RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1378774 - some rpm verify issues of package libvirt-daemon-config-nwfilter.x86_64
Summary: some rpm verify issues of package libvirt-daemon-config-nwfilter.x86_64
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: rc
: 7.4
Assignee: Jiri Denemark
QA Contact: yalzhang@redhat.com
URL:
Whiteboard:
: 1436911 (view as bug list)
Depends On:
Blocks: 1436519
TreeView+ depends on / blocked
 
Reported: 2016-09-23 08:57 UTC by Xuesong Zhang
Modified: 2017-08-01 23:57 UTC (History)
8 users (show)

Fixed In Version: libvirt-3.2.0-3.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 17:16:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1846 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2017-08-01 18:02:50 UTC

Comment 6 yalzhang@redhat.com 2017-01-09 04:37:53 UTC 
Waive this failure.
Comment 7 Jaroslav Suchanek 2017-04-04 15:00:47 UTC 
*** Bug 1436911 has been marked as a duplicate of this bug. ***
Comment 8 Douglas Schilling Landgraf 2017-04-04 17:43:48 UTC 
Reopening to have a downstream tracker.
Comment 9 Jiri Denemark 2017-04-19 09:44:20 UTC 
Fixed upstream by

commit 1d3963dba5b8fbaa1d465d642d516be530618d25
Refs: v3.2.0-181-g1d3963dba
Author:     Jiri Denemark <jdenemar>
AuthorDate: Wed Apr 12 21:36:01 2017 +0200
Commit:     Jiri Denemark <jdenemar>
CommitDate: Wed Apr 19 11:36:06 2017 +0200

    spec: Avoid RPM verification errors on nwfilter XMLs

    /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
    means libvirtd will automatically alter all of them once it starts. Thus
    RPM verification will always fail on them. Let's use a trick similar to
    the default network XML and store nwfilter XMLs in /usr/share. They will
    be copied into /etc in %post. Additionally the /etc files are marked as
    %ghost so that they are uninstalled if the RPM package is removed.

    Note that the %post script overwrites existing files with new ones on
    upgrade, which is what has always been happening.

    https://bugzilla.redhat.com/show_bug.cgi?id=1431581
    https://bugzilla.redhat.com/show_bug.cgi?id=1378774

    Signed-off-by: Jiri Denemark <jdenemar>
Comment 12 yalzhang@redhat.com 2017-05-10 08:52:45 UTC 
test on libvirt-3.2.0-4.el7.x86_64, the result is as expected. set this bug to be verified.

reproduce on libvirt-3.2.0-2.el7.x86_64
# rpm -V libvirt-daemon-config-nwfilter
SM5....T.    /etc/libvirt/nwfilter/allow-arp.xml
SM5....T.    /etc/libvirt/nwfilter/allow-dhcp-server.xml
SM5....T.    /etc/libvirt/nwfilter/allow-dhcp.xml
SM5....T.    /etc/libvirt/nwfilter/allow-incoming-ipv4.xml
SM5....T.    /etc/libvirt/nwfilter/allow-ipv4.xml
SM5....T.    /etc/libvirt/nwfilter/clean-traffic.xml
SM5....T.    /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
SM5....T.    /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
SM5....T.    /etc/libvirt/nwfilter/no-arp-spoofing.xml
SM5....T.    /etc/libvirt/nwfilter/no-ip-multicast.xml
SM5....T.    /etc/libvirt/nwfilter/no-ip-spoofing.xml
SM5....T.    /etc/libvirt/nwfilter/no-mac-broadcast.xml
SM5....T.    /etc/libvirt/nwfilter/no-mac-spoofing.xml
SM5....T.    /etc/libvirt/nwfilter/no-other-l2-traffic.xml
SM5....T.    /etc/libvirt/nwfilter/no-other-rarp-traffic.xml
SM5....T.    /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
SM5....T.    /etc/libvirt/nwfilter/qemu-announce-self.xml

stop the libvirtd service, update libvirt to libvirt-3.2.0-4.el7.x86_64
# rpm -ql libvirt-daemon-config-nwfilter
/etc/libvirt/nwfilter/allow-arp.xml
/etc/libvirt/nwfilter/allow-dhcp-server.xml
/etc/libvirt/nwfilter/allow-dhcp.xml
/etc/libvirt/nwfilter/allow-incoming-ipv4.xml
/etc/libvirt/nwfilter/allow-ipv4.xml
/etc/libvirt/nwfilter/clean-traffic.xml
/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
/etc/libvirt/nwfilter/no-arp-spoofing.xml
/etc/libvirt/nwfilter/no-ip-multicast.xml
/etc/libvirt/nwfilter/no-ip-spoofing.xml
/etc/libvirt/nwfilter/no-mac-broadcast.xml
/etc/libvirt/nwfilter/no-mac-spoofing.xml
/etc/libvirt/nwfilter/no-other-l2-traffic.xml
/etc/libvirt/nwfilter/no-other-rarp-traffic.xml
/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
/etc/libvirt/nwfilter/qemu-announce-self.xml
/usr/share/libvirt/nwfilter
/usr/share/libvirt/nwfilter/allow-arp.xml
/usr/share/libvirt/nwfilter/allow-dhcp-server.xml
/usr/share/libvirt/nwfilter/allow-dhcp.xml
/usr/share/libvirt/nwfilter/allow-incoming-ipv4.xml
/usr/share/libvirt/nwfilter/allow-ipv4.xml
/usr/share/libvirt/nwfilter/clean-traffic.xml
/usr/share/libvirt/nwfilter/no-arp-ip-spoofing.xml
/usr/share/libvirt/nwfilter/no-arp-mac-spoofing.xml
/usr/share/libvirt/nwfilter/no-arp-spoofing.xml
/usr/share/libvirt/nwfilter/no-ip-multicast.xml
/usr/share/libvirt/nwfilter/no-ip-spoofing.xml
/usr/share/libvirt/nwfilter/no-mac-broadcast.xml
/usr/share/libvirt/nwfilter/no-mac-spoofing.xml
/usr/share/libvirt/nwfilter/no-other-l2-traffic.xml
/usr/share/libvirt/nwfilter/no-other-rarp-traffic.xml
/usr/share/libvirt/nwfilter/qemu-announce-self-rarp.xml
/usr/share/libvirt/nwfilter/qemu-announce-self.xml

# diff  /usr/share/libvirt/nwfilter/allow-arp.xml /etc/libvirt/nwfilter/allow-arp.xml
#
# service libvirtd start

# diff /usr/share/libvirt/nwfilter/allow-arp.xml /etc/libvirt/nwfilter/allow-arp.xml
< <filter name='allow-arp' chain='arp'>
<   <rule direction='inout' action='accept'/>
---
> <!--
> WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
> OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
>   virsh nwfilter-edit allow-arp
> or other application using the libvirt API.
> -->
> 
> <filter name='allow-arp' chain='arp' priority='-500'>
>   <uuid>1993f0d9-a295-46ed-bf41-842886bdaecd</uuid>
>   <rule action='accept' direction='inout' priority='500'/>

# rpm -V libvirt-daemon-config-nwfilter
#
Comment 13 errata-xmlrpc 2017-08-01 17:16:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1846
Comment 14 errata-xmlrpc 2017-08-01 23:57:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1846
Note You need to log in before you can comment on or make changes to this bug.