It would be nice to be able to specify an alternate vdb path to read data from. This way a backup could be used (mounted from an external disk, for example) with the qcheck and qfile (orphans) utilities if tampering is suspected. If this feature were added, these utilities could be used in a similar manner to integrit - I realise it's not exactly a total replacement for integrit, but it does provide a more useful reference point as to why changes might have (legitimately) occurred and it would obviously be useful if you could use a backup which you're certain hasn't been tampered with, without replacing your live systems vdb.
This already exists pretty much but is controlled the same way portage is, which is via the ROOT= variable. Example: ROOT=/usr/armv4tl-softfloat-linux-gnueabi/ qlist -LS
Using ROOT= with qcheck doesn't appear to work. Every file is reported as AFK eg: AFK: /backup//usr/src/linux-2.6.28-tuxonice-r1/drivers/infiniband/hw/ipath/ipath_sd7220.c Test case: mkdir -p /backup/var/{lib,cache} cp -ar /var/db /backup/var/ cp -ar /var/lib/portage /backup/var/lib cp -ar /var/cache/edb /backup/var/cache/ ROOT=/backup/ qcheck -av (Small note, when I try it without the trailing slash on ROOT=, qcheck silently exits - strace shows it isn't adding the slash itself and is not finding files. Should this be considered a bug?) When I specify ROOT=/backup, qcheck is trying to check files under /backup instead of under / (I want it to source the information from /backup, and use it to check the files under /)
you can set it via Q_VDB env var now http://sources.gentoo.org/gentoo-projects/portage-utils/main.c?r1=1.159&r2=1.160