Verify package contents by hand or use simple shell script to automate this process.
I will use rsyslog-pgsql package to show you how to explain this operation.
$ apt-get download rsyslog-pgsql
Get:1 http://deb.debian.org/debian stretch/main amd64 rsyslog-pgsql amd64 8.24.0-1 [188 kB] Fetched 188 kB in 0s (7422 kB/s)
Manual operation
Create temporary directory.
$ mkdir contents
Extract package contents to verify md5sums.
$ dpkg -x rsyslog-pgsql_8.24.0-1_amd64.deb ./contents/
Verify MD5 hashes.
$ cd contents && md5sum -c ../md5sums
usr/lib/x86_64-linux-gnu/rsyslog/ompgsql.so: OK usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql: OK usr/share/doc/rsyslog-pgsql/NEWS.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.gz: OK usr/share/doc/rsyslog-pgsql/copyright: OK usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template: OK
Simple shell script
This shell script uses the same method as the manual one to verify package contents.
#!/bin/bash # verify package contents # verify that first parameter is defined if [ ! "$#" -eq "1" ]; then echo "Verify package contents" echo echo "Usage:" echo " $0 package.deb" exit 1 fi # verify that first parameter is a file if [ ! -f "$1" ] && [ -d "$1" ]; then echo "Parameter $1 is not a file" exit 1 fi # verify that first parameter is a deb package file_type=$(file -b "$1") if [ ! "$file_type" == "Debian binary package (format 2.0)" ]; then echo "Parameter $1 is not a deb package" exit 1 fi # create temporary directory and a trap temp_dir=$(mktemp -d) trap 'rm -rf $temp_dir' EXIT # extract package contents dpkg -x $1 $temp_dir # verify package contents dpkg --ctrl-tarfile $1 | tar -x --directory $temp_dir ./md5sums cd $temp_dir && md5sum -c $temp_dir/md5sums exit $?
usr/lib/x86_64-linux-gnu/rsyslog/ompgsql.so: OK usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql: OK usr/share/doc/rsyslog-pgsql/NEWS.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.gz: OK usr/share/doc/rsyslog-pgsql/copyright: OK usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template: OK
Advanced shell script
This shell script uses more advanced methods to verify package contents and does not need to create temporary directory to extract package data.
#!/bin/bash
# verify package contents
# verify that first parameter is defined
if [ ! "$#" -eq "1" ]; then
echo "Verify package contents"
echo
echo "Usage:"
echo " $0 package.deb"
exit 1
fi
# verify that first parameter is a file
if [ ! -f "$1" ] && [ -d "$1" ]; then
echo "Parameter $1 is not a file"
exit 1
fi
# verify that first parameter is a deb package
file_type=$(file -b "$1")
if [ ! "$file_type" == "Debian binary package (format 2.0)" ]; then
echo "Parameter $1 is not a deb package"
exit 1
fi
# default exit code
exit_code=0
# verify package contents
dpkg --ctrl-tarfile $1 | tar -x --to-stdout ./md5sums | while read -r line; do
md5sum_hash=$(echo $line | cut -d " " -f 1)
md5sum_file=$(echo $line | cut -d " " -f 2)
extracted_file_hash=$(dpkg --fsys-tarfile $1 | tar -x --to-stdout ./$md5sum_file | md5sum | cut -d " " -f 1)
if [ "$md5sum_hash" == "$extracted_file_hash" ]; then
echo "${md5sum_file}: OK"
else
echo "${md5sum_file}: BAD"
exit_code=2
fi
done
exit $exit_code
usr/lib/x86_64-linux-gnu/rsyslog/ompgsql.so: OK usr/share/dbconfig-common/data/rsyslog-pgsql/install/pgsql: OK usr/share/doc/rsyslog-pgsql/NEWS.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.Debian.gz: OK usr/share/doc/rsyslog-pgsql/changelog.gz: OK usr/share/doc/rsyslog-pgsql/copyright: OK usr/share/rsyslog-pgsql/rsyslog-pgsql.conf.template: OK
It is superior to the previous one, but unfortunately it is very slow.