Bug 742227

Summary: Upgrade of selinux-policy-targeted package fails after fresh RHEL6.1 Server installation from DVD
Product: Red Hat Enterprise Linux 6 Reporter: Stanislav Graf <sgraf>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: dwalsh, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-19 13:47:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Stanislav Graf 2011-09-29 12:49:56 UTC 
Description of problem:
Upgrade of selinux-policy-targeted package fails after fresh RHEL6.1 Server installation from DVD.

DVD information:
[sgraf@localhost ~/Images]$ sha1sum --check SHA1SUM 
RHEL6.1-20110510.1-Server-i386-DVD1.iso: OK
sha1sum: WARNING: 20 lines are improperly formatted
ecode=0
[sgraf@localhost ~/Images]$ sha256sum --check SHA256SUM 
RHEL6.1-20110510.1-Server-i386-DVD1.iso: OK
sha256sum: WARNING: 20 lines are improperly formatted
ecode=0

YUM selinux update information:
---> Package selinux-policy-targeted.noarch 0:3.7.19-93.el6 will be updated
---> Package selinux-policy-targeted.noarch 0:3.7.19-93.el6_1.7 will be an update

YUM error:
  Updating   : selinux-policy-targeted-3.7.19-93.el6_1.7.noarch                             7/83 
libsepol.is_decl_requires_met: Could not find scope information for class netif (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

[root@localhost ~]$ yum repolist
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating Red Hat repositories.
repo id                             repo name                                              status
cdrom                               cdrom                                                  2,719
rhel-i386-server-6.1.z              RHEL EUS Server (v. 6.1.z for 32-bit x86)              4,143
repolist: 6,862
ecode=0

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.7.19-93.el6_1.7.noarch

How reproducible:
100%

Steps to Reproduce:
1. Install RHEL 6.1 Server from DVD with
following packages: @Core, @Console internet tools, openssh, openssh-clients, openssh-server 
disabled selinux
2. After restart (with disabled selinux) register server to RHN
3. Update packages
  
Actual results:
  Updating   : selinux-policy-targeted-3.7.19-93.el6_1.7.noarch
libsepol.is_decl_requires_met: Could not find scope information for class netif (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

Expected results:
Update succeed 

Additional info:
Comment 1 Miroslav Grepl 2011-09-29 13:03:06 UTC 
If you try to reinstall

yum reinstall selinux-policy-targeted
Comment 3 Stanislav Graf 2011-09-29 16:06:32 UTC 
Reinstall doesn't work too (at the bottom of my comment). In some cases I'm
able to fight through this to be able to successfully update, so I did some
more digging and reproducing - and when I go from the beginning (new reinstall)
perhaps I have problem with GPG key 0xFD431D51

[root@localhost ~]$ yum repolist
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating Red Hat repositories.
repo id                    repo name                                     
status
cdrom                      cdrom                                          2,719
rhel-i386-server-6.1.z     RHEL EUS Server (v. 6.1.z for 32-bit x86)      4,143
repolist: 6,862
ecode=0

[root@localhost ~]$ rpm -Va selinux-policy-targeted
ecode=0

[root@localhost ~]$ yum update selinux-policy-targeted -y
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating Red Hat repositories.
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.7.19-93.el6 will be updated
---> Package selinux-policy-targeted.noarch 0:3.7.19-93.el6_1.7 will be an
update
--> Processing Dependency: selinux-policy = 3.7.19-93.el6_1.7 for package:
selinux-policy-targeted-3.7.19-93.el6_1.7.noarch
--> Processing Dependency: selinux-policy = 3.7.19-93.el6_1.7 for package:
selinux-policy-targeted-3.7.19-93.el6_1.7.noarch
--> Running transaction check
---> Package selinux-policy.noarch 0:3.7.19-93.el6 will be updated
---> Package selinux-policy.noarch 0:3.7.19-93.el6_1.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                 Arch   Version            Repository              Size
================================================================================
Updating:
 selinux-policy-targeted noarch 3.7.19-93.el6_1.7  rhel-i386-server-6.1.z 2.4 M
Updating for dependencies:
 selinux-policy          noarch 3.7.19-93.el6_1.7  rhel-i386-server-6.1.z 742 k

Transaction Summary
================================================================================
Upgrade       2 Package(s)

Total download size: 3.1 M
Downloading Packages:
(1/2): selinux-policy-3.7.19-93.el6_1.7.noarch.rpm       | 742 kB     00:01     
(2/2): selinux-policy-targeted-3.7.19-93.el6_1.7.noarch. | 2.4 MB     00:02     
--------------------------------------------------------------------------------
Total                                           413 kB/s | 3.1 MB     00:07     
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID fd431d51:
NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Importing GPG key 0xFD431D51:
 Userid : Red Hat, Inc. (release key 2) <security>
 Package: redhat-release-server-6Server-6.1.0.2.el6.i686
(@anaconda-RedHatEnterpriseLinux-201105101829.i386/6.1)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Importing GPG key 0x2FA658E0:
 Userid : Red Hat, Inc. (auxiliary key) <security>
 Package: redhat-release-server-6Server-6.1.0.2.el6.i686
(@anaconda-RedHatEnterpriseLinux-201105101829.i386/6.1)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Running rpm_check_debug
error: rpmdbNextIterator: skipping h#     248 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
ERROR with rpm_check_debug vs depsolve:
policycoreutils >= 2.0.78-1 is needed by
selinux-policy-targeted-3.7.19-93.el6_1.7.noarch
policycoreutils >= 2.0.78-1 is needed by
selinux-policy-3.7.19-93.el6_1.7.noarch
Please report this error in
https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%206&component=yum
 You could try running: rpm -Va --nofiles --nodigest
Your transaction was saved, rerun it with: yum load-transaction
/tmp/yum_save_tx-2011-09-29-17-46bA4EBO.yumtx
ecode=1

