[pacman-dev] md5sum check script
Hello, I started writing a script last week, but I think I'm pretty bad at this. IMO, it's ugly, long, complicated, slow and unsafe. I'm sending it not for usage, but since I don't see any progress, I thought maybe you could pick some ideas for writing a better one :) Now a little description of what it does : it takes the list of NoUpgrade config in /etc/pacman.conf . If it doesn't find any, it takes the default list in pacman2. It then builds the list of packages owning these files, and stores the result temporary in /tmp/backup/ It then checks if the package are available in the cache (/var/cache/pacman/pkg), if not, it tries to download them. If it's still can't download it, it'll just use a fake md5sum (0^32) for the config files in this package. Then, for each package, it'll go look at the md5sum of its config files in /var/lib/pacman/local , and compare them with the md5sum from the original package. If they are different, it's wrong, and was most certainly caused by NoUpgrade. If this file was indeed in the NoUpgrade array, and additionally the md5sum stored in the local database is the same than the md5sum of the config in the filesystem, then everything confirms that it's wrong, and the script is happy. Note : there are already 2 places where root is needed, just for checking : for downloading the missing packages, and for reading the config files in the filesystem only readable by root, like /etc/shadow. I used sudo for these 2 lines. It would then also be needed for actually correcting the md5sum.
I'm parsing the output of pacman -Q, for getting the packages owning the config files, but it's based on the english output of pacman. Example : $ LANG=C pacman -Qo /etc/fstab /etc/fstab is owned by filesystem 0.8-2 $ pacman -Qo /etc/fstab /etc/fstab appartient à filesystem 0.8-2 one word less in the french output, so it breaks at line 33 and 34 :) As a quick workaround, I added LANG=C at the top of the script. Otherwise, a less stupid parsing (probably slightly more complicated) is needed. (or a less stupid approach from the beginning, but I already suggested that :) )
Na Thu, Apr 19, 2007 at 10:22:35PM +0200, Xavier <shiningxc@gmail.com> pisal(a):
the config files, but it's based on the english output of pacman.
that's always bad. using the bindings and pacman_pkg_getowners() you no longer depend on the output of the frontend. the bad fact is that such a function is not available in -g1 (nor alpm_pkg_getowners()) and the bindings are removed, too :( VMiklos -- developer of Frugalware Linux - http://frugalware.org
On 4/19/07, Xavier <shiningxc@gmail.com> wrote:
Hello,
I started writing a script last week, but I think I'm pretty bad at this. IMO, it's ugly, long, complicated, slow and unsafe. I'm sending it not for usage, but since I don't see any progress, I thought maybe you could pick some ideas for writing a better one :) Now a little description of what it does : it takes the list of NoUpgrade config in /etc/pacman.conf . If it doesn't find any, it takes the default list in pacman2. It then builds the list of packages owning these files, and stores the result temporary in /tmp/backup/ It then checks if the package are available in the cache (/var/cache/pacman/pkg), if not, it tries to download them. If it's still can't download it, it'll just use a fake md5sum (0^32) for the config files in this package. Then, for each package, it'll go look at the md5sum of its config files in /var/lib/pacman/local , and compare them with the md5sum from the original package. If they are different, it's wrong, and was most certainly caused by NoUpgrade. If this file was indeed in the NoUpgrade array, and additionally the md5sum stored in the local database is the same than the md5sum of the config in the filesystem, then everything confirms that it's wrong, and the script is happy. Note : there are already 2 places where root is needed, just for checking : for downloading the missing packages, and for reading the config files in the filesystem only readable by root, like /etc/shadow. I used sudo for these 2 lines. It would then also be needed for actually correcting the md5sum.
Although I didn't use your exact script, I did use a few parts from it, so thanks (such as the grabbing files from pacman.conf). We decided to fix the issue this way- simply replace the stored md5sum with a string of 0's for every file known to be in NoUpgrade. This will cause a one time creation of pacnew files for each of these, which should be no big deal. I'll post the actual script a little bit later after some debugging. -Dan
participants (3)
-
Dan McGee
-
VMiklos
-
Xavier