Bug 1230263
| Summary: | rpm -V openldap complains | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> |
| Component: | openldap | Assignee: | Matus Honek <mhonek> |
| Status: | CLOSED ERRATA | QA Contact: | Patrik Kis <pkis> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.2 | CC: | ebenes, jsynacek, mkosek |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 2.4.40-4 | Doc Type: | Bug Fix |
| Doc Text: |
After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the "rpm -V openldap" command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation.
If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the "rpm -V openldap" or "yum verify openldap" command.
|
Story Points: | --- |
| Clone Of: | 466924 | Environment: | |
| Last Closed: | 2015-11-19 08:53:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Patrik Kis
2015-06-10 14:02:02 UTC
This is a regression with serious impact on the system. In short, when a system is upgraded and the openldap-devel package is removed (what is perfectly valid operation), the system will be in in inconsistent state. As correctly stated by Patrik, the links point to wrong files, therefore rpm -V complains those files are broken.
The cause is /sbin/ldconfig which was present at multiple places in the openldap.spec file and which made the links with filename equal to the SONAME of the library to point to links of filename equal to a base name of a library. That means a problem would occur, as also correctly stated by Patrik, on removal of the link caused by removing openldap-devel package.
The problem seems to be in multiple packages and each one solves it its way. See a discussion [1] for example.
Because all the links for the ${_libdir} are provided as files by packages themselves, I drop the calls of /sbin/ldconfig from the .spec file and call it only where required. See git-diff [2].
[1] http://thread.gmane.org/gmane.linux.redhat.fedora.devel/181593
[2] http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=92c3debede102153b9802e19b527397839fa2b2c
Although rpm -V does not report error when upgrading to the latest package, I found two cases when this is still failing: 1/ Downgrade [root@rhel70 ~]# rpm -qa openldap\* openldap-2.4.39-6.el7.x86_64 openldap-devel-2.4.39-6.el7.x86_64 openldap-clients-2.4.39-6.el7.x86_64 [root@rhel70 ~]# rpm -V openldap [root@rhel70 ~]# [root@rhel70 openldap-2.4.40-3.el7]# rpm -Uvh openldap-2.4.40-3.el7.x86_64.rpm openldap-clients-2.4.40-3.el7.x86_64.rpm openldap-devel-2.4.40-3.el7.x86_64.rpm Preparing... ################################# [100%] Updating / installing... 1:openldap-2.4.40-3.el7 ################################# [ 17%] 2:openldap-clients-2.4.40-3.el7 ################################# [ 33%] 3:openldap-devel-2.4.40-3.el7 ################################# [ 50%] Cleaning up / removing... 4:openldap-devel-2.4.39-6.el7 ################################# [ 67%] 5:openldap-clients-2.4.39-6.el7 ################################# [ 83%] 6:openldap-2.4.39-6.el7 ################################# [100%] [root@rhel70 openldap-2.4.40-3.el7]# [root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap [root@rhel70 openldap-2.4.40-3.el7]# ll /usr/lib64/liblber* lrwxrwxrwx. 1 root root 21 Jun 24 13:32 /usr/lib64/liblber-2.4.so.2 -> liblber-2.4.so.2.10.3 -rwxr-xr-x. 1 root root 61848 Jun 23 09:37 /usr/lib64/liblber-2.4.so.2.10.3 lrwxrwxrwx. 1 root root 21 Jun 24 13:32 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.3 [root@rhel70 openldap-2.4.40-3.el7]# [root@rhel70 openldap-2.4.39-6.el7]# rpm -Uvh --oldpackage openldap-2.4.39-6.el7.x86_64.rpm openldap-clients-2.4.39-6.el7.x86_64.rpm openldap-devel-2.4.39-6.el7.x86_64.rpm Preparing... ################################# [100%] Updating / installing... 