Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#67610 - Save file hashes in packages and the local database
Attached to Project:
Pacman
Opened by Dragoon Aethis (DragoonAethis) - Sunday, 16 August 2020, 20:01 GMT
Last edited by Andrew Gregory (andrewgregory) - Saturday, 22 August 2020, 02:33 GMT
Opened by Dragoon Aethis (DragoonAethis) - Sunday, 16 August 2020, 20:01 GMT
Last edited by Andrew Gregory (andrewgregory) - Saturday, 22 August 2020, 02:33 GMT
|
DetailsCurrently, the local database contains the desc file (mostly/the same as in the synced databases) and a list of files + mtree of a given package. It'd be nice to also include hashes of each file provided by those packages. This would enable users to verify if the files on disk are consistent with the original package content and to find all changes compared to a fresh system with the same installed package list. (It's not a security improvement though, as any potentially malicious program that could overwrite root-owned package files can also overwrite hashes in the local database.)
|
This task depends upon
Closed by Andrew Gregory (andrewgregory)
Saturday, 22 August 2020, 02:33 GMT
Reason for closing: None
Saturday, 22 August 2020, 02:33 GMT
Reason for closing: None
pacman -S pacutils && paccheck --md5sum --sha256sum [<package-to-check> ...]