While making little audit of the n800, it stopped at a very early stage because stored checksums of some core applications are wrong.

Example of wrong ones:

#debsums -s dpkg
debsums: checksum mismatch dpkg file /usr/bin/dpkg
debsums: checksum mismatch dpkg file /usr/bin/dpkg-deb
debsums: checksum mismatch dpkg file /usr/bin/dpkg-query
debsums: checksum mismatch dpkg file /usr/bin/dpkg-split
debsums: checksum mismatch dpkg file /usr/lib/dpkg/enoent
#debsums -s lsof
debsums: checksum mismatch lsof file /usr/bin/lsof


Still most of them are correct:
#debsums -s busybox
#

Anybody has any idea how this happened?
Are we all owned by a trojaned firmware or it's just that they made a late modification (like they forgot stripping binaries) and did not recalculate the md5sums?
Prelinking is not installed on my system
Hum..

Running a full checksum audit is very scaring, some other core packages have their md5 invalid.

Stupid questions: Are you running this on the tablet? Where did you get debsums from?

There's no stupid question! I didn't mention it.

I've packaged it, i'll put it on my repository in a minute.
It's the exact version from debian testing, easy to rebuild.

If you or anybody else can check on your own tablet, I would have a confirmation that it's not my image (reflashed a month ago and afaik I din't update dpkg or lsof)

Thanks

I'll try it out (Reflashed yday for the 11th time...) but i have been doing a lot of upgrading.

I wonder how the debian arm release would come out.

Related problem?

While running the Application Manager and asking it to Refresh Applications, it tends to hang up on downloading at about 850K and I end up having to cancel after about 20 minutes.

A check of the Log file showed that many of the repositories are failing checksums.

So....I delete all catalogs and then go to gronmayer and download a fresh set (excluding those that I know to be problems--it looks like there are some duplicates in the list at that site).

This appears to fix the problem, but it seems to happen every few days.

It's tedious to have to individually delete 40+ catalogs/repositories and then restore them.

Should be there. Either go to http://debfarm.free.fr/pool for link (remove the stupid add with flashblocker) or directly from app manager with my repo.

debsums -s dpkg

debsums: can't open dpkg file /usr/share/doc/dpkg/changelog.gz (No such file or directory)
debsums: can't open dpkg file /usr/share/doc/dpkg/AUTHORS (No such file or directory)
debsums: can't open dpkg file /usr/share/doc/dpkg/THANKS (No such file or directory)
debsums: can't open dpkg file /usr/share/doc/dpkg/pseudo-tags (No such file or directory)
debsums: can't open dpkg file /usr/share/doc/dpkg/copyright (No such file or directory)
debsums: can't open dpkg file /usr/share/doc/dpkg/changelog.Debian.gz (No such file or directory)
debsums: checksum mismatch dpkg file /usr/bin/dpkg
debsums: checksum mismatch dpkg file /usr/bin/dpkg-deb
debsums: checksum mismatch dpkg file /usr/bin/dpkg-querydebsums: checksum mismatch dpkg file /usr/bin/dpkg-splitdebsums: checksum mismatch dpkg file /usr/lib/dpkg/enoent

It's now working. So I've put rkhunter on my repository. THis is a direct port, no customization for the tablet (only removed cat -v not known by busybox). I'll create a specific version.
rkhunter -c --nomow --pkgmgr DPKG
Nice output!

It can be prelinking too. I think it was mentioned in mailing list by someone @ nokia.com that they do prelink stuff in final firmware. So most probably it is like
1. build all debs from source
2. install everything into rootfs
3. prelink it all together
4. make jffs2 image

If anyone is wondering - those missing files are OK, the NITs automatically remove files from /usr/share/doc if they get installed (unlike on a desktop).