1230263 – rpm -V openldap complains

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1230263 - rpm -V openldap complains

Summary: rpm -V openldap complains

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openldap
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Matus Honek
QA Contact:	Patrik Kis
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-06-10 14:02 UTC by Patrik Kis
Modified:	2015-11-19 08:53 UTC (History)
CC List:	3 users (show)
Fixed In Version:	2.4.40-4
Doc Type:	Bug Fix
Doc Text:	After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the "rpm -V openldap" command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the "rpm -V openldap" or "yum verify openldap" command.
Clone Of:	466924
Environment:
Last Closed:	2015-11-19 08:53:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:2131	0	normal	SHIPPED_LIVE	Moderate: openldap security, bug fix, and enhancement update	2015-11-19 09:10:21 UTC

Description Patrik Kis 2015-06-10 14:02:02 UTC

Description of problem:
# rpm -V openldap
....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2

when upgrading to openldap openldap-2.4.40-2.el7 and the devel package is installed.

Version-Release number of selected component (if applicable):
openldap-2.4.40-2.el7

How reproducible:
always

Steps to Reproduce:

1/ Firs a demonstration with package versions RHEL-7.0 < RHEL-7.1 to show it worked as expected:

[root@rhel70 ldap]# rpm -qa openldap\*
openldap-devel-2.4.39-3.el7.x86_64
openldap-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    21 Jun 10 15:48 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.2
-rwxr-xr-x. 1 root root 62800 Feb 26  2014 /usr/lib64/liblber-2.4.so.2.10.2
lrwxrwxrwx. 1 root root    21 Jun 10 15:48 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2
openldap-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2.10.2
openldap-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber.so
openldap-devel-2.4.39-3.el7.x86_64
[root@rhel70 ldap]# 
[root@rhel70 ldap]# rpm -Uvh ~/ldap/openldap-2.4.39-6.el7/openldap-2.4.39-6.el7.x86_64.rpm ~/ldap/openldap-2.4.39-6.el7/openldap-devel-2.4.39-6.el7.x86_64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-6.el7            ################################# [ 25%]
   2:openldap-devel-2.4.39-6.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-3.el7      ################################# [ 75%]
   4:openldap-2.4.39-3.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    21 Jun 10 15:49 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.2
-rwxr-xr-x. 1 root root 62800 Dec  9  2014 /usr/lib64/liblber-2.4.so.2.10.2
lrwxrwxrwx. 1 root root    21 Jun 10 15:49 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2
[root@rhel70 ldap]# 
[root@rhel70 ldap]# rpm -Uvh --oldpackage ~/ldap/openldap-2.4.39-3.el7/openldap-2.4.39-3.el7.x86_64.rpm ~/ldap/openldap-2.4.39-3.el7/openldap-devel-2.4.39-3.el7.x86_64.rpm Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-3.el7            ################################# [ 25%]
   2:openldap-devel-2.4.39-3.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-6.el7      ################################# [ 75%]
   4:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# 

2/ The issue appears when upgrading from RHEL-7.1 to RHEL-7.2:

[root@rhel70 ldap]# rpm -Uvh ~/ldap/openldap-2.4.39-6.el7/openldap-2.4.39-6.el7.x86_64.rpm ~/ldap/openldap-2.4.39-6.el7/openldap-devel-2.4.39-6.el7.x86_64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-6.el7            ################################# [ 25%]
   2:openldap-devel-2.4.39-6.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-3.el7      ################################# [ 75%]
   4:openldap-2.4.39-3.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
[root@rhel70 ldap]# 
[root@rhel70 ldap]# rpm -Uvh ~/ldap/openldap-2.4.40-2.el7/openldap-2.4.40-2.el7.x86_64.rpm ~/ldap/openldap-2.4.40-2.el7/openldap-devel-2.4.40-2.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.40-2.el7            ################################# [ 25%]
   2:openldap-devel-2.4.40-2.el7      ################################# [ 50%]
Cleaning up / removing...
   3:openldap-devel-2.4.39-6.el7      ################################# [ 75%]
   4:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 ldap]# rpm -V openldap
....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2

3/ The issue seems to be that /usr/lib64/liblber-2.4.so.2 points to symlink liblber.so what is owned by openldap-devel!