[root@localhost ~]$ rpm -Va --nofiles --nodigest
error: rpmdbNextIterator: skipping h#      28 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
error: rpmdbNextIterator: skipping h#     319 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
error: rpmdbNextIterator: skipping h#     124 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
error: rpmdbNextIterator: skipping h#     247 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
Unsatisfied dependencies for policycoreutils-2.0.83-19.8.el6_0.i686:
 libsemanage.so.1 is needed by policycoreutils-2.0.83-19.8.el6_0.i686
error: rpmdbNextIterator: skipping h#     330 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
error: rpmdbNextIterator: skipping h#     368 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
ecode=1

[root@localhost ~]$ yum clean all
Loaded plugins: product-id, rhnplugin, subscription-manager
Updating Red Hat repositories.
Cleaning repos: cdrom rhel-i386-server-6.1.z
Cleaning up Everything
ecode=0

[root@localhost ~]$ rpm -Va --nofiles --nodigest
error: rpmdbNextIterator: skipping h#     391 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
error: rpmdbNextIterator: skipping h#     241 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
ecode=0

[root@localhost ~]$ mv /var/lib/rpm/Pubkeys /tmp/
ecode=0

[root@localhost ~]$ rpm -Va --nofiles --nodigest
error: rpmdbNextIterator: skipping h#      23 Header V3 RSA/SHA256 Signature,
key ID fd431d51: BAD
ecode=0

And after that, I do update:
  Updating   : selinux-policy-targeted-3.7.19-93.el6_1.7.noarch             2/4 
libsepol.is_decl_requires_met: Could not find scope information for class
netlink_ip6fw_socket (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule:  Failed!

And reinstall:
  Installing : selinux-policy-targeted-3.7.19-93.el6_1.7.noarch             1/1 
libsepol.is_decl_requires_met: Could not find scope information for class
security (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
Comment 4 Daniel Walsh 2011-09-29 18:14:56 UTC 
This is strange?  You are updating 6.1 to Z-Stream?
Comment 5 Stanislav Graf 2011-09-29 18:41:05 UTC 
I am trying to get latest updates for 6.1  - so get updates from 6.1.Z (Z-Stream).

I did some more reproducing (clean install from RHEL 6.1 DVD and update selinux from RHN) and I am _not_ able to reproduce it 100%. So now I have also good installs (selinux updates on first attempt). 

If anything failed, it was selinux-policy-targeted update with the errors above (other packages updated successfully).
Comment 6 Daniel Walsh 2011-09-29 19:06:23 UTC 
Was the machine selinux enabeled in enforcing mode or disabled?
Comment 7 Stanislav Graf 2011-09-30 06:38:20 UTC 
Selinux is disabled. Today morning I was able to reproduce problem with _different_ package failing while selinux-policy-targeted udated without problem. So maybe it is a YUM bug (as is YUM suggesting in error messages from my comments 3 and 7).

# getenforce 
Disabled

# grep SELINUX=disabled /etc/selinux/config 
SELINUX=disabled

# yum distro-sync -y
...
Running rpm_check_debug
error: rpmdbNextIterator: skipping h#      38 Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD
ERROR with rpm_check_debug vs depsolve:
libncurses.so.5 is needed by openssh-clients-5.3p1-52.el6_1.2.i686
Please report this error in https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%206&component=yum
 You could try running: rpm -Va --nofiles --nodigest
Your transaction was saved, rerun it with: yum load-transaction /tmp/yum_save_tx-2011-09-30-08-05g9q_9u.yumtx

# rpm -Va --nofiles --nodigest

# yum load-transaction /tmp/yum_save_tx-2011-09-30-08-05g9q_9u.yumtx
...
  Updating   : xmlrpc-c-1.16.24-1200.1840.el6_1.4.i686                    27/87 
error: xmlrpc-c-client-1.16.24-1200.1840.el6_1.4.i686: Header V3 RSA/SHA256 Signature, key ID fd431d51: BAD
...
xmlrpc-c-client-1.16.24-1200.1840.el6_1.4.i686 was supposed to be installed but is not!
xmlrpc-c-client-1.16.24-1200.1840.el6.i686 was supposed to be removed but is not!
Comment 11 RHEL Program Management 2011-10-07 16:05:47 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 12 Stanislav Graf 2011-10-11 07:17:50 UTC 
I'm not able to reproduce this bug/behavior any more (last time was when I wrote comment #7 ) therefore I cannot provide any more debug at this moment. I don't know what was the cause of my problems, but they are gone.

Because this behavior was in my RHEL6 guest on Fedora 15 host, maybe this was Fedora related.
Comment 13 Miroslav Grepl 2011-10-19 13:47:50 UTC 
I agree, looks like Fedora issue. I am closing this bug for now.