# Check installed packages for checksum mismatches ("pkg check")



## ikevin8me (Jun 30, 2021)

The command "pkg check -s -a" verify the checksums against installed packages. I've tried both an Internet-connected VM and another Internet-*dis*connected VM and the command passes and completes without errors.

1. How does it verify the the packages? (Is it similar to "shasum -a 256 ..." and compare to a checksum?)
*2. Where exactly is the checksum file?  *
3. If the package installed is an older version compared to the one on the remote repository, will it pass or fail the verification test?

Thanks!


----------



## ikevin8me (Jul 1, 2021)

Found it! The SHA256 checksums are inside the distinfo files.
e.g.




__





						distinfo « rust « lang - ports - FreeBSD ports tree
					






					cgit.freebsd.org
				




The checksums are also here:


			https://pkg.freebsd.org/FreeBSD:13:amd64/latest/packagesite.txz
		


For your record (and my own).


----------