[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    10 Jun 10 15:50 /usr/lib64/liblber-2.4.so.2 -> liblber.so
-rwxr-xr-x. 1 root root 61848 Jun  3 10:40 /usr/lib64/liblber-2.4.so.2.10.3
lrwxrwxrwx. 1 root root    21 Jun 10 15:50 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.3
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2
openldap-2.4.40-2.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber-2.4.so.2.10.3
openldap-2.4.40-2.el7.x86_64
[root@rhel70 ldap]# rpm -qf /usr/lib64/liblber.so
openldap-devel-2.4.40-2.el7.x86_64

4/ And this may cause real problem not only some warning, when openldap devel is suddenly removed:

[root@rhel70 ldap]# rpm -ev openldap-devel
Preparing packages...
openldap-devel-2.4.40-2.el7.x86_64
[root@rhel70 ldap]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    10 Jun 10 15:50 /usr/lib64/liblber-2.4.so.2 -> liblber.so
-rwxr-xr-x. 1 root root 61848 Jun  3 10:40 /usr/lib64/liblber-2.4.so.2.10.3



+++ This bug was initially created as a clone of Bug #466924 +++

Comment 1 Patrik Kis 2015-06-10 14:03:58 UTC

This is a regression with serious impact on the system. In short, when a system is upgraded and the openldap-devel package is removed (what is perfectly valid operation), the system will be in in inconsistent state.

Comment 3 Matus Honek 2015-06-23 08:25:18 UTC

As correctly stated by Patrik, the links point to wrong files, therefore rpm -V complains those files are broken.
The cause is /sbin/ldconfig which was present at multiple places in the openldap.spec file and which made the links with filename equal to the SONAME of the library to point to links of filename equal to a base name of a library. That means a problem would occur, as also correctly stated by Patrik, on removal of the link caused by removing openldap-devel package.
The problem seems to be in multiple packages and each one solves it its way. See a discussion [1] for example.

Because all the links for the ${_libdir} are provided as files by packages themselves, I drop the calls of /sbin/ldconfig from the .spec file and call it only where required. See git-diff [2].

[1] http://thread.gmane.org/gmane.linux.redhat.fedora.devel/181593

[2] http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=92c3debede102153b9802e19b527397839fa2b2c

Comment 5 Patrik Kis 2015-06-24 12:22:21 UTC

Although rpm -V does not report error when upgrading to the latest package, I found two cases when this is still failing:

1/ Downgrade

[root@rhel70 ~]# rpm -qa openldap\*
openldap-2.4.39-6.el7.x86_64
openldap-devel-2.4.39-6.el7.x86_64
openldap-clients-2.4.39-6.el7.x86_64
[root@rhel70 ~]# rpm -V openldap
[root@rhel70 ~]# 
[root@rhel70 openldap-2.4.40-3.el7]# rpm -Uvh openldap-2.4.40-3.el7.x86_64.rpm openldap-clients-2.4.40-3.el7.x86_64.rpm openldap-devel-2.4.40-3.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.40-3.el7            ################################# [ 17%]
   2:openldap-clients-2.4.40-3.el7    ################################# [ 33%]
   3:openldap-devel-2.4.40-3.el7      ################################# [ 50%]
Cleaning up / removing...
   4:openldap-devel-2.4.39-6.el7      ################################# [ 67%]
   5:openldap-clients-2.4.39-6.el7    ################################# [ 83%]
   6:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 openldap-2.4.40-3.el7]# 
[root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap
[root@rhel70 openldap-2.4.40-3.el7]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    21 Jun 24 13:32 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.3
-rwxr-xr-x. 1 root root 61848 Jun 23 09:37 /usr/lib64/liblber-2.4.so.2.10.3
lrwxrwxrwx. 1 root root    21 Jun 24 13:32 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.3
[root@rhel70 openldap-2.4.40-3.el7]# 
[root@rhel70 openldap-2.4.39-6.el7]# rpm -Uvh --oldpackage openldap-2.4.39-6.el7.x86_64.rpm openldap-clients-2.4.39-6.el7.x86_64.rpm openldap-devel-2.4.39-6.el7.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.39-6.el7            ################################# [ 17%]
   2:openldap-clients-2.4.39-6.el7    ################################# [ 33%]
   3:openldap-devel-2.4.39-6.el7      ################################# [ 50%]
Cleaning up / removing...
   4:openldap-devel-2.4.40-3.el7      ################################# [ 67%]
   5:openldap-clients-2.4.40-3.el7    ################################# [ 83%]
   6:openldap-2.4.40-3.el7            ################################# [100%]
[root@rhel70 openldap-2.4.39-6.el7]# 
[root@rhel70 openldap-2.4.39-6.el7]# rpm -V openldap
....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2
[root@rhel70 openldap-2.4.39-6.el7]# ll /usr/lib64/liblber*
lrwxrwxrwx. 1 root root    10 Jun 24 13:33 /usr/lib64/liblber-2.4.so.2 -> liblber.so
-rwxr-xr-x. 1 root root 62800 Dec  9  2014 /usr/lib64/liblber-2.4.so.2.10.2
lrwxrwxrwx. 1 root root    21 Jun 24 13:33 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2
[root@rhel70 openldap-2.4.39-6.el7]# 


