Lostfiles
From ArchWiki
Description
Lostfiles is a script for detecting orphaned files (files which are not owned by any Arch Linux packages).
The script ignores by default a series of directories where packages should not install files. Some files might appear as removed if they're placed in those directories which are not checked (for example, some packages install files in /tmp - didn't have time to track which of them).
For comments or suggestions, contact the author (IceRAM).
Script source
#!/bin/bash # LostFiles v0.1 # License: GPL v2.0 http://www.gnu.org/licenses/gpl.html # Initially scripted by the Arch Linux Community # Mircea Bardac (dev AT mircea.bardac.net) # http://mircea.bardac.net/ # Description: # Search for files which are not part of installed Arch Linux packages # Usage: # lostfiles > changes # changes is a file containing a list of added/removed files if [ $UID != "0" ]; then echo "You must run this script as root." 1>&2 exit fi cd /tmp echo "Loading registered files..." 1>&2 pacman -Ql | sed -e 's|.* ||' | sort -u -o /tmp/pac-list echo "Finding local files..." 1>&2 find / -not \( \ -wholename '/home/*' -prune -o \ -wholename '/mnt/*' -prune -o \ -wholename '/tmp/*' -prune -o \ -wholename '/sys/*' -prune -o \ -wholename '/var/*' -prune -o \ -wholename '/root/*' -prune -o \ -wholename '/proc/*' -prune -o \ -wholename '/media/*' -prune -o \ -wholename '/dev/*' -prune \) \ -and -type f > find-list-t echo "Finding local directories..." 1>&2 find / -not \( \ -wholename '/home/*' -prune -o \ -wholename '/mnt/*' -prune -o \ -wholename '/tmp/*' -prune -o \ -wholename '/sys/*' -prune -o \ -wholename '/var/*' -prune -o \ -wholename '/proc/*' -prune -o \ -wholename '/root/*' -prune -o \ -wholename '/media/*' -prune -o \ -wholename '/dev/*' -prune \) \ -and -type d -exec echo "{}/" \; >> find-list-t echo "Finding local links..." 1>&2 find / -not \( \ -wholename '/home/*' -prune -o \ -wholename '/mnt/*' -prune -o \ -wholename '/tmp/*' -prune -o \ -wholename '/sys/*' -prune -o \ -wholename '/var/*' -prune -o \ -wholename '/proc/*' -prune -o \ -wholename '/root/*' -prune -o \ -wholename '/dev/*' -prune \) \ -and -type l >> find-list-t cat find-list-t | sort -u -o find-list diff -U 1 pac-list find-list > diff-list cat diff-list | grep -v '^ .*' | grep -v '^\@.*' echo "Done." 1>&2 # Cleanup rm -f diff-list find-list find-list-t pac-list
(Author's comment: well, now that I'm looking over it, it could be simplified by getting the find filters into a variable and using the variable in all the commands)
Usage
The script must be run as root.
Typical usage & output:
./lostfiles > changes Loading registered files... Finding local files... Finding local directories... Finding local links... Done.
Where:
- changes is a file containing a list of added/removed files
- "Loading registered files..." - doesn't take time, since pacman's DB is used
- "Finding local *..." - takes longer, since the script uses find to look for all the installed files
Output
- "+" lines denote files which are not in pacman's DB
- "-" lines denote files which are in pacman's DB but are no longer in the filesystem
[some bugs in pacman (bug#3698) may create erroneous output when it comes to directories]
Sample Situation
Assuming you have some application with a custom installer for which you don't know (yet) how to make a PKGBUILD. You could create a snapshot of the filesystems before and one after. Making a diff between the two snapshots will reveal the changes in the files (added/removed files) which occurred during the install.