获取随apt安装的原始文件和当前文件之间的差异更改

我安装了php5-fpm软件包apt；然后我对PHP配置文件进行了一些更改。

现在，我将获得原始文件版本（已安装的软件包的版本）和当前版本（由我修改）之间的差异。怎么做？

尝试这样的事情：

# exit on failure
set -e

package=php5-fpm
mkdir $package
cd $package

# you could also get the file from a package mirror if you have
#  an older version of apt-get that doesn't support 'download' 
#  or if you would like more control over what package version
#  you are downloading.
# (e.g. http://archive.ubuntu.com/ubuntu/pool/main/)
apt-get download $package

# deb package files are ar archives
ar vx ${package}*.deb
# containing some compressed tar archives
tar xzf data.tar.gz
# now you have the files

# you can get diffs for all of the files in etc if you would like
find etc -type f |
while read file ; do
    diff $file /$file
done

正如其他人所建议的，绝对要对您的配置文件进行修订控制。这样，您可以准确看到更改的内容以及更改的时间。

等目录

为了跟踪对/etc目录的更改，您可以按照@Anthon的建议进行操作，并使用git，subversion，mercurial等对目录进行版本控制。您也可以使用etckeeper之类的工具。这里和这里都有一个教程。

etckeeper是一组工具，可以将/ etc存储在git，mercurial，bazaar或darcs存储库中。它倾向于在软件包升级期间自动提交对/ etc的更改。它跟踪git通常不支持的文件元数据，但这对/ etc很重要，例如的权限/etc/shadow。它非常模块化和可配置，如果您了解使用版本控制的基础知识，那么它也易于使用。

打包文件

据我所知apt，没有一种方法可以检查磁盘上的文件与实际中的文件.deb。实际上，用于管理文件dpkg的工具都没有apt。

但是，您可以使用诸如debsums比较已安装的某些文件之类的工具，该工具仅查看.deb文件中的内容与系统磁盘中的内容的校验和（md5sum）。

请参阅此serverfault问题，以获取有关debsum和dpkg校验和的更多详细信息以及askubuntu问题。

debsum 例

% debsums openssh-server
/usr/lib/openssh/sftp-server                                                  OK
/usr/sbin/sshd                                                                OK
/usr/share/lintian/overrides/openssh-server                                   OK
/usr/share/man/man5/sshd_config.5.gz                                          OK
/usr/share/man/man8/sshd.8.gz                                                 OK
/usr/share/man/man8/sftp-server.8.gz                                          OK

我编写了以下简单脚本，以自动从正确的Debian软件包中检索原始文件，并将其与当前文件进行比较：https : //a3nm.net/git/mybin/tree/debdiffconf

如下使用它： debdiffconf FILE

#!/bin/bash

# Usage: debdiffconf.sh FILE
# Produce on stdout diff of FILE against the first installed Debian package
# found that provides it.
# Returns the exit code of diff if everything worked, 3 or 4 otherwise.

# /programming//a/4785518
command -v apt >/dev/null 2>&1 || {
  echo "apt not found, this is probably not a Debian system. Aborting." >&2;
  exit 4; }
command -v apt-file >/dev/null 2>&1 || {
  echo "Please install apt-file: sudo apt install apt-file. Aborting." >&2;
  exit 4; }
command -v realpath >/dev/null 2>&1 || {
  echo "Please install realpath: sudo apt install realpath. Aborting." >&2;
  exit 4; }

FILE=$(realpath -m "$1")
while read PACKAGE
do
  # verify from first installed package
  if dpkg-query -W --showformat='${Status}\n' | grep installed > /dev/null
  then
    DIR=$(mktemp -d)
    cd "$DIR"
    echo "Trying $PACKAGE..." >&2
    apt download "$PACKAGE" >&2
    # downloaded archive is the only file present...
    ARCHIVE=$(ls)
    mkdir contents
    # extract entire archive
    dpkg-deb -x "$ARCHIVE" contents/ >&2
    if [ -f "contents$FILE" ]
    then
      # package contained required file
      diff "contents$FILE" "$FILE"
      RET=$?
      # cleanup
      cd
      rm -Rf "$DIR"
      # exit entire script as this is the main shell
      # with the return code from diff
      exit $RET
    else
      # cleanup
      cd
      rm -Rf "$DIR"
    fi
  fi
done < <(apt-file -l search "$FILE")
# if we are here, it means we have found no suitable package
echo "Could not find original package for $FILE" >&2
exit 3

如果要查看原始php.ini文件与已安装文件之间的差异，请使用

diff -W COLUMNS --suppress-common-lines -y /usr/share/php5/php.ini-development /etc/php5/apache2/php.ini -W $COLUMNS

如果您不在乎注释行，则将其插入

| egrep -v '^;.*<$|\s*>.;.*|;.*\|.;'