@hagbardI like that idea
maybe it's time to rewrite show/generate tech-support to python

Do we need show tech-support at all?
I changed a few things I would gather, I leave /home/user and /config/auth alone, since they can contain sensitive information like private keys.
In the archive I create files for each 'section. Like OS based information, network related information go to an extra file etc.
The idea is to make it easier for the one reading to all that stuff and giving the user the confidence we don't steal their ssh key or wireguard private keys by accident.
Also adding content to the report would be easier there too. I can upload to my github what I have so far since you would only need the script right now, I haven't it integrated in vyos-1x yet.

we need tech-support but need it reworked
on one hand, it must be human-friendly
on another hand, we need to have ability feed it into analytics platform later
we should skip all sensitive info

Yeah, I agree but what about the show tech-support which currently exists?
There is generate tech-support archive, which stores a tarball and/or you can upload it via scp/ftp to a destination.
Plus there is 'show tech-support' which shows the information to the screen, which I think won't make a lot if sense.
For the packages, I have the full dpkg -l in a file, that can be read and compared easily with the packages installed in the iso.
Do you have a system for automated checks in mind already? (I built something similar in the past on a normal webserver).

Current show tech-support can be nuked once we have a replacement
The on-screen output is useful if you debug onsite or have access to the machine
We mixing here stuff, integrity check bit different from show tech-support but can be part of it

ok, so what do you have in mind for integrity support? If someone installs from external sources or a different kernel for instance, you can only find out when you have the information somewhere, that's why I though to integrate it into the tech-support. So, if someone reports an issue, we can just receive that report and have all information in one tarball to check what's going going on. I'm getting a bit confused.

Yes,
that will be kind of the first step in troubleshooting workflow
i propose to make another ticket for show tech-support
and current one assign as a subtask

So that's what I have right now for checking the packages, if they are newer than the image build time, it would spit out the below:

The following packages don't fit the image creation time
build time: 2018-10-17 23:28:00
installed: 2018-10-26 22:43:24 vyos-1x
installed: 2018-10-26 22:31:03 vyatta-cfg-dhcp-relay
installed: 2018-10-22 16:00:52 vim
installed: 2018-10-22 02:13:35 wireguard-modules
installed: 2018-10-22 16:00:50 libgpm2:amd64
installed: 2018-10-22 16:00:52 vim-runtime
installed: 2018-10-26 18:56:47 vyatta-cfg-firewall