How to verify installed packages

I have unexpectedly experienced an issue with a couple of broken packages, which was easily solved using debsums utility.

Installation

Install debsums package using the following command.

$ sudo apt-get install debsums

Usage

Verify every installed package.

Configuration files are excluded by default, unless stated otherwise.
$ sudo debsums
/usr/lib/accountsservice/accounts-daemon                                      OK
/usr/lib/accountsservice/accounts-daemon-pam-password-helper                  OK
/usr/share/dbus-1/interfaces/org.freedesktop.Accounts.User.xml                OK
/usr/share/dbus-1/interfaces/org.freedesktop.Accounts.xml                     OK
/usr/share/dbus-1/system-services/org.freedesktop.Accounts.service            OK
/usr/share/doc/accountsservice/README                                         OK
[..]

Verify every installed package including configuration files.

$ sudo debsums -a
/usr/lib/accountsservice/accounts-daemon                                      OK
/usr/lib/accountsservice/accounts-daemon-pam-password-helper                  OK
/usr/share/dbus-1/interfaces/org.freedesktop.Accounts.User.xml                OK
/usr/share/dbus-1/interfaces/org.freedesktop.Accounts.xml                     OK
/usr/share/dbus-1/system-services/org.freedesktop.Accounts.service            OK
/etc/dbus-1/system.d/org.freedesktop.Accounts.conf                            OK
[..]

Verify installed packages and report only errors.

$ sudo debsums -s
debsums: changed file /usr/share/initramfs-tools/scripts/casper-bottom/01integrity_check (from casper package)
debsums: changed file /usr/share/initramfs-tools/scripts/casper-bottom/15autologin (from casper package)
debsums: changed file /usr/share/cups/data/default-testpage.pdf (from cups-filters package)
debsums: changed file /sbin/start-stop-daemon (from dpkg package)
debsums: changed file /usr/share/applications/evince.desktop (from evince-common package)
debsums: missing file /usr/lib/firefox/distribution/searchplugins/locale/en-US/google.xml (from firefox package)

[..]

Verify every installed package and report only changed files.

$ sudo debsums -c
/usr/share/initramfs-tools/scripts/casper-bottom/01integrity_check
/usr/share/initramfs-tools/scripts/casper-bottom/15autologin
/usr/share/cups/data/default-testpage.pdf
/sbin/start-stop-daemon
/usr/share/applications/evince.desktop
debsums: missing file /usr/lib/firefox/distribution/searchplugins/locale/en-GB/google.xml (from firefox-locale-en package)
[..]

Verify every installed package including configuration files and report only changed files.

$ sudo debsums -ca
/usr/share/initramfs-tools/scripts/casper-bottom/01integrity_check
/usr/share/initramfs-tools/scripts/casper-bottom/15autologin
/usr/share/cups/data/default-testpage.pdf
/sbin/start-stop-daemon
/usr/share/applications/evince.desktop
/etc/default/cups
[..]

Verify every installed package and report only changed configuration files.

$ sudo debsums -ce
/etc/acpi/powerbtn.sh
/etc/lsb-release
/etc/issue.net
/etc/issue
/etc/default/cups
/etc/grub.d/10_linux
[..]

Verify specific package and its configuration files.

You can define packages to be verified in mentioned earlier examples using application arguments.
$ sudo debsums -a bash
/bin/bash                                                                     OK
/usr/bin/bashbug                                                              OK
/usr/bin/clear_console                                                        OK
/usr/share/doc/bash/COMPAT.gz                                                 OK
debsums: missing file /etc/skel/.bashrc (from bash package)
/etc/bash.bashrc                                                          FAILED
[..]

Advanced usage

Automatically reinstall packages

Get a list of packages with missing or modified file.

$ dpkg-query -S $(sudo debsums -c 2>&1 | sed -e "s/.*file \(.*\) (.*/\1/g") | cut -d: -f1 | sort -u
casper
cups-filters
dpkg
evince-common
firefox
firefox-locale-en
firefox-locale-pl
gnome-accessibility-themes
gnome-icon-theme-full
icedtea-netx-common
libreoffice-math

Use generated list to reinstall group of packages.

$ sudo apt-get install --reinstall $(dpkg-query -S $(sudo debsums -c 2>&1 | sed -e "s/.*file \(.*\) (.*/\1/g") | cut -d: -f1 | sort -u)

Check packages by file

Define and use helper bash function to check desired package by using single file instead of its name.

$ debsums-byfile() { dpkg-query -S $1; if [ "$?" -eq "0" ]; then sudo debsums $(dpkg-query -S $1 | cut -d: -f1); fi; }
$ debsums-byfile /usr/bin/vim
dpkg-query: no path found matching pattern /usr/bin/vim
$ debsums-byfile /usr/bin/mc
mc: /usr/bin/mc
/usr/bin/mc                                                                   OK
/usr/lib/mc/cons.saver                                                        OK
/usr/lib/mc/ext.d/archive.sh                                                  OK
/usr/lib/mc/ext.d/doc.sh                                                      OK
/usr/lib/mc/ext.d/image.sh                                                    OK
...

Notes

Read debsums manual page for additional information.

Milosz Galazka's Picture

About Milosz Galazka

Milosz is a system administrator working for a successful Polish company and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu