diff options
| author | shtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2> | 2009-10-16 08:20:38 +0000 |
|---|---|---|
| committer | shtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2> | 2009-10-16 08:20:38 +0000 |
| commit | b243b4a37a499e7fd90e117ff165f28fc1946ada (patch) | |
| tree | d2b6f0feb7aa79b4e64d9ff935c674a4c6df0110 /check_arch_system.sh | |
| parent | ea6b672045a5dc55e865564fb0d39245085ea0e6 (diff) | |
[scripts] Add ArchLinux checking script.
git-svn-id: svn+ssh://scm.narf.ssji.net/svn/shtrom/scripts@680 1991c358-8f32-0410-a49a-990740bdf4c2
Diffstat (limited to 'check_arch_system.sh')
| -rwxr-xr-x | check_arch_system.sh | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/check_arch_system.sh b/check_arch_system.sh new file mode 100755 index 0000000..d81117c --- /dev/null +++ b/check_arch_system.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# Scan an ArchLinux system against the official packages for modification or +# tampering of installed files +# Copyright (c) 2009, Olivier Mehani <shtrom@ssji.net> +# All rights reserved. +# +# $Id$ +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# 3. Neither the name of Olivier Mehani nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +PACKAGES=`pacman -Qs | sed -n "s#local\/\([-a-z0-9_]\+\) \([-\.0-9a-z]\+\).*#\1-\2#p"` +CACHEDIR="/var/cache/pacman/pkg" + +WORKDIR=`mktemp -t -d arch_check.XXXXXXXXXX` +LOGFILE=`pwd`/arch_check.`date +%Y%m%d-%H%M` + +echo "Checking installed Arch system against packages" +echo ">> Considering `echo ${PACKAGES} | wc -w` packages" +echo ">> Working in ${WORKDIR}" + +cat >> ${LOGFILE} << EOF +$0 started at `date` +Workdir: ${WORKDIR} +EOF + +for PKG in ${PACKAGES}; do + echo ">> Considering ${PKG}" + cd ${WORKDIR} + rm -rf * + pacman -Ss -w ${PKG} + PKG_ARCHIVE=`ls ${CACHEDIR}/${PKG}-*.pkg.tar.gz 2> /dev/null` + if [ ! -z "${PKG_ARCHIVE}" ]; then + tar xzf ${PKG_ARCHIVE} + rm -f .PKGINFO .CHANGELOG .INSTALL .FILELIST + for FILE in `find . -type f`; do + LOCAL_SUM=`md5sum /${FILE} | cut -d" " -f 1` + SHIPPED_SUM=`md5sum ${FILE} | cut -d" " -f 1` + if [ "${LOCAL_SUM}" != "${SHIPPED_SUM}" ]; then + echo "!! MD5 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})" + echo "MD5 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})" >> ${LOGFILE} + else + LOCAL_SUM=`sha1sum /${FILE} | cut -d" " -f 1` + SHIPPED_SUM=`sha1sum ${FILE} | cut -d" " -f 1` + if [ "${LOCAL_SUM}" != "${SHIPPED_SUM}" ]; then + echo "!! SHA1 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})" + echo " SHA1 mismatch for \`${FILE}' in \`${PKG_ARCHIVE}' (${LOCAL_SUM} instead of ${SHIPPED_SUM})" >> ${LOGFILE} + fi + fi + done + else + echo "!! No ${CACHEDIR}/${PKG}-*.pkg.tar.gz found" + echo "No ${CACHEDIR}/${PKG}-*.pkg.tar.gz found" >> ${LOGFILE} + + fi +done +rm -rf ${WORKDIR} |
