Question about pacutils finding md5sum mismatches

Greetings lovely community,

I was chatting with a buddy of mine recently about using Solus and it’s package manager eopkg and one particular feature it had was the command eopkg check which essentially when run tested the integrity of the packages within your system. It was mostly only used to troubleshoot when a problem arose, but it also wasn’t a perfect feature and at times would produce false positives as well, so even with some errors, things were still essentially normal. I wondered if pacman had something similar that a user could manually run to check package integrity. For the record, I’ve never had any package integrity issues on EndeavourOS and as far as I’m aware pacman does things like checking keys in keyring or checking package integrity or checking for file conflicts, so I imagine this possibly isn’t even really an issue on an Arch base, but at the very least it got me curious.

My curiosity stumbled about this Arch wiki link:
https://wiki.archlinux.org/title/Pacman/Tips_and_tricks#Listing_all_changed_files_from_packages

If you are suspecting file corruption (e.g. by software/hardware failure), but are unsure if files were corrupted, you might want to compare with the hash sums in the packages. This can be done with pacutils:

# paccheck --md5sum --quiet

So I went ahead and ran paccheck --md5sum --quiet, but got a bunch of warnings with a few mismatches sprinkled in, so I ran it again using sudo (hopefully that’s advisable in this case), and these are the following mismatches that I came across:

[scott@EndeavourOS ~]$ sudo paccheck --md5sum --quiet
[sudo] password for scott: 
filesystem: '/usr/lib/os-release' md5sum mismatch (expected fc5ca8dfeb1737f6615212fe20bc0c2f)
filesystem: '/usr/share/factory/etc/issue' md5sum mismatch (expected 7813c481156f6b280a3ba91fc6236368)
gnome-shell: '/usr/share/gnome-shell/gnome-shell-theme.gresource' md5sum mismatch (expected 6d5289d6b49e995a8d0d03f24bef72f3)
grub: '/etc/grub.d/10_linux' md5sum mismatch (expected 5da8074aaba80675db163d056dc07289)
grub: '/etc/grub.d/30_os-prober' md5sum mismatch (expected e6104adfdd083811ffa4872608575f65)
lsb-release: '/etc/lsb-release' md5sum mismatch (expected d4ffa5402737dd89f443c579d936db9d)
nano-syntax-highlighting: '/usr/share/nano-syntax-highlighting/nanorc.nanorc' md5sum mismatch (expected 444697781502f5ec0fdea3e70ce2cc0d)
nvidia-installer-db: '/var/lib/pci/nvidia.ids' md5sum mismatch (expected 5c1c2c272ecf0146b14e33bea6152d20)
nvidia-installer-db: '/var/lib/pci/nvidia.ids.metainfo' md5sum mismatch (expected b8a8bc50a3f7206f5c4beec5ba99d8b4)
[scott@EndeavourOS ~]$ 

It looks to me like these are mostly (or possibly even all) mismatches because most of them look like entries that I have manually changed myself for one reason or another. I know I’ve altered my grub from the default. I’ve altered my default gnome-shell via gdm-settings so that checks out normal to me. I’ve also altered my nano config from the default as well so I recognize those changes as probably being acceptable to ignore.

I am curious to know if the other mismatches are thrown up there because of an actual file corruption or more than likely something that I have manually changed or had allowed permissions to be changed I wonder?

Like I mentioned, I don’t suspect any actual file corruption, but I’m not sure what to make of the filesystem, lsb-release, or nvidia-installer-dbentries. I’m sure it’s most likely “normal”, I’m just curious to figure out more about what these messages mean or refer to, so if anyone can shed a bit of light onto them I’d greatly appreciate it. Looking forward to any responses and thanks as always for taking the time to read my post.

Some of those are because we(EndeavourOS) make changes to the files.

For example, /usr/lib/os-release, /usr/share/factory/etc/issue and /etc/lsb-release are all modified with a hook so that the system identifies as EOS instead of Arch.

I am not sure why your nvidia-installer-db files don’t match.

Thanks for the reply, that makes sense for the ones you mentioned because I don’t recall ever personally editing those in any way. Have you tried running the command as well? I guess that nvidia error would only show the nvidia-installer-db mismatch only if you have it installed too, but if you’re running AMD it’d probably not show up for you. Got me thinking though, I probably don’t even need that installer package anymore if I’ve already got my nvidia drivers installed and working.

I don’t have that package installed. You could always reinstall it. That should fix the mismatch.

Good call, reinstalling the nvidia-installer does indeed get rid of the mismatch. Not sure why/how that happened, but at least it’s cleared up now. I wonder if any other users here have that nvidia-installer-db mismatch as well or not. But in any case, the other 7 mismatches can be explained and you already explained the ones I was unsure about so looks like I’m smoothly rolling on

Thanks again for the help as always.

The data files of nvidia-installer-db package (nvidia.ids etc.) may change when nvidia-installer-dkms is executed. File nvidia.ids simply contains Nvidia card ids supported by the latest Nvidia driver.

Note that you can uninstall nvidia-installer-dkms package as soon as you have used it for installing the drivers. Nvidia-installer-dkms is only a helper for installing the drivers, but you can do that manually as well.
And once the drivers have been installed, the helper is no more necessary to keep installed.

i’ve still got 3 packages that all appear to be related: nvidia-installer-common, nvidia-installler-db, and nvidia-installer-dkms. Are you meaning that it’s okay to uninstall each of these as well since my nvidia drivers were setup already many months ago? I have seen these packages before and wondered if I really needed them, but their file sizes are so small I didn’t really mind having them around of course.

Yes, you can uninstall them all. Just don’t uninstall the drivers.