Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 5CDFA780FE5 for <~alpine/users@lists.alpinelinux.org>; Mon, 10 Jan 2022 17:48:35 +0000 (UTC) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 71E9B5C0101 for <~alpine/users@lists.alpinelinux.org>; Mon, 10 Jan 2022 12:48:34 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 10 Jan 2022 12:48:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml1.net; h=date :from:to:subject:message-id:mime-version:content-type :in-reply-to; s=fm2; bh=KoDaCB/Lqvbxi5rETP+WF3LW55hqQ4ftCqiWXzdN ySc=; b=fZU5YussUibwb5Laj4Q2WGJbC/QcOPnfquaWI3FBTTuh80BOq3ZgWT3G yG4l/N8gC7wH4Dx23TreACmyMHVMSNnHPMEprOEHEwzaFmFVYlcLXC1e7CCu/Ibx TSFcM0OdKQ4ZMJmDg3+WnN7zEBED3Y4iPixRaw0hLp3PeiQQkP8y4V2qbInMkjd4 mu9CzwqiHragnqDoVYetXuRZzLJZtNw5wSrJJaEebwVJkl8Htc+ddlFzCsMnvWFR /gM50N6iEbGpfBXgZU1cUGZ4q7QhTWDLcTg33FEZMeku4ITo9lR/R7CWtMnikoUr 83x21kJt4LmQCf2gDxBXJCyNerE8NA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=KoDaCB/Lqvbxi5rET P+WF3LW55hqQ4ftCqiWXzdNySc=; b=MgVlzG7ev2G3s4WnwTIkj4iK5DXC0hQT0 QhIpfTrZFLOLwwPPjiAkbI5mCcqvUxk34kj9ElNXKGn4KfF3hB/pOucCj5RV7YKG KfL18Qz42zOE7obCgzKzlxE35RBDwurJmswF9972ChKE6Ao8/WnoGgITLGlzjdgK f1JWHd/mv4i3eC3v0NwBoXSX3cYCIk+5AH6vWaQPCP1/TFBgBbQKa5m114Uubr5W nP/ALRwfLZuInbzgQ5dI7LjLJ+kr57L6FphB+meVd1ztW2OETTzffe4FwsOtR6x9 zMBiHxefZk9Z0uigggjOIMWfAcwqb4yz7mzfbZnvnAf2bD4LQzk6g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrudehuddgjeelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtuggjsehttdertd dttddvnecuhfhrohhmpeghihhnshhtohhnucghvghinhgvrhhtuceofihinhhsthhonhes mhhluddrnhgvtheqnecuggftrfgrthhtvghrnhepieegjeeliefghfethfeghfduueejle dvgfefgfdvieehhedujeelueevhffggfdvnecuffhomhgrihhnpeifihhnnhihrdhtvggt hhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeifih hnshhtohhnsehmlhdurdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for <~alpine/users@lists.alpinelinux.org>; Mon, 10 Jan 2022 12:48:34 -0500 (EST) Date: Mon, 10 Jan 2022 11:48:33 -0600 From: Winston Weinert To: ~alpine/users@lists.alpinelinux.org Subject: Re: Compare /etc against package defaults? Message-ID: <20220110174833.5geeie3fqpxnvdoj@ml1.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220109013908.349f0156064dbe8936527b9f@googlemail.com> > Using apk audit will handle this, Bingo! It appears older version of apk does list an audit subcommand in the 'apk --help' usage, so I hadn't heard of 'apk audit' before :). Never-the-less this 'apk audit' subcommand does work on these old crufty servers. Based on the discussion in this thread, I came up with a solution: 1) Ensure all .apk files for your installed packages are available locally. a) run 'setup-apkcache' b) run 'apk cache download' c) If some packages are missing, I guess one could compare against a .apk that has a different version number. 2) Loop over the output of 'apk audit' a) Determine what package owns the file: 'apk -v info -W FILE' b) Try to find a .apk that looks like it is for the given package: 'find /path/to/apkcache -type f -name "PKG.*.apk"' c) Run diff against the file from the 'apk audit' output and the file extracted from the .apk ('tar -xzOf the-pkg.apk FILE' seems to work) There might be some oversights in the above steps, I'm interested to hear about them. Thanks, -- Winston Weinert winston@ml1.net https://winny.tech/