Bug 177262 - when launched through user terminal, errors encountered with installation, pup encounters %post and %pre script failures
when launched through user terminal, errors encountered with installation, pu...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-08 08:37 EST by Jim Cornette
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-14 00:49:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
multiversions (1.36 KB, text/plain)
2006-01-14 17:35 EST, Jim Cornette
no flags Details
This is the log for pup (9.96 KB, text/plain)
2006-01-14 23:07 EST, Jim Cornette
no flags Details

  None (edit)
Description Jim Cornette 2006-01-08 08:37:52 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051215 Fedora/1.7.12-3

Description of problem:
I believe this is an SELinux error but not sure if pam, pup could need policy updates.

Launch pup, see errors in terminal:
 pup
error: %post(libgcc-4.1.0-0.14.i386) scriptlet failed, exit status 255
error: %post(libgcj4.1.0-0.14.i386) scriptlet failed, exit status 255
error: %post(cpp-4.1.0-0.14.i386) scriptlet failed, exit status 255
error: %post(gcc-4.1.0-0.14.i386) scriptlet failed, exit status 255
error: %post(gcc-java-4.1.0-0.14.i386) scriptlet failed, exit status 255
error: %post(eclipse-rcp-3.1.1-1jpp_15fc.i386) scriptlet failed, exit status 255error: %pre(kernel-2.6.15-1.1826.2.5_FC5.i686) scriptlet failed, exit status 255error:   install: %pre scriptlet failed (2), skipping kernel-2.6.15-1.1826.2.5_FC5
error: %preun(kernel-2.6.15-1.1819_FC5.i686) scriptlet failed, exit status 255
error: %post(gcc-gfortran-4.1.0-0.14.i386) scriptlet failed, exit status 255
error: %preun(gcc-java-4.1.0-0.12.i386) scriptlet failed, exit status 255
error: %postun(eclipse-rcp-3.1.1-1jpp_14fc.i386) scriptlet failed, exit status 255
error: %preun(gcc-4.1.0-0.12.i386) scriptlet failed, exit status 255
error: %preun(libgcj-4.1.0-0.12.i386) scriptlet failed, exit status 255
error: %preun(cpp-4.1.0-0.12.i386) scriptlet failed, exit status 255

rpm -q libgcc
libgcc-4.1.0-0.14

 rpm -q libgcj
libgcj-4.1.0-0.12
libgcj-4.1.0-0.14

 rpm -q cpp
cpp-4.1.0-0.12
cpp-4.1.0-0.14

 rpm -q gcc
gcc-4.1.0-0.12
gcc-4.1.0-0.14

rpm -q gcc-java
gcc-java-4.1.0-0.12
gcc-java-4.1.0-0.14

 rpm -q eclipse-rcp
eclipse-rcp-3.1.1-1jpp_14fc
eclipse-rcp-3.1.1-1jpp_15fc

Kernel:
 rpm -q kernel
kernel-2.6.15-1.1819_FC5
kernel-2.6.15-1.1826.2.4_FC5
]# uname -r
2.6.15-1.1826.2.4_FC5
[root@c~]# rpm -qV kernel
No information from Verify


This should suffice to track down problem. Holding off on other packages down the line

Version-Release number of selected component (if applicable):
pup-0.9.2-1

How reproducible:
Didn't try

Steps to Reproduce:
1. launch pup from user terminal
2. supply password for root on password screen
3. deselect gstreamer because of know conflict
4. press update button on GUI
5. allow pu to do its thing
  

Actual Results:  After all of the updates were applied, a prompt in the GUI suggested a reboot needed because of updates bein applied.

I'll report back after reboot

Expected Results:  no %post or %pre errors encountered. No multi-version of rpms reported in rpm.

Additional info:

rebooting will confirm or clear.
Comment 1 Jim Cornette 2006-01-08 09:40:58 EST
Supposing the reboot suggestiopn was related to the kernel and packages were
still messed up, I rebooted into 'selinux=0 single' mode and changed to yum
cache for development. I then moved the kernel out of the way and ran 'rpm -Uvh
--replacefiles --replacepkgs *.rpm'. After that step, I ran 'fixfiles relabel'
and rebooted.
Packages that were multi-revision are now clean.