2/ Upgrade when openldap-servers-sql package is installed

[root@rhel70 openldap-2.4.40-3.el7]# rpm -qa openldap\* |sortopenldap-2.4.39-6.el7.i686
openldap-2.4.39-6.el7.x86_64
openldap-devel-2.4.39-6.el7.i686
openldap-devel-2.4.39-6.el7.x86_64
openldap-servers-2.4.39-6.el7.x86_64
openldap-servers-sql-2.4.39-6.el7.x86_64
[root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap.x86_64 openldap.i686[root@rhel70 openldap-2.4.40-3.el7]# 
[root@rhel70 openldap-2.4.40-3.el7]# rpm -Uvh openldap-2.4.40-3.el7.*rpm openldap-devel-2.4.40-3.el7.*rpm openldap-servers-2.4.40-3.el7.x86_64.rpm openldap-servers-sql-2.4.40-3.el7.x86_64.rpm Preparing...                          ################################# [100%]
Updating / installing...
   1:openldap-2.4.40-3.el7            ################################# [  8%]
   2:openldap-servers-2.4.40-3.el7    ################################# [ 17%]
   3:openldap-2.4.40-3.el7            ################################# [ 25%]
   4:openldap-devel-2.4.40-3.el7      ################################# [ 33%]
   5:openldap-servers-sql-2.4.40-3.el7################################# [ 42%]
   6:openldap-devel-2.4.40-3.el7      ################################# [ 50%]
Cleaning up / removing...
   7:openldap-devel-2.4.39-6.el7      ################################# [ 58%]
   8:openldap-devel-2.4.39-6.el7      ################################# [ 67%]
   9:openldap-servers-sql-2.4.39-6.el7################################# [ 75%]
  10:openldap-2.4.39-6.el7            ################################# [ 83%]
  11:openldap-servers-2.4.39-6.el7    ################################# [ 92%]
  12:openldap-2.4.39-6.el7            ################################# [100%]
[root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap.x86_64 openldap.i686....L....    /usr/lib64/liblber-2.4.so.2
....L....    /usr/lib64/libldap-2.4.so.2
....L....    /usr/lib64/libldap_r-2.4.so.2
....L....    /usr/lib64/libslapi-2.4.so.2
[root@rhel70 openldap-2.4.40-3.el7]#

Comment 6 Matus Honek 2015-06-29 16:02:20 UTC

Fixing a wrongly called ldconfig by [1], so that it does what was intended.

Due to the calls to ldconfig in versions 2.4.39-6 and older a downgrade will result to rpm -V complaining in specific situations, that cannot be fixed by fixing future versions. Therefore an attention should be paid on where the links in /usr/lib (/usr/lib64 respectively) are pointing to. See `rpm -V openldap', or `yum verify openldap' with yum-plugin-verify installed, after downgrade for the target libraries.

[1] http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=21dad9dd80b7a23b38590f82593c6c9a33a4e44e

Comment 10 errata-xmlrpc 2015-11-19 08:53:16 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-2131.html

Note You need to log in before you can comment on or make changes to this bug.