Have you ever wondered why a given binary or package installed on your system does not work according to your expectations, meaning it does not function correctly as it is supposed to, or perhaps it cannot even start at all?

While downloading packages, you may face challenges such as unsteady network connections or unexpected power blackouts. This can result in the installation of a corrupted package.

Considering this an important factor in maintaining uncorrupted packages on your system, it is therefore a vital step to verify the files on the file system against the information stored in the package.

In this article, we will explain how to verify the MD5 checksums of installed packages on Debian-based distributions such as Ubuntu and Mint.

How to Verify Installed Packages Against MD5 Checksums

On Debian/Ubuntu systems, you can use the debsums tool to check the MD5 sums of installed packages. If you want to know more about the debsums package before installing it, you can use the apt-cache command as follows:

apt-cache search debsums

Next, install it using the apt command.

sudo apt install debsums
Install debsums in Ubuntu
Install debsums in Ubuntu

Now it’s time to learn how to use the debsums tool to verify the MD5 sum of installed packages.

Note: I have used sudo with all the commands below, because certain files may not have read permissions for regular users.

Understanding the Output of debsums

The output from the debsums command shows you the file location on the left and the check results on the right.

There are three possible results you can get:

  • OK – indicates that a file’s MD5 sum is good.
  • FAILED – shows that a file’s MD5 sum does not match.
  • REPLACED – means that the specific file has been replaced by a file from another package.

When you run it without any options, debsums checks every file on your system against the stock MD5 sum files.

sudo debsums
Verify MD5 Checksums of Installed Packages
Verify MD5 Checksums of Installed Packages

Checking MD5 Sums of All Files for Changes

To enable checking every file and configuration file for changes, include the -a or --all option.

sudo debsums --all
Check Every File and Configuration for Changes
Check Every File and Configuration for Changes

Checking MD5 Sums of Only Configuration Files

It is also possible to check only the configuration files, excluding all other package files, by using the -e or --config option.

sudo debsums --config
Check MD5 Sums of Configuration Files
Check MD5 Sums of Configuration Files

Displaying Only Changed Files

To display only the changed files in the output of debsums, use the -c or --changed option.

sudo debsums --changed
Checking for Modified Files
Checking for Modified Files

Listing Missing MD5 Sums of Files

To display files that do not have MD5 sum information, use the -l or --list-missing option. On my system, this command does not show any files.

sudo debsums --list-missing

Verify the MD5 Sum of a Single Package

You can also verify the MD5 sum of a single package by specifying its name.

sudo debsums curl
Verify MD5 Checksums of Single Package
Verify MD5 Checksums of Single Package

Ignoring File Permission Errors in Debsums

Assuming that you are running debsums as a regular user without sudo, you can treat permission errors as warnings by using the --ignore-permissions option:

debsums --ignore-permissions
Using Debsums Without Sudo Privileges
Using Debsums Without Sudo Privileges

How to Generate MD5 Sums from .Deb Files

The -g option tells debsums to generate MD5 sums from the .deb contents.

Here are the additional options you can use:

  • missing – instructs debsums to generate MD5 sums from the .deb for packages that don’t provide one.
  • all – directs debsums to ignore the on-disk sums and use the one present in the .deb file, or generate one from it if none exists.
  • keep – tells debsums to write the extracted/generated sums to /var/lib/dpkg/info/package.md5sums file.
  • nocheck – means the extracted/generated sums are not checked against the installed package.

When you look at the contents of the /var/lib/dpkg/info/ directory, you will see MD5 sums for various files that packages include, as shown below:

cd /var/lib/dpkg/info
ls *.md5sums
Listing MD5 Sum Files from Installed Packages
Listing MD5 Sum Files from Installed Packages

You can generate an MD5 sum for the apache2 package by running the following command:

sudo debsums --generate=missing apache2

Since the apache2 package on my system already has MD5 sums, it will show the same output as running.

sudo debsums apache2
Generating MD5 Sums for a Specific Package
Generating MD5 Sums for a Specific Package

For more interesting options and usage information, look through the debsums man page:

man debsums
Conclusion

In this article, we shared how to verify installed Debian/Ubuntu packages against MD5 checksums. This can be useful to avoid installing and executing corrupted binaries or package files on your system by checking the files on the file system against the information stored in the package.

For any questions or feedback, feel free to use the comment form below. You can also offer one or two suggestions to make this post better.

Similar Posts