1:openldap-2.4.39-6.el7 ################################# [ 17%] 2:openldap-clients-2.4.39-6.el7 ################################# [ 33%] 3:openldap-devel-2.4.39-6.el7 ################################# [ 50%] Cleaning up / removing... 4:openldap-devel-2.4.40-3.el7 ################################# [ 67%] 5:openldap-clients-2.4.40-3.el7 ################################# [ 83%] 6:openldap-2.4.40-3.el7 ################################# [100%] [root@rhel70 openldap-2.4.39-6.el7]# [root@rhel70 openldap-2.4.39-6.el7]# rpm -V openldap ....L.... /usr/lib64/liblber-2.4.so.2 ....L.... /usr/lib64/libldap-2.4.so.2 ....L.... /usr/lib64/libldap_r-2.4.so.2 ....L.... /usr/lib64/libslapi-2.4.so.2 [root@rhel70 openldap-2.4.39-6.el7]# ll /usr/lib64/liblber* lrwxrwxrwx. 1 root root 10 Jun 24 13:33 /usr/lib64/liblber-2.4.so.2 -> liblber.so -rwxr-xr-x. 1 root root 62800 Dec 9 2014 /usr/lib64/liblber-2.4.so.2.10.2 lrwxrwxrwx. 1 root root 21 Jun 24 13:33 /usr/lib64/liblber.so -> liblber-2.4.so.2.10.2 [root@rhel70 openldap-2.4.39-6.el7]# 2/ Upgrade when openldap-servers-sql package is installed [root@rhel70 openldap-2.4.40-3.el7]# rpm -qa openldap\* |sortopenldap-2.4.39-6.el7.i686 openldap-2.4.39-6.el7.x86_64 openldap-devel-2.4.39-6.el7.i686 openldap-devel-2.4.39-6.el7.x86_64 openldap-servers-2.4.39-6.el7.x86_64 openldap-servers-sql-2.4.39-6.el7.x86_64 [root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap.x86_64 openldap.i686[root@rhel70 openldap-2.4.40-3.el7]# [root@rhel70 openldap-2.4.40-3.el7]# rpm -Uvh openldap-2.4.40-3.el7.*rpm openldap-devel-2.4.40-3.el7.*rpm openldap-servers-2.4.40-3.el7.x86_64.rpm openldap-servers-sql-2.4.40-3.el7.x86_64.rpm Preparing... ################################# [100%] Updating / installing... 1:openldap-2.4.40-3.el7 ################################# [ 8%] 2:openldap-servers-2.4.40-3.el7 ################################# [ 17%] 3:openldap-2.4.40-3.el7 ################################# [ 25%] 4:openldap-devel-2.4.40-3.el7 ################################# [ 33%] 5:openldap-servers-sql-2.4.40-3.el7################################# [ 42%] 6:openldap-devel-2.4.40-3.el7 ################################# [ 50%] Cleaning up / removing... 7:openldap-devel-2.4.39-6.el7 ################################# [ 58%] 8:openldap-devel-2.4.39-6.el7 ################################# [ 67%] 9:openldap-servers-sql-2.4.39-6.el7################################# [ 75%] 10:openldap-2.4.39-6.el7 ################################# [ 83%] 11:openldap-servers-2.4.39-6.el7 ################################# [ 92%] 12:openldap-2.4.39-6.el7 ################################# [100%] [root@rhel70 openldap-2.4.40-3.el7]# rpm -V openldap.x86_64 openldap.i686....L.... /usr/lib64/liblber-2.4.so.2 ....L.... /usr/lib64/libldap-2.4.so.2 ....L.... /usr/lib64/libldap_r-2.4.so.2 ....L.... /usr/lib64/libslapi-2.4.so.2 [root@rhel70 openldap-2.4.40-3.el7]# Fixing a wrongly called ldconfig by [1], so that it does what was intended. Due to the calls to ldconfig in versions 2.4.39-6 and older a downgrade will result to rpm -V complaining in specific situations, that cannot be fixed by fixing future versions. Therefore an attention should be paid on where the links in /usr/lib (/usr/lib64 respectively) are pointing to. See `rpm -V openldap', or `yum verify openldap' with yum-plugin-verify installed, after downgrade for the target libraries. [1] http://pkgs.devel.redhat.com/cgit/rpms/openldap/commit/?h=rhel-7.2&id=21dad9dd80b7a23b38590f82593c6c9a33a4e44e Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2131.html |