How does the list of packages differ from that in a fresh install?
The easiest way, if you have the data for it, would probably be to parse the APT logs (particularly /var/log/apt/history.log*) to see what's been installed and removed, respectively. However, those only go back so far, so unless you've been diligent about archiving logs (which seems unlikely if you don't have any documentation for how the system has been set up and configured over time), will only give you recent changes.
However, you should be able to get something very close to what you want from a combination of
dpkg --get-selections filtering for output that ends with the word
install (which will tell you what's currently selected for installation) and filtering out packages which have a
Priority value of
important (which should match a default installation fairly closely). For example:
dpkg --get-selections |
grep '\binstall$' |
cut -f 1 |
while read package; do
apt-cache show "$package" |
grep '^Priority:' |
grep -vq -e 'required$' -e 'important$' &&
printf '%s\n' "$package"
will give you a list of all packages that are currently installed, but which are not either
(There's probably a better way to get the data in a machine-readable form, but I was unable to find one that worked with a reasonably quick perusal of the
dpkg man pages.)
The list given by the above command certainly won't be perfect (for example, it doesn't handle the fact that packages might be pulled in as dependencies of required packages), but it should give you a reasonable starting point.
Are there any changes to configuration files that were not done by package installation/update, and to which files?
You can use
dpkg -V to verify the status of a package's installed files against the package metadata.
Another tool that can also be used is
debsums (offered by the
debsums package on ordinary Debian and, I would expect, on Raspian as well) with the
This isn't perfect either; for example, I doubt either method will capture files which were generated during package installation and then later modified. (SSH host keys would be an example of that.) It also won't tell you what has changed, only that the file now has a different hash. Still, for the majority of packages, it should provide a reasonable starting point.
For dpkg, only files that are different will be listed. For example:
# dpkg -V openssh-client
??5?????? c /etc/ssh/ssh_config
For debsums, unmodified files will show as
OK (similar to
*sum --check), so to get a list of what's changed, use your favorite tool to only see those that aren't
OK. For example:
# debsums -a openssh-client | grep -v 'OK$'
Both of these tell me that on the system I'm running them on,
/etc/ssh/ssh_config has been changed compared to the version that is provided by the