View previous topic :: View next topic |
Author |
Message |
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Sat Jan 12, 2013 4:56 pm Post subject: md5sum inspecting my installation - 50 packages failed |
|
|
Because of an sys-process/audit-2.2.2 bug
https://bugs.gentoo.org/show_bug.cgi?id=448470
I inspected my installation using md5sums of /var/db/pkg:
There maybe a tool already to do this, but I am lazy reading the manuals ...
Code: | #!/bin/bash
#set -x
export i
export m=$(basename $0)
export c="${HOME}/$m-$(date +%Y-%m-%d_%H%M%S)"
touch "$c" || exit
rm "$c" || exit
# test requirement
#
# Is something missing to the following grep?
for i in $( find /var/db/pkg -name CONTENTS ) ; do
grep -e'^obj /usr/x86' \
-e'^obj /usr/lib' \
-e'^obj /lib' \
-e'^obj /sbin/' \
-e'^obj /bin/' \
-e'^obj /usr/sbin/' \
-e'^obj /usr/bin' \
-e'^obj /opt/' \
"$i" \
|while read o p q r tails ; do
#
# Is following correct to except?
# - plugins.dat is known to be regenerated
# - soffice.bin unopkg.bin have one byte change
case $p in
/usr/lib*/vlc/plugins/plugins.dat )
;&
/usr/lib*/libreoffice/program/soffice.bin )
;&
/usr/lib*/libreoffice/program/unopkg.bin )
p="not"
;;
esac
#
# ignore filenames containing blanks - not implemented
if [ "${tails}" != "" ] ; then
echo -e "---skip fname with blanks: $p $q"
elif [ "$p" = "not" ] ; then
:
elif [ "$p" = "" ] ; then
:
else
echo "$q $p">>"$c"
fi
done
if [ -f "$c" ] ; then
package="none"
md5sum --check "$c"|grep -e'FAILED$'>>"$c-failed-files"\
&& package="${i#/var/db/pkg/}"
if [ "${package}" != "none" ] ; then
echo "---failed package: ${package%/CONTENTS}"
echo "---${package%/CONTENTS}" >>"$c-failed-files"
echo " =${package%/CONTENTS}" >>"$c-failed-packages"
else
echo "---success: ${i%/CONTENTS}"
fi
else
echo "---none inspected: ${i%/CONTENTS}"
fi
[ -f "$c" ] && rm "$c"
done
#
if [ -f "${c}-failed-packages" ] ; then
echo "---$m failed:"
cat "${c}-failed-packages"
echo "---$m failed: above packages"
echo "---$m hint: use following command to repair"
echo ' emerge -1 $(cat ' ${c}-failed-packages ')'
else
echo "---$m success: none of the md5sums failed."
[ -f "$c-failed-files" ] && rm "$c-failed-files"
fi
|
I did find some 50 packages having wrong md5sums of installed files. After doing an Code: | emerge -1 $(cat ${c}-failed-packages ) |
with above script generated list these errors vanished. Is this
- just normal
- indicating a virus
- due to having used prelink some time ago
- due to having upgraded gcc some time ago
??? |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Sat Jan 12, 2013 4:59 pm Post subject: |
|
|
prelink should handle the changed md5sum's |
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Sat Jan 12, 2013 5:26 pm Post subject: |
|
|
Could someone try my script or any other tool like it?
I would like to know if I am the only guy having a failing portage or virus ...
It should be possible to run my script as normal user not as root
[Edit] There are files that cannot be md5sumed as a normal user:
md5sum: /usr/bin/sudo: Permission denied
md5sum: /opt/google/chrome/chrome-sandbox: Permission denied
md5sum: /usr/lib64/virtualbox/VirtualBox: Permission denied
md5sum: /bin/ping: Permission denied
md5sum: /usr/lib64/misc/ssh-keysign: Permission denied |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Jan 12, 2013 6:24 pm Post subject: |
|
|
Paludis has this functionality built in FYI: `man cave-verify` |
|
Back to top |
|
|
dol-sen Retired Dev
Joined: 30 Jun 2002 Posts: 2805 Location: Richmond, BC, Canada
|
Posted: Sun Jan 13, 2013 7:53 am Post subject: |
|
|
gentoolkit's equery has a check module that checks the md5sums and timestamps against the vdb data recorded at merge time.
Be aware that some pkgs will fail if you edit their config file and such. _________________ Brian
Porthole, the Portage GUI frontend irc@freenode: #gentoo-guis, #porthole, Blog
layman, gentoolkit, CoreBuilder, esearch... |
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Sun Jan 13, 2013 8:54 am Post subject: |
|
|
dol-sen wrote: | Be aware that some pkgs will fail if you edit their config file and such. | Yes, it is the point of my script, which inspects only the relevant paths, to show only important md5sum failures !
Please do someone use it! Using it as non root user will show most and only miss the md5sum test of some suid programs. I suspect portage to be rotten or me to have a virus ...
[edit] "rotten" is harsh wording. But if the main purpose of portage - to upgrade critical libraries - is lost in an effort to make revdep-rebuild more comfortable - I will change towards paludis in this case ...
Last edited by ulenrich on Sun Jan 13, 2013 9:44 am; edited 1 time in total |
|
Back to top |
|
|
mv Watchman
Joined: 20 Apr 2005 Posts: 6747
|
Posted: Sun Jan 13, 2013 9:43 am Post subject: |
|
|
I did not run your script, but occassionally I run (from app-portage/portage-utils) which is more or less equivalent but presumably much faster and shows the differing files (not only the packages) which is probably more useful. Differences are usually: - Many obvious configurations and logs (not all are in /etc...), e.g.
- TeX data like /usr/share/texmf**/*.{fmt,.dat,.log,.lua} (most are autogenerated, some I had manually edited) or kdmrc
- plugin lists (e.g. for vlc)
- Previously, there used to appear precompiled data like *.pym or perl-related data, but it seems that this is treated more relitably, meanwhile
- 2 libreoffice binaries, even directly after installation
For the libreoffice binaries, I have no explanation, all the rest is rather obvious. I have no other differences in executable files. If you do have, maybe prelink did not update the checksums as it should. |
|
Back to top |
|
|
ulenrich Veteran
Joined: 10 Oct 2010 Posts: 1480
|
Posted: Sun Jan 13, 2013 9:51 am Post subject: |
|
|
mv wrote: | 2 libreoffice binaries, even directly after installation |
The two libreoffice stubs do have only one byte changed. I guess some kind of flag for a ready to go installation is set there after md5sums were written into the db. Perhaps the first start of libreoffice does a time consuming installation check and triggers a suid helper which manipulates that byte to just spare this kind of check in the future.
Quote: | maybe prelink did not update the checksums as it should. |
Yes I had suspected this also as a possibility since I used prelink until november.
- |
|
Back to top |
|
|
|