Verify package contents by hand or use simple shell script to automate this process.
I will use rsyslog-pgsql package to show you how to explain this operation.
$ apt-get download rsyslog-pgsql
Get:1 http://deb.debian.org/debian stretch/main amd64 rsyslog-pgsql amd64 8.24.0-1 [188 kB] Fetched 188 kB in 0s (7422 kB/s)
Manual operation
Create temporary directory.
$ mkdir contents
Extract package contents to verify md5sums.
$ dpkg -x rsyslog-pgsql_8.24.0-1_amd64.deb ./contents/
Verify MD5 hashes.
$ cd contents && md5sum -c ../md5sums
usr/lib/x86_64-linux-gnu/rsyslog/ompgsql.so: OK usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql: OK usr/share/doc/rsyslog-pgsql/NEWS.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.gz: OK usr/share/doc/rsyslog-pgsql/copyright: OK usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template: OK
Simple shell script
This shell script uses the same method as the manual one to verify package contents.
#!/bin/bash # verify package contents # verify that first parameter is defined if [ ! "$#" -eq "1" ]; then echo "Verify package contents" echo echo "Usage:" echo " $0 package.deb" exit 1 fi # verify that first parameter is a file if [ ! -f "$1" ] && [ -d "$1" ]; then echo "Parameter $1 is not a file" exit 1 fi # verify that first parameter is a deb package file_type=$(file -b "$1") if [ ! "$file_type" == "Debian binary package (format 2.0)" ]; then echo "Parameter $1 is not a deb package" exit 1 fi # create temporary directory and a trap temp_dir=$(mktemp -d) trap 'rm -rf $temp_dir' EXIT # extract package contents dpkg -x $1 $temp_dir # verify package contents dpkg --ctrl-tarfile $1 | tar -x --directory $temp_dir ./md5sums cd $temp_dir && md5sum -c $temp_dir/md5sums exit $?
usr/lib/x86_64-linux-gnu/rsyslog/ompgsql.so: OK usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql: OK usr/share/doc/rsyslog-pgsql/NEWS.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.gz: OK usr/share/doc/rsyslog-pgsql/copyright: OK usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template: OK
Advanced shell script
This shell script uses more advanced methods to verify package contents and does not need to create temporary directory to extract package data.
#!/bin/bash # verify package contents # verify that first parameter is defined if [ ! "$#" -eq "1" ]; then echo "Verify package contents" echo echo "Usage:" echo " $0 package.deb" exit 1 fi # verify that first parameter is a file if [ ! -f "$1" ] && [ -d "$1" ]; then echo "Parameter $1 is not a file" exit 1 fi # verify that first parameter is a deb package file_type=$(file -b "$1") if [ ! "$file_type" == "Debian binary package (format 2.0)" ]; then echo "Parameter $1 is not a deb package" exit 1 fi # default exit code exit_code=0 # verify package contents dpkg --ctrl-tarfile $1 | tar -x --to-stdout ./md5sums | while read -r line; do md5sum_hash=$(echo $line | cut -d " " -f 1) md5sum_file=$(echo $line | cut -d " " -f 2) extracted_file_hash=$(dpkg --fsys-tarfile $1 | tar -x --to-stdout ./$md5sum_file | md5sum | cut -d " " -f 1) if [ "$md5sum_hash" == "$extracted_file_hash" ]; then echo "${md5sum_file}: OK" else echo "${md5sum_file}: BAD" exit_code=2 fi done exit $exit_code
usr/lib/x86_64-linux-gnu/rsyslog/ompgsql.so: OK usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql: OK usr/share/doc/rsyslog-pgsql/NEWS.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.gz: OK usr/share/doc/rsyslog-pgsql/copyright: OK usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template: OK
It is superior to the previous one, but unfortunately it is very slow.