Bug 1041124 - [rhevm-reports-setup] rhevm-dwh-setup is editing files in /usr
Summary: [rhevm-reports-setup] rhevm-dwh-setup is editing files in /usr
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-reports
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.4.0
Assignee: Yaniv Lavi
QA Contact: Barak Dagan
URL:
Whiteboard: integration
Depends On:
Blocks: rhev3.4beta 1142926
TreeView+ depends on / blocked
 
Reported: 2013-12-12 13:44 UTC by Jiri Belka
Modified: 2014-09-18 12:24 UTC (History)
14 users (show)

Fixed In Version: ovirt-3.4.0-beta2
Doc Type: Bug Fix
Doc Text:
Setup process no longer edits files in /usr. ovirt-engine-reports datasource file now has correct permissions.
Clone Of:
Environment:
Last Closed: 2014-06-09 15:26:51 UTC
oVirt Team: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2014:0602 0 normal SHIPPED_LIVE rhevm-reports 3.4 bug fix and enhancement update 2014-06-09 19:26:10 UTC
oVirt gerrit 23124 0 None MERGED packaging: setup: rewrite 2020-09-22 12:45:01 UTC
oVirt gerrit 24122 0 None MERGED packaging: setup: Move logs out of /usr 2020-09-22 12:45:01 UTC

Description Jiri Belka 2013-12-12 13:44:24 UTC 
Description of problem:

I tried to do remote DB installation and i was not successful. While checking the log I discovered rhevm-dwh-setup edits files in /usr. This is odd practice and should not be used at all.

This can be seen also a kind of security issue if one would have some HIDS checking for changed files (like most simple with rpm -qV $package).

Also shoud /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml have '0644/-rw-r--r--'?

# grep editing /var/log/ovirt-engine/ovirt-engine-reports-setup-2013_12_11_16_43_09.log 
2013-12-11 16:43:09::DEBUG::rhevm-reports-setup::241::root:: editing jasper db connectivity file
2013-12-11 16:43:09::DEBUG::rhevm-reports-setup::255::root:: editing reports datasource file /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml
2013-12-11 16:43:17::DEBUG::rhevm-reports-setup::264::root:: editing reports datasource file /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml

# ls -l /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml                          
-rw-r--r--. 1 root root 602 Dec 11 16:43 /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml

# rpm -qV rhevm-reports | grep ovirt.xml
S.5....T.    /usr/share/ovirt-engine-reports/reports/resources/reports_resources/JDBC/data_sources/ovirt.xml

Version-Release number of selected component (if applicable):
is26 rhevm-reports-3.3.0-24.el6ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. rhevm-reports-setup
2.
3.

Actual results:
files in /usr are change and rpm -qV rhevm-reports reports it, also probably wrong permission on ovirt.xml file

Expected results:
never ever should any app edit files in /usr, only acceptable scenario is during rpm install/update.

Additional info:
UNIX style nitpicking.
Comment 1 Yaniv Lavi 2013-12-12 17:56:19 UTC 
This has been like this ever since 3.0 and the changes are reverted in the end of setup. This can wait to fix in z stream or 3.4. Barak, what do you think?



Yaniv
Comment 3 Yaniv Lavi 2014-01-21 09:02:42 UTC 
*** Bug 1054769 has been marked as a duplicate of this bug. ***
Comment 4 Jiri Belka 2014-02-18 16:58:51 UTC 
again edited files in /usr...

# diff -uNp /tmp/usr.orig /tmp/usr.new 
--- /tmp/usr.orig       2014-02-18 17:38:56.368898983 +0100
+++ /tmp/usr.new        2014-02-18 17:55:27.979898983 +0100
 -8244,6 +8244,8 @@
 /usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh
 /usr/share/ovirt-engine/setup/dbutils/changedbowner.sh
 /usr/share/ovirt-engine/setup/dbutils/validatedb.sh
+/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh.log
+/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh.log
 /usr/share/ovirt-engine/setup/dbutils/encodingvalidator.sh
 /usr/share/ovirt-engine/setup/dbutils/taskcleaner_sp.sql
 /usr/share/ovirt-engine/setup/dbutils/common.sh

when engine-setup was populating remote DB I blocked connection with iptables to make engine-setup fail. then you can see above there are new files in /usr.
Comment 5 Barak Dagan 2014-02-19 09:18:47 UTC 
Verification failed, based on C#4:

ovirt-engine-3.4.0-0.7.beta2.el6.noarch
ovirt-engine-dwh-setup-3.4.0-0.2.master.20140205160753.el6.noarch
ovirt-engine-reports-setup-3.4.0-0.2.master.20140205160949.el6.noarch

ovirt-engine-dwh-3.4.0-0.2.master.20140205160753.el6.noarch
ovirt-engine-reports-3.4.0-0.2.master.20140205160949.el6.noarch
jasperreports-server-5.5.0-5.el6.noarch
Comment 6 Yaniv Lavi 2014-02-19 12:06:34 UTC 
Alon, any thoughts?



