For the final installment of my “Summer of Scripts”, I’m showing a generic tool I wrote and a specialized version of it useful to Arch Linux users.
checksums for files inside tarballs without unpacking them.
% tarhash ~/src/mutt-1.5.21.tar.gz | head -3
It defaults to SHA1, but you can specify other hashes easily:
% tarhash --sha512 ~/src/mutt-1.5.21.tar.gz | head -3
Also, since it uses the powerful bsdtar of libarchive, it supports other archive formats as well:
% tarhash /usr/lib/python3.3/test/zipdir.zip
Since the hashes of tarballs themselves easily can change (due to changed metadata, different order of files, etc…), this tool is nice to compare tarballs contentwise.
tarhash actually is a by-product of
tries to find files that have changed in your Arch Linux installation,
compared to the original packages. Simply run it and after some time
you’ll see output like:
cpupower 3.10-1: /./etc/default/cpupower: FAILED
cpupower 3.10-1: sha256sum: WARNING: 1 computed checksum did NOT match
Of course, it’s ok that some config files have been changed, but that is your job to decide.
pacverify is also good if you think some (possibly undetected?)
filesystem corruption took place (or someone fiddled in your files,
but be sure to compare against verified package files them).
That’s it for the summer. I hope you had fun and learned something. :)
NP: Toxoplasma—Alte Zeichen