan.com 
wrote:

>   While working on Richard's Redhat system I tried looking for a
> program approximately equivalent to "debsums" for identifying which
> packages should be reinstalled due to damage to their files.  I found
> a program called "rpmverify" which seems to do more than debsums, but
> I could not find a man page and some quick searches on google showed
> no useful documentation.
>
> - Where is there information about rpmverify?
> - What other ways are there to check for files changed from the packaged
>   versions exist on Redhat?
>
>     Thanks,
>       Mike
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.