Yaniv
Comment 7 Alon Bar-Lev 2014-02-19 12:09:58 UTC 
(In reply to Yaniv Dary from comment #6)
> Alon, any thoughts?

without constructive information?
Comment 8 Yaniv Lavi 2014-02-19 12:46:15 UTC 
(In reply to Alon Bar-Lev from comment #7)
> (In reply to Yaniv Dary from comment #6)
> > Alon, any thoughts?
> 
> without constructive information?

see comment #4.



Yaniv
Comment 9 Alon Bar-Lev 2014-02-19 12:48:49 UTC 
(In reply to Yaniv Dary from comment #8)
> (In reply to Alon Bar-Lev from comment #7)
> > (In reply to Yaniv Dary from comment #6)
> > > Alon, any thoughts?
> > 
> > without constructive information?
> 
> see comment #4.

+/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh.log
+/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh.log

has nothing to do with dwh

eli/didi, please quick find this.
Comment 10 Alon Bar-Lev 2014-02-19 12:51:51 UTC 
guys,

this is a mess, you are opening one bug for 2 components in subject, and report change of files that relates to 3rd component...

this way we have no way to track the original issue.

please use this bug for files that are modified at /usr/share/jasper*.

please open a separate bug for each other violation.

thanks,
Comment 12 Yedidyah Bar David 2014-02-20 07:42:28 UTC 
(In reply to Alon Bar-Lev from comment #9)
> (In reply to Yaniv Dary from comment #8)
> > (In reply to Alon Bar-Lev from comment #7)
> > > (In reply to Yaniv Dary from comment #6)
> > > > Alon, any thoughts?
> > > 
> > > without constructive information?
> > 
> > see comment #4.
> 
> +/usr/share/ovirt-engine/setup/dbutils/fkvalidator.sh.log
> +/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh.log
> 
> has nothing to do with dwh
> 
> eli/didi, please quick find this.

These should have been fixed by [1]. All 3 (master, 3.4, 3.3) were merged Feb 5. Please try to reproduce with versions containing the fix and open a bug if reproducible. Thanks!

[1] http://gerrit.ovirt.org/#/q/I1391b11225e69c98ff843d13db7ef517ec6534b3,n,z
Comment 13 Barak Dagan 2014-03-10 15:25:31 UTC 
Verified on av2.1

rhevm-dwh-3.4.0-0.4.master.20140224152332.el6ev.noarch
rhevm-dwh-setup-3.4.0-0.4.master.20140224152332.el6ev.noarch

rhevm-reports-setup-3.4.0-0.4.master.20140226133324.el6ev.noarch
rhevm-reports-3.4.0-0.4.master.20140226133324.el6ev.noarch

jasperreports-server-pro-5.5.0-8.el6ev.noarch


# grep editing /var/log/ovirt-engine/setup/ovirt-engine-setup-20140310155633.log 
contains support for command-line editin

# ls -l /usr/share/ovirt-engine-reports/ovirt-reports/resources/reports_resources/JDBC/data_sources/ovirt.xml
-rw-r--r-- 1 root root 623 Mar  2 16:14 /usr/share/ovirt-engine-reports/ovirt-reports/resources/reports_resources/JDBC/data_sources/ovirt.xml

# rpm -qV rhevm-reports | grep ovirt.xml
# 

# diff -uNp /tmp/user.old /tmp/user.new | grep log
+-rw-r--r-- 1 root root   284 Feb 24 17:57 03_03_0040_add_vm_guest_user_login_info.sql


Is that OK, Jiri ?
Comment 14 Jiri Belka 2014-03-11 10:15:27 UTC 
OK
Comment 15 Barak Dagan 2014-03-11 10:31:30 UTC 
# find /usr/share/ovirt-engine/ /usr/share/ovirt-engine-dwh/ /usr/share/ovirt-engine-reports/ -type f -exec sh -c 'f=$1; rpm -qf "$f" >/dev/null 2>&1 || echo "$f"' {} {} \;
#
Comment 16 errata-xmlrpc 2014-06-09 15:26:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-0602.html
Note You need to log in before you can comment on or make changes to this bug.