Description of problem: I tried to do remote DB installation and i was not successful. While checking the log I discovered rhevm-dwh-setup edits files in /usr. This is odd practice and should not be used at all. This can be seen also a kind of security issue if one would have some HIDS checking for changed files (like most simple with rpm -qV $package). Also shoud /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml have '0644/-rw-r--r--'? # grep editing /var/log/ovirt-engine/ovirt-engine-reports-setup-2013_12_11_16_43_09.log 2013-12-11 16:43:09::DEBUG::rhevm-reports-setup::241::root:: editing jasper db connectivity file 2013-12-11 16:43:09::DEBUG::rhevm-reports-setup::255::root:: editing reports datasource file /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml 2013-12-11 16:43:17::DEBUG::rhevm-reports-setup::264::root:: editing reports datasource file /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml # ls -l /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml -rw-r--r--. 1 root root 602 Dec 11 16:43 /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml # rpm -qV rhevm-reports | grep ovirt.xml S.5....T. /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml Version-Release number of selected component (if applicable): is26 rhevm-reports-3.3.0-24.el6ev.noarch How reproducible: 100% Steps to Reproduce: 1. rhevm-reports-setup 2. 3. Actual results: files in /usr are change and rpm -qV rhevm-reports reports it, also probably wrong permission on ovirt.xml file Expected results: never ever should any app edit files in /usr, only acceptable scenario is during rpm install/update. Additional info: UNIX style nitpicking.
This has been like this ever since 3.0 and the changes are reverted in the end of setup. This can wait to fix in z stream or 3.4. Barak, what do you think? Yaniv
*** Bug 1054769 has been marked as a duplicate of this bug. ***
again edited files in /usr... # diff -uNp /tmp/usr.orig /tmp/usr.new --- /tmp/usr.orig 2014-02-18 17:38:56.368898983 +0100 +++ /tmp/usr.new 2014-02-18 17:55:27.979898983 +0100 -8244,6 +8244,8 @@ /usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh /usr/share/ovirt-engine/setup/dbutils/changedbowner.sh /usr/share/ovirt-engine/setup/dbutils/validatedb.sh +/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh.log +/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh.log /usr/share/ovirt-engine/setup/dbutils/encodingvalidator.sh /usr/share/ovirt-engine/setup/dbutils/taskcleaner_sp.sql /usr/share/ovirt-engine/setup/dbutils/common.sh when engine-setup was populating remote DB I blocked connection with iptables to make engine-setup fail. then you can see above there are new files in /usr.
Verification failed, based on C#4: ovirt-engine-3.4.0-0.7.beta2.el6.noarch ovirt-engine-dwh-setup-3.4.0-0.2.master.20140205160753.el6.noarch ovirt-engine-reports-setup-3.4.0-0.2.master.20140205160949.el6.noarch ovirt-engine-dwh-3.4.0-0.2.master.20140205160753.el6.noarch ovirt-engine-reports-3.4.0-0.2.master.20140205160949.el6.noarch jasperreports-server-5.5.0-5.el6.noarch
Alon, any thoughts? Yaniv
(In reply to Yaniv Dary from comment #6) > Alon, any thoughts? without constructive information?
(In reply to Alon Bar-Lev from comment #7) > (In reply to Yaniv Dary from comment #6) > > Alon, any thoughts? > > without constructive information? see comment #4. Yaniv
(In reply to Yaniv Dary from comment #8) > (In reply to Alon Bar-Lev from comment #7) > > (In reply to Yaniv Dary from comment #6) > > > Alon, any thoughts? > > > > without constructive information? > > see comment #4. +/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh.log +/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh.log has nothing to do with dwh eli/didi, please quick find this.
guys, this is a mess, you are opening one bug for 2 components in subject, and report change of files that relates to 3rd component... this way we have no way to track the original issue. please use this bug for files that are modified at /usr/share/jasper*. please open a separate bug for each other violation. thanks,
(In reply to Alon Bar-Lev from comment #9) > (In reply to Yaniv Dary from comment #8) > > (In reply to Alon Bar-Lev from comment #7) > > > (In reply to Yaniv Dary from comment #6) > > > > Alon, any thoughts? > > > > > > without constructive information? > > > > see comment #4. > > +/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh.log > +/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh.log > > has nothing to do with dwh > > eli/didi, please quick find this. These should have been fixed by [1]. All 3 (master, 3.4, 3.3) were merged Feb 5. Please try to reproduce with versions containing the fix and open a bug if reproducible. Thanks! [1] http://gerrit.ovirt.org/#/q/I1391b11225e69c98ff843d13db7ef517ec6534b3,n,z
Verified on av2.1 rhevm-dwh-3.4.0-0.4.master.20140224152332.el6ev.noarch rhevm-dwh-setup-3.4.0-0.4.master.20140224152332.el6ev.noarch rhevm-reports-setup-3.4.0-0.4.master.20140226133324.el6ev.noarch rhevm-reports-3.4.0-0.4.master.20140226133324.el6ev.noarch jasperreports-server-pro-5.5.0-8.el6ev.noarch # grep editing /var/log/ovirt-engine/setup/ovirt-engine-setup-20140310155633.log contains support for command-line editin # ls -l /usr/share/ovirt-engine-reports/ovirt-reports/resources/reports_resources/JDBC/data_sources/ovirt.xml -rw-r--r-- 1 root root 623 Mar 2 16:14 /usr/share/ovirt-engine-reports/ovirt-reports/resources/reports_resources/JDBC/data_sources/ovirt.xml # rpm -qV rhevm-reports | grep ovirt.xml # # diff -uNp /tmp/user.old /tmp/user.new | grep log +-rw-r--r-- 1 root root 284 Feb 24 17:57 03_03_0040_add_vm_guest_user_login_info.sql Is that OK, Jiri ?
OK
# find /usr/share/ovirt-engine/ /usr/share/ovirt-engine-dwh/ /usr/share/ovirt-engine-reports/ -type f -exec sh -c 'f=$1; rpm -qf "$f" >/dev/null 2>&1 || echo "$f"' {} {} \; #
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-0602.html