Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2>2009-10-16 08:20:38 +0000
committershtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2>2009-10-16 08:20:38 +0000
commitb243b4a37a499e7fd90e117ff165f28fc1946ada (patch)
treed2b6f0feb7aa79b4e64d9ff935c674a4c6df0110 /check_arch_system.sh
parentea6b672045a5dc55e865564fb0d39245085ea0e6 (diff)
[scripts] Add ArchLinux checking script.
git-svn-id: svn+ssh://scm.narf.ssji.net/svn/shtrom/scripts@680 1991c358-8f32-0410-a49a-990740bdf4c2
Diffstat (limited to 'check_arch_system.sh')
-rwxr-xr-xcheck_arch_system.sh78
1 files changed, 78 insertions, 0 deletions
diff --git a/check_arch_system.sh b/check_arch_system.sh
new file mode 100755
index 0000000..d81117c
--- /dev/null
+++ b/check_arch_system.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+# Scan an ArchLinux system against the official packages for modification or
+# tampering of installed files
+# Copyright (c) 2009, Olivier Mehani <shtrom@ssji.net>
+# All rights reserved.
+#
+# $Id$
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# 3. Neither the name of Olivier Mehani nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+PACKAGES=`pacman -Qs | sed -n "s#local\/\([-a-z0-9_]\+\) \([-\.0-9a-z]\+\).*#\1-\2#p"`
+CACHEDIR="/var/cache/pacman/pkg"
+
+WORKDIR=`mktemp -t -d arch_check.XXXXXXXXXX`
+LOGFILE=`pwd`/arch_check.`date +%Y%m%d-%H%M`
+
+echo "Checking installed Arch system against packages"
+echo ">> Considering `echo ${PACKAGES} | wc -w` packages"
+echo ">> Working in ${WORKDIR}"
+
+cat >> ${LOGFILE} << EOF
+$0 started at `date`
+Workdir: ${WORKDIR}
+EOF
+
+for PKG in ${PACKAGES}; do
+ echo ">> Considering ${PKG}"
+ cd ${WORKDIR}
+ rm -rf *
+ pacman -Ss -w ${PKG}
+ PKG_ARCHIVE=`ls ${CACHEDIR}/${PKG}-*.pkg.tar.gz 2> /dev/null`
+ if [ ! -z "${PKG_ARCHIVE}" ]; then
+ tar xzf ${PKG_ARCHIVE}
+ rm -f .PKGINFO .CHANGELOG .INSTALL .FILELIST
+ for FILE in `find . -type f`; do
+ LOCAL_SUM=`md5sum /${FILE} | cut -d" " -f 1`
+ SHIPPED_SUM=`md5sum ${FILE} | cut -d" " -f 1`
+ if [ "${LOCAL_SUM}" != "${SHIPPED_SUM}" ]; then
+ echo "!! MD5 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})"
+ echo "MD5 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})" >> ${LOGFILE}
+ else
+ LOCAL_SUM=`sha1sum /${FILE} | cut -d" " -f 1`
+ SHIPPED_SUM=`sha1sum ${FILE} | cut -d" " -f 1`
+ if [ "${LOCAL_SUM}" != "${SHIPPED_SUM}" ]; then
+ echo "!! SHA1 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})"
+ echo " SHA1 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})" >> ${LOGFILE}
+ fi
+ fi
+ done
+ else
+ echo "!! No ${CACHEDIR}/${PKG}-*.pkg.tar.gz found"
+ echo "No ${CACHEDIR}/${PKG}-*.pkg.tar.gz found" >> ${LOGFILE}
+
+ fi
+done
+rm -rf ${WORKDIR}