Bug 1714175
| Summary: | Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Chen Shi <cheshi> |
| Component: | unbound | Assignee: | aegorenk |
| Status: | CLOSED ERRATA | QA Contact: | Petr Dancak <pdancak> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 8.0 | CC: | cheshi, pdancak, pemensik, psklenar, vkuznets |
| Target Milestone: | rc | Keywords: | EasyFix, Patch, TestCaseNotNeeded, Triaged |
| Target Release: | 8.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 15:50:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
My $0.02: the fact that /var/lib/unbound/root.key changes is OK, however, we may want to let RPM know it's OK by doing something like %verify(not md5 size mtime) /var/lib/unbound/root.key in the spec. Sure, modification of root.key is maintained by unbound-achor.service and is very intentional. But it should not show in rpm -V unbound-libs as something wrong, needs just md5 modification. Giving up this bug to new maintainers. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: unbound security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1853 |
Description of problem: The key file gets regenerated, something may be wrong with the packaging. [root@iZ2zegshls719e570862inZ ~]# rpm -Vf /var/lib/unbound/root.key S.5....T. c /var/lib/unbound/root.key [root@iZ2zegshls719e570862inZ ~]# rpm -qf /var/lib/unbound/root.key unbound-libs-1.7.3-8.el8.x86_64 [root@iZ2zegshls719e570862inZ ~]# stat /var/lib/unbound/root.key File: /var/lib/unbound/root.key Size: 1251 Blocks: 8 IO Block: 4096 regular file Device: fd01h/64769d Inode: 787827 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 997/ unbound) Gid: ( 994/ unbound) Context: system_u:object_r:named_cache_t:s0 Access: 2019-04-24 14:37:17.615630511 +0800 Modify: 2019-04-22 00:00:29.001332055 +0800 Change: 2019-04-22 00:00:29.003332127 +0800 Birth: - [root@iZ2zegshls719e570862inZ ~]# cat /var/lib/unbound/root.key ; autotrust trust anchor file ;;id: . 1 ;;last_queried: 1555862429 ;;Mon Apr 22 00:00:29 2019 ;;last_success: 1555862429 ;;Mon Apr 22 00:00:29 2019 ;;next_probe_time: 1555904656 ;;Mon Apr 22 11:44:16 2019 ;;query_failed: 0 ;;query_interval: 43200 ;;retry_time: 8640 . 98799 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=3 [ MISSING ] ;;count=0 ;;lastchange=1555689629 ;;Sat Apr 20 00:00:29 2019 . 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1555689629 ;;Sat Apr 20 00:00:29 2019 Version-Release number of selected component (if applicable): unbound-libs-1.7.3-8.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Create an RHEL8.0 VM 2. sudo rpm -Vf /var/lib/unbound/root.key Actual result: The key file gets regenerated (file /var/lib/unbound/root.key has been modified). Expected result: No key file regenerated and `rpm -V` can be passed. Additional info: 1. This issue exists in the VM which is installed by iso+ks (as same as Alibaba Cloud). 2. This issue doesn't exist in the VM which is created from guest image (as same as AWS).