This utility is a wrapper for the md5(3), sha1(3), rmd160(3), and tiger hash routines. It is remarkably similar to the digest package, except that it can recursively checksum directory trees. While a simple checksum on a tar file is usually satisfactory, once said archive has been extracted, it is virtually impossible to repackage the extracted tree in a form that can yield a repeatable checksum. To be specific, changes in timestamps and ownership, and changes in file ordering within directories can affect the checksum of the archive, while not really impacting the actual code at all. The algorithm used to checksum a directory in this implementation is considers only the files' pathnames, the files' types (ie, directory vs. file vs. symbolic link), and their contents (for the latter two). It is described in greater detail in the man page.
Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.
The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.
Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.
Problem reports, updates or suggestions for this package should be reported with send-pr.