DEV Community

Le Stephane
Le Stephane

Posted on • Updated on

Sanitizing Debian

(this is my first post on dev.to, testing the waters, be gentle)

Today I wanted to check whether any file on my system was not exactly the file that was shipped in its debian package. So after some research, I settled on the debsums command:

$ sudo debsums -s
debsums: changed file /usr/share/applications/code-url-handler.desktop (from code package)
debsums: changed file /usr/share/applications/code.desktop (from code package)
debsums: changed file /usr/share/applications/gedit.desktop (from gedit package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/__init__.cpython-35.pyc (from python3-cupshelpers package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/config.cpython-35.pyc (from python3-cupshelpers package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/cupshelpers.cpython-35.pyc (from python3-cupshelpers package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/installdriver.cpython-35.pyc (from python3-cupshelpers package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/openprinting.cpython-35.pyc (from python3-cupshelpers package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/ppds.cpython-35.pyc (from python3-cupshelpers package)
debsums: changed file /usr/lib/python3/dist-packages/cupshelpers/__pycache__/xmldriverprefs.cpython-35.pyc (from python3-cupshelpers package)
Enter fullscreen mode Exit fullscreen mode

Moved on to re-installing the affected packages:

$ sudo debsums -s 2>&1 | \
  grep -oE "from .* package" | \
  sort | uniq | \
  while read PKG; do
    echo "$PKG" | cut -d ' ' -f 2;
  done;
code
gedit
python3-cupshelpers
$ sudo aptitude reinstall code gedit python3-cupshelpers
...
Enter fullscreen mode Exit fullscreen mode

And checked (again):

$ sudo debsums -s
debsums: changed file /usr/share/applications/code-url-handler.desktop (from code package)
debsums: changed file /usr/share/applications/code.desktop (from code package)
Enter fullscreen mode Exit fullscreen mode

Uh. There's something at work that I don't fully understand (yet). Since I cannot justify the time spent chasing this down, I find out who to contact:

$ apt-cache show code | grep -E "Maintainer" | uniq -c
     50 Maintainer: Microsoft Corporation <vscode-linux@microsoft.com>
Enter fullscreen mode Exit fullscreen mode

Then I drop them a mail:

From: Le Stephane
To: vscode-linux@microsoft.com
Subject: /usr/share/applications/code(-url-handler).desktop files always show up as modified in debsums

Dear VS Code maintainers, 

I get debsums errors on files belonging to your .deb package, even after re-installing it. Can you advise?

$ sudo debsums -s
debsums: changed file /usr/share/applications/code-url-handler.desktop (from code package)
debsums: changed file /usr/share/applications/code.desktop (from code package)

$ dpkg -l code
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                  Version                 Architecture            Description
+++-=====================================-=======================-=======================-===============================================================================
ii  code                                  1.29.1-1542309157       amd64                   Code editing. Redefined.

Best
Enter fullscreen mode Exit fullscreen mode

Takeaways (so far)

  • Posting on dev.to is fun, I will do it again
  • There's a debsums command which is pretty cool
  • debsums + aptitude reinstall makes my system fresh again...
  • ...except for a few files, for an unknown reason
  • I don't need to find that reason just yet. But I can find out where to ask for help
  • Similarly, I don't need to finish my article. Maybe someone in the audience will know why I'm experiencing this behaviour. If not, in time, the maintainer will probably point me to the reason. I can then amend the article.
  • This article is my first, and just a start. I should also check which files currently present in my OS system directories does not belong to a package, if I'm serious about security.

Top comments (2)

Collapse
 
bureado profile image
José Miguel Parrella

Did you get a response?

Collapse
 
lestephane profile image
Le Stephane

I did, but it was along the lines of

  • ms: please file an issue
  • me: there was one, which you closed (github.com/Microsoft/vscode/issues...)
  • ms: well, file it again then
  • me: ¯_(ツ)_/¯ (at time of writing, there are 5189 open issues on vscode)