Is there a decent approach to verify sha1 hashes of all files in all installed packages? We have a suspected machine here at the office… The scenario is this: Two machines with openSUSE Leap 42.1 using the same repositories in zypper end up having different sha1 hashes of openssl .so files… We noticed that when openssl stopped working properly on one machine, while everything seemed identical. scp of the problematic .so files solved all problems… but force reinstall through zypper did not. Being a bit paranoid, I’d like to run a verification script to check all binaries and .so files… but I can’t seem to find a way to do this… any suggestions?
Instead of doing what you propose which could take a very long time,
You might try the following which checks every file and re-installs the file if it didn’t come from the OSS (and possibly any other repos you have configured).
Of course, if you’re trying to make multiple machines consistent, you have to start with making sure the repository list for every machine is identical
zypper lr -d
Then run the following which besides bringing your machine up to date will re-install files that might have come from somewhere other than your currently configured repos
zypper dup --replacefiles
After running the above on <both> your machines,
You can then check the file hashes again.
TSU