Post History
How does the list of packages differ from that in a fresh install? The easiest way, if you have the data for it, would probably be to parse the APT logs (particularly /var/log/apt/history.log*...
Answer
#1: Initial revision
by
Canina
·
2021-05-22T08:54:37Z (over 3 years ago)
> How does the list of packages differ from that in a fresh install?
The easiest way, if you have the data for it, would probably be to parse the APT logs (particularly /var/log/apt/history.log\*) to see what's been installed and removed, respectively. However, those only go back so far, so unless you've been diligent about archiving logs (which seems unlikely if you don't have any documentation for how the system has been set up and configured over time), will only give you recent changes.
However, you should be able to get something very close to what you want from a combination of `dpkg --get-selections` filtering for output that ends with the word `install` (which will tell you what's currently selected for installation) and filtering out packages which have a `Priority` value of `required` or `important` (which should match a default installation fairly closely). For example:
dpkg --get-selections |
grep '\binstall$' |
cut -f 1 |
while read package; do
apt-cache show "$package" |
grep '^Priority:' |
grep -vq -e 'required$' -e 'important$' &&
printf '%s\n' "$package"
done
will give you a list of all packages that are currently installed, but which are *not* either `required` or `important`.
(There's probably a better way to get the data in a machine-readable form, but I was unable to find one that worked with a reasonably quick perusal of the `apt-cache` and `dpkg` man pages.)
The list given by the above command certainly won't be perfect (for example, it doesn't handle the fact that packages might be pulled in as dependencies of required packages), but it should give you a reasonable starting point.
> Are there any changes to configuration files that were not done by package installation/update, and to which files?
You can use `dpkg -V` to verify the status of a package's installed files against the package metadata.
Another tool that can also be used is `debsums` (offered by the `debsums` package on ordinary Debian and, I would expect, on Raspian as well) with the `-a`/`--all` switch.
This isn't perfect either; for example, I doubt either method will capture files which were generated during package installation and then later modified. (SSH host keys would be an example of that.) It also won't tell you *what* has changed, only that the file now has a different hash. Still, for the majority of packages, it should provide a reasonable starting point.
For dpkg, only files that are different will be listed. For example:
# dpkg -V openssh-client
??5?????? c /etc/ssh/ssh_config
#
For debsums, unmodified files will show as `OK` (similar to `*sum --check`), so to get a list of what's changed, use your favorite tool to only see those that aren't `OK`. For example:
# debsums -a openssh-client | grep -v 'OK$'
/etc/ssh/ssh_config FAILED
#
Both of these tell me that on the system I'm running them on, `/etc/ssh/ssh_config` has been changed compared to the version that is provided by the `openssh-client` package.