Package: dpkg Version: 1.10.9 Severity: Wishlist
It would be nice to have a feature similar to rpm '--verify' option.
here is an exctract from rpm's manual page:
Verifying a package compares information about the installed files in the package with information about the files taken from the package metadata stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner and group of each file. Any discrepencies are displayed. Files that were not installed from the package, for example, documentation files excluded on installation using the "--excludedocs" option, will be silently ignored.
This could enable dpkg to alert if something is wrong, an maybe even to restore
permissions/ownership when needed.
also, We could use it to check which package(s) is corrupted when a loss of data occurs,
and, last but not least, we could check wether a basic rootkit was installed and replaced some binaries/libraries.
The file existence/permission check could be done with the actual .deb format, I suppose, but we need a new field in the master control file to put md5 information. I'm not sure how difficult it can be to implement.
-- Cl�ment "nodens" Hermann
