Package: dpkg Version: 1.17.9 Severity: wishlist dpkg allows verifying a package's integrity using the --verify command:
-V, --verify [package-name...] Verifies the integrity of package-name or all packages if omitted, by comparing information from the package installed paths with information from the files taken from the package metadata stored in the dpkg database. The origin of the information in the database is the binary packages themselves, which gets collected at package unpack time during installation. The output format is selectable with the --verify-format option, which by default uses the rpm format, but that might change in the future, and as such, programs parsing this command output should be explicit about the format they expect.
As this doesn't explain how the results are reported, one has to check the description of --verify-format:
--verify-format format-name Sets the output format for the --verify command. The only currently supported output format is rpm, which consists of a line for every path that failed any check. The lines start with 9 characters to report each specific check result, a '?' implies the check could not be done (lack of support, file permissions, etc), '.' implies the check passed, and an alphanumeric character implies a specific check failed; currently the only functional check is an md5sum verification against the stored value in the files database, denoted with a '5' on the third character. The line is followed by a space and an attribute character (currently 'c' for conffiles), another space and the pathname.
When this says "The only currently supported output format is rpm, which consists of a line for every path that failed any check.", the reader has no idea what checks are being referred. The paragraph later explains "currently the only functional check is an md5sum verification against the stored value in the files database, denoted with a '5' on the third character". I suggest to move check descriptions to the explanation of --verify, which could say that the integrity verification consists of a number of integrity checks, only one of which is currently functional. It would be great if the end result made it clear that --verify can't currently confirm a package's integrity (or, alternatively, explained how to interpret empty output). -- Filipus Klutiero http://www.philippecloutier.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