[jim@cornette-lt ~]$ rpm -q libgcc
libgcc-4.1.0-0.14
[jim@cornette-lt ~]$ rpm -q libgcj
libgcj-4.1.0-0.14
[jim@cornette-lt ~]$ rpm -q cpp
cpp-4.1.0-0.14
[jim@cornette-lt ~]$ rpm -q gcc
gcc-4.1.0-0.14
[jim@cornette-lt ~]$ rpm -q gcc-java
gcc-java-4.1.0-0.14
[jim@cornette-lt ~]$ rpm -q eclipse-rcp

packages in cache.
 cd /var/cache/yum/development/packages
[jim@cornette-lt packages]$ ls
cpp-4.1.0-0.14.i386.rpm
eclipse-rcp-3.1.1-1jpp_15fc.i386.rpm
gcc-4.1.0-0.14.i386.rpm
gcc-c++-4.1.0-0.14.i386.rpm
gcc-gfortran-4.1.0-0.14.i386.rpm
gcc-java-4.1.0-0.14.i386.rpm
libgcc-4.1.0-0.14.i386.rpm
libgcj-4.1.0-0.14.i386.rpm
libgcj-devel-4.1.0-0.14.i386.rpm
libgcj-src-4.1.0-0.14.i386.rpm
libgfortran-4.1.0-0.14.i386.rpm
libgomp-4.1.0-0.14.i386.rpm
libstdc++-4.1.0-0.14.i386.rpm
libstdc++-devel-4.1.0-0.14.i386.rpm


Comment 2 Jeremy Katz 2006-01-08 17:37:36 EST
pup shouldn't need anything in the targeted policy afaik.  

Are scriptlet errors occuring just if you do updates with SELinux enabled via
yum or rpm on the command line?  I'm wondering if there's something bad in the
policy (or something that doesn't properly upgrade on a live system).
Comment 3 Jim Cornette 2006-01-08 21:07:42 EST
This was my first attempt to update with pup for awhile. I believe it was the
first try since FC5T1 was introduced.

The tricks that I tried for recovery were from times there were problems with
yum or rpm.

The last time that I updated via yum, there seemed to be no problem. Of course,
I su - from a shell, then run yum -y update or use a script to install the best
that I can, things seem normal.

With pup, I opened a shell, typed pup, gave a password, then worked with the
resulting GUI. I will try yum and rpm with selinux active to see what happens on
the next available update rounds.
Comment 4 Jim Cornette 2006-01-09 06:50:30 EST
Since there was a light load today, I ran pup again in the same way. I will try
rpm with selinux active to see if gedit and yum can be repaired. Yum is of
course not a good choice.

 pup
error: %pre(kernel-2.6.15-1.1826.2.5_FC5.i686) scriptlet failed, exit status
255error:   install: %pre scriptlet failed (2), skipping
kernel-2.6.15-1.1826.2.5_FC5
error: %post(yum-2.5.1-1.noarch) scriptlet failed, exit status 255
error: %post(gedit-2.13.1-2.i386) scriptlet failed, exit status 255
error: %preun(yum-2.5.0-5.noarch) scriptlet failed, exit status 255
error: %preun(kernel-2.6.15-1.1819_FC5.i686) scriptlet failed, exit status 255

 rpm -q yum
yum-2.5.0-5
yum-2.5.1-1
 
rpm -q gedit
gedit-2.13.1-1
gedit-2.13.1-2
 
rpm -q kernel
kernel-2.6.15-1.1819_FC5
kernel-2.6.15-1.1826.2.4_FC5
Comment 5 Jim Cornette 2006-01-09 06:58:15 EST
RPM seems to work fine from a 'su -' shell. Yum did seem to work on last attempt.

