2

I have one debian package source with md5sum file inside DEBIAN directory

|-- DEBIAN | |-- control | |-- md5sums
  1. Now my question is when this file will be used?
  2. Will it be useful for integrity check of each file inside debian package before installing debian package?
  3. On machine when I install this debian package with manually modified md5sum(replaced some numbers in md5sum string) it doesn't show error, similar file is residing in /var/lib/dpkg/info/<package>.md5sums How can this be useful to check integrity of each file.
Improve this question

2 Answers 2

Reset to default
2

So, here is a quick compilation to answer all your questions:

  1. https://wiki.debian.org/MD5

MD5 Sums are 32 byte character strings that are the result of running the md5sum program against a particular file. Since it is very hard to find two different files that results in same strings, MD5's can be used to determine that the file or iso you downloaded is a bit-for-bit copy of the remote file or iso.

  1. You may use debsum.

  2. dpkg or apt-get don't check the md5sum before installing a package as you have already found out. The files you are talking about is used to verify if the packages have been altered after installation. See below:

https://debian-handbook.info/browse/stable/sect.package-meta-information.html

5.2.3. Checksums, List of Configuration Files

...the control.tar.gz archive of a Debian package may contain other interesting files. The first, md5sums, contains the MD5 checksums for all of the package's files. Its main advantage is that it allows dpkg --verify (which we will study in Section 14.3.3.1, “Auditing Packages with dpkg --verify”) to check if these files have been modified since their installation. Note that when this file doesn't exist, dpkg will generate it dynamically at installation time (and store it in the dpkg database just like other control files).

Improve this answer
2
  • Now simple questing, will md5sum is useful while installing debian package? like when doing dpkg -i test.deb and test.deb has md5sum file inside it will it able to check md5sum before installing the package? Commented Dec 23, 2015 at 13:25
  • So the only advantage of having this file is to save time at install-time by pre-computing the md5sums? Commented Feb 11, 2024 at 8:28
0

If you install the package debsums, then you can do a manual or scheduled verification of the installed packages.

Improve this answer
1
  • I don't want to verify post installation, but before installation if this md5sum file is useful for integrity check? Commented Dec 23, 2015 at 13:27

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.