0

I have installed a particular program via apt. It originates from a 3rd party repo, and I have 100% confidence the file was installed & updated via apt not some other path (per data I list below)

I have stripped the specific package name because I would like to know (A) do I understand dpkg --search capabilities correctly, and (B) faced with an unknown-to-dpkg file, how do I definitively figure out where it came from?

$ which -a foobaz
/usr/bin/foobaz
/bin/foobaz

These^ are distinct but identical:

  • files exist
  • neither are symlinks (test -L $file fails) OR hardlinkes (stat -c %h -- $file prints 1)
  • have the same ctime and mtime
    • note the package has been updated recently, all the times^ look correct to me.
  • have identical sha1sum hashes

but dpkg only seems to know about the first one?

$ dpkg --get-selections  | grep -i foobaz
foobaz              install

$ dpkg-query -S /usr/bin/foobaz 
foobaz: /usr/bin/foobaz
dpkg-query -S /bin/foobaz 
dpkg-query: no path found matching pattern /bin/foobaz

Shouldn't dpkg -S <file> always know about the files added by the debs/apt? How should I approach this issue to determine where some 'unknown' file originated when I know with high confidence it was installed with apt?

some bits flipped
  • 369

1 Answers1

0

dpkg does not make any attempt to resolve links, bind-mounts, or any other such 'duplicate view' of files/inodes/directories, even within the same filesystem. It would be difficult (impossible?) to resolve all such cases especially in the general case (more than one filesystem, as many installs use). It also likely hues closer to the Unix philosophy of "do one thing well".

On some systems (including recent Ubuntu's), /bin is a symlink to /usr/bin, meaning logic that "searches" (such as which) will see two copies, but logic using static ~manifests (such as dpkg) will see just the file(s) explicitly install. Because this is a directory symlink, it's also transparent / not directly discoverable looking at the file entry itself on the underlying inode, one must examine all the parents.

some bits flipped
  • 369