My questions
1. What is the best way of checking a system is free from problems before running rkhunter --propoupd ?
2. Is there a script/other tool that will temporarily extract packages/files to be able to determine sha1sum or md5sum values that can be used to compare with live system files ?
3. How do you check your system is clean before running rkhunter --propupd or similar that will fingerprint aspects of the system for future comparison against?

Background to questions ...
I have been running rkhunter to check for root kits, and ran rkhunter --propupd a while ago. Quite a few updates later I ran rkhunter again and got warning about 102 files with sha1sum values changed. I wanted to check files were correct before running rkhunter --propupd again.

What I did
created a folder in a user home area as a fake root to install relevant files to, installed relevant files to the fake root folder, created the sha1sum values for the files, compared them with the values in /var/log/rkhunter.log - which I had copied to $HOME/fake-arch-root folder I created.
I ended writing a couple of scripts and doing some manual manipulation of files to get what I needed. On the plus side I now know a bit more about awk, grep and sed than I did, but my scripts are far from perfect.

What I'm thinking of doing
just running rkhunter immediately before system updates to check there are no issues and running rkhunter immediately after update and if necessary running rkhunter --propupd.


Script I used for extracting relevant packages ...
Code:
### work in folder $HOME/fake-arch-root

### first make the file list from rkhunter.log
cat $HOME/fake-arch-root/rkhunter.log | grep -B 1 'Current hash' | grep File > $HOME/fake-arch-root/rkhunter.log.files-to-check

### establish package which owns file using pacman -Qoq
### and install the package

$(awk  '{ print $4 " " $5 }' $HOME/fake-arch-root/rkhunter.log.files-to-check) > $HOME/fake-arch-root/rkhunter.log.file-list2
echo $packages_to_install

pacman -Qoq $packages_to_install | sort | uniq > $HOME/fake-arch-root/packages-to-install.lst

#echo $(awk -F":" '{ print $4 " " $5 \n }' $HOME/fake-arch-root/rkhunter.log.files-to-check)
echo $(sudo pacman -b $HOME/fake-arch-root/var/lib/pacman -r $HOME/fake-arch-root \
 --logfile $HOME/fake-arch-root/pacman.log --noscriptlet --noconfirm \
 -S $(cat $HOME/fake-arch-root/packages-to-install.lst ))

echo All files should now have been installed in $HOME/fake-arch-root