Bug 169607

Summary: RPM should verify that packages are undamaged before attempting the transaction
Product: [Fedora] Fedora Reporter: Nicholas Miell <nmiell>
Component: rpmAssignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED WONTFIX QA Contact: Mike McLean <mikem>
Severity: high Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-22 13:38:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nicholas Miell 2005-09-30 07:27:24 UTC 
(Apologies if this is a dup, I searched and didn't find anything, but my
bugzilla-fu is weak.)

RPM will attempt to install truncated (and probably otherwise damaged packages)
and then fail in a non-safe manner.

In the following (real) example, kernel-debuginfo-2.6.13-1.1526_FC4.x86_64.rpm
was truncated, RPM attempted the install anyway, it failed, and it left files
from the package on the filesystem but failed to include the package in the RPM
database.

Ideally, RPM would check the validity of all headers, verify that the
transaction is possible, check the validity of the whole packages, and then run
the transaction.

---

[root@entropy packages]# rpm -Fvh kernel-*2.6.13*
Preparing...                ########################################### [100%]
   1:kernel-smp-devel       ########################################### [ 33%]
   2:kernel-debuginfo       ########################################### [ 67%]
error: unpacking of archive failed on file
/usr/lib/debug/lib/modules/2.6.13-1.1526_FC4smp/kernel/drivers/net/skfp/skfp.ko.debug;433ce471:
cpio: read
   3:kernel-smp             ########################################### [100%]
[root@entropy packages]# rpm -q kernel-debuginfo
kernel-debuginfo-2.6.12-1.1447_FC4
kernel-debuginfo-2.6.12-1.1456_FC4.njm
[root@entropy packages]# rpm -q kernel-smp
kernel-smp-2.6.13-1.1526_FC4
[root@entropy packages]# cd /usr/lib/debug/lib/modules/
[root@entropy modules]# ls
2.6.12-1.1447_FC4     2.6.12-1.1456_FC4.njmsmp  2.6.13-1.1526_FC4smp
2.6.12-1.1447_FC4smp  2.6.13-1.1526_FC4
Comment 1 Jeff Johnson 2005-10-05 22:21:52 UTC 
rpm will check the header+payload md5 sum if configured to do so, configuration
is even mode specifix, so that install/eras/freshen checks but query does not.

rpm -K *.rpm will always check the header+payload md5 any time you want as well.
Comment 2 Nicholas Miell 2005-10-05 23:14:06 UTC 
This should be on by default for all modes that deal with .rpm files.
Comment 3 Jeff Johnson 2005-10-25 21:48:11 UTC 
There is no way to simultaneously please users who wish fast and users who wish safe
in one default configuration.

Configure rpm to your needs.
Comment 4 Nicholas Miell 2005-10-25 22:02:54 UTC 
By default, RPM should be configured for "safe", not "it's fast, but it'll
randomly break your system."
Comment 5 Jeff Johnson 2005-10-25 23:15:11 UTC 
That's your opinion. Other opinions are possible. No matter what, there can be onl;y one default
configuration.
Comment 6 Nicholas Miell 2005-10-25 23:24:44 UTC 
The default configuration is wrong. It should not be possible for a system
administrator to damage the system just by attempting a package install.

And as much as it's nice for volunteers to help out with Fedora bug triage, I'd
really appreciate it if you'd stop messing with this bug until an actual Red Hat
employee and/or RPM developer gets involved.
Comment 7 Jeff Johnson 2005-10-26 01:32:03 UTC 
I am the maintainer of rpm. It's not going to be fixed in upstream rpm. Period.

But feel free to shop an answer from Red Hat. Have fun!
Comment 8 Jeff Johnson 2006-01-07 16:02:02 UTC 
NEEDINFO_ENG for Red Hat answer shopping ...
Comment 9 Peter K 2006-01-09 10:53:48 UTC 
I just stumbled on this too, I must agree with Nicholas Miell that a
fast-and-flaky default seems like an unusually bad idea. That said I don't blame
the rpm-maintainer since the funtionality is there but not used...
Comment 10 David Lawrence 2006-04-18 20:24:25 UTC 
NEEDINFO_ENG has been deprecated in favor of NEEDINFO or ASSIGNED. Changing
status to ASSIGNED for ENG review.
Comment 11 Jeff Johnson 2006-04-22 13:38:53 UTC 
Verifying header+payload contents using a md5 digest when reading a package is a configurable option in 
rpm using rpmtsVSFlags() through rpmReadPackageFile().

So the setting is application and site specific.

The default value of the behavior is off because the additional benefit of detecting an occaisional faulty
download is less than the additional cost of computing the digest. The choice of default is consistent
with current applications that use rpmlib.

Change the application behavior, and I'll change rpm's default setting.