From owner-freebsd-questions@freebsd.org Mon Mar 1 16:00:05 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 207FB562B61 for ; Mon, 1 Mar 2021 16:00:05 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dq4j04FCJz4mvK; Mon, 1 Mar 2021 16:00:04 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 121G01bd073145; Mon, 1 Mar 2021 09:00:02 -0700 (MST) (envelope-from freebsd@dreamchaser.org) Reply-To: freebsd@dreamchaser.org Subject: Re: installed ports library audit? To: Matthew Seaman , FreeBSD Mailing List References: <97db8511-c5e0-26cc-5e56-4dfa976d7d12@FreeBSD.org> <0935eab6-d458-2c3e-3f8a-a6879fe27363@FreeBSD.org> From: Gary Aitken Message-ID: Date: Mon, 1 Mar 2021 08:54:53 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <0935eab6-d458-2c3e-3f8a-a6879fe27363@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Mon, 01 Mar 2021 09:00:02 -0700 (MST) X-Rspamd-Queue-Id: 4Dq4j04FCJz4mvK X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2021 16:00:05 -0000 On 3/1/21 8:38 AM, Matthew Seaman wrote: > On 01/03/2021 15:36, Matthew Seaman wrote: >> On 01/03/2021 03:43, Gary Aitken wrote: >>> I just mostly recovered from a system crash where /usr was corrupted and >>> had to be recovered using fsck; couldn't completely recover using the >>> journal. >>> >>> I suspect the trashed files are in one of a few libraries.  I'm wondering >>> if there's an easy way to audit all files installed by given ports, >>> i.e. do an sha256 or something like that on each and compare with the known >>> good if it's available somewhere? > Dammit. `pkg check -s -x .` > > `-r` is exactly what you don't want, as that will make pkg(8) believe the corrupted files are actually correct. Thanks, glad I went to bed before I saw the wrong one. I read the man page first but sometimes a in-a-hurry-to-get-things-done read misses things like that. Is there a similar check for the base system install? I see security audits but those are event related. Gary