|Summary:||up2date: rpm verify fails due to config files in .spec not marked with %verify|
|Product:||Red Hat Enterprise Linux 4||Reporter:||Adrian Likins <alikins>|
|Component:||up2date||Assignee:||Bryan Kearney <bkearney>|
|Status:||CLOSED ERRATA||QA Contact:||Beth Nackashi <bnackash>|
|Fixed In Version:||RHBA-2006-0494||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-08-01 21:13:44 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||179644, 181409|
Description Adrian Likins 2006-02-03 19:02:28 UTC
+++ This bug was initially created as a clone of Bug #179896 +++ The TPS rpm-verify tests fail because the /etc/sysconfig/rhn/up2date and /etc/sysconfig/rhn/up2date-uuid will always be different from default. They need to be flagged with approriate %verify bits so they pass this test.
Comment 3 Fanny Augustin 2006-05-09 19:31:43 UTC
This bug has been fixed in this release
Comment 5 Beth Nackashi 2006-06-02 19:42:48 UTC
Packages tested: rhnlib-1.8.7-4 up2date-4.4.69-11 Architectures tested: i386, ia64, x86_64, s390, s390x, ppc All had a timestamp change on the config files (up2date and up2date-uuid). Should timestamp be added to the list of excludes as well?
Comment 6 Beth Nackashi 2006-06-02 20:07:16 UTC
Hmm. After further research, I see that this is not timestamp related at all. This is some sort of "context" flag. It means that the context stored in the file's extended attribute on disk is inconsistent with the file_contexts configuration. To fix, run /sbin/restorecon on the file(s) in question. So, should "context" be added to the list of excludes? Is that even allowed?
Comment 7 James Bowes 2006-06-05 14:39:40 UTC
Nice digging, Beth. I think context is related to SELinux security context. There's no way to add it to the list of excludes in the spec file though, so I think we'll have to figure out what's causing the context change and fix that.
Comment 8 James Bowes 2006-06-28 18:13:55 UTC
/etc/sysconfig/rhn/up2date-uuid and /etc/sysconfig/rhn/up2date are expected to have the security context 'system_u:object_r:etc_t'. In the post install of the up2date rpm we did 2 things: * find and replace on the up2date-uuid to put a uuid in. * copy /etc/up2date to /etc/sysconfig/rhn/up2date if it exists. These two actions will change the context of these files to 'root:object_r:etc_t', which gives us our rpm --verify error. I added restorecon -F <filename> after the operations on those two files in the post, to fix their security contexts.
Comment 9 Beth Nackashi 2006-06-28 19:58:09 UTC
Ok, this doesn't seem to work unless I run restorecon: .qa.[root@x86_64-4as tmp]# rpm -V up2date ....L.... /etc/sysconfig/rhn ........C c /etc/sysconfig/rhn/up2date .qa.[root@x86_64-4as tmp]# /sbin/restorecon /etc/sysconfig/rhn/up2date .qa.[root@x86_64-4as tmp]# rpm -V up2date ....L.... /etc/sysconfig/rhn .qa.[root@x86_64-4as up2date_client]# rpm -q up2date up2date-4.4.69-22.x86_64
Comment 10 Beth Nackashi 2006-06-30 17:20:35 UTC
Looks like I need to run restorecon manually on the TPS boxes before TPS installs the latest version of up2date. Otherwise, rpm -V will fail.
Comment 11 Beth Nackashi 2006-06-30 17:21:18 UTC
Comment 13 Red Hat Bugzilla 2006-08-01 21:13:44 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0494.html