cd /var/cache/yum/development/packages/
[root@cornette-lt packages]# ls
gedit-2.13.1-2.i386.rpm                yum-2.5.1-1.noarch.rpm
kernel-2.6.15-1.1826.2.5_FC5.i686.rpm
[root@cornette-lt packages]# rpm -Uvh gedit*.rpm --replacepkgs --replacefiles
Preparing...                ########################################### [100%]
   1:gedit                  ########################################### [100%]
[root@cornette-lt packages]# rpm -q gedit
gedit-2.13.1-2
[root@cornette-lt packages]# rpm -Uvh yum*.rpm --replacepkgs --replacefiles
Preparing...                ########################################### [100%]
   1:yum                    ########################################### [100%]
[root@cornette-lt packages]# rpm -q yum
yum-2.5.1-1
[root@cornette-lt packages]# rpm -ivh kernel*.rpm
Preparing...                ########################################### [100%]
   1:kernel                 ########################################### [100%]
[root@cornette-lt packages]# rpm -q kernel
kernel-2.6.15-1.1819_FC5
kernel-2.6.15-1.1826.2.4_FC5
kernel-2.6.15-1.1826.2.5_FC5
Comment 6 Daniel Walsh 2006-01-09 17:25:08 EST
There problems have been fixed in rawhide updates of policy for a while now.
Comment 7 Jeremy Katz 2006-01-11 18:56:55 EST
This is policy problem.  Transitions need to be allowed for pup (and pirut) to
rpm_exec_t.  The following should do it...

--- serefpolicy-2.1.9/policy/modules/admin/rpm.fc.pirut 2006-01-11
18:59:28.000000000 -0500
+++ serefpolicy-2.1.9/policy/modules/admin/rpm.fc       2006-01-11
18:59:31.000000000 -0500
@@ -15,6 +15,8 @@
 ifdef(`distro_redhat', `
 /usr/sbin/up2date              --      gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/sbin/rhn_check            --      gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/share/pup/pupmain.py                  --     
gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/sbin/pirut                        --     
gen_context(system_u:object_r:rpm_exec_t,s0)
 ')

 /var/lib/alternatives(/.*)?           
gen_context(system_u:object_r:rpm_var_lib_t,s0)
Comment 8 Jim Cornette 2006-01-13 23:26:57 EST
I did not have any updates to apply with pup. I an trying pirut now and it seems
to be working. The shell output reflects a normal yum update/insall. pirut looks
and works a lot better than previous tools.

I did note that both pup and pirut disapear from sight and don't show any status
output like updated completed and needing a close.

Pulling in eclipse showed one error.

warning: jakarta-commons-collections-3.1-2jpp_3fc: Header V3 DSA signature: NOKE
Y, key ID 30c9ecf8

Confirming packages in yum cache were installed outputted the below. I figure
this is because pirut and pup blow out instead of completing their transaction
cleanly.

To confirm downloaded packages gives additional error. RPMs report back rpms as
already being installed. 
 rpm -Uvh *.rpm
warning: ant-antlr-1.6.5-1jpp_2fc.i386.rpm: Header V3 DSA signature: NOKEY, key
ID 30c9ecf8

Checking a couple packages showed no problem on verify either.
Comment 9 Jim Cornette 2006-01-14 17:30:54 EST
Updating rawhide referenced in the linked email shows these packages duplicated.
https://www.redhat.com/archives/fedora-test-list/2006-January/msg00604.html
I will attach a test file as confirmation that the scripts failed.
What pup did was to say the system needed rebooted because of the kernel
payload. RPM did not actually upgraded the kernel. I had to install it using rpm.
Package entries did not clear and multiple revisions are now in the database.

The biggest problem was when I rebooted, the kernel panicked and I needed to
boot with selinux=0 to check which packages were multiversion etries in the
rpmdb and what packages did not install.
rpm and a few other packages needed pulled in n another run of pup (with selinux
disabled.) No problems encountered on the pup run without selinux enabled. 
Comment 10 Jim Cornette 2006-01-14 17:35:08 EST
Created attachment 123207 [details]
multiversions

These seem to be pretty much in line with rawhide report.
https://www.redhat.com/archives/fedora-test-list/2006-January/msg00604.html

What was not duplicated might be not installed on system. No output shown on
terminal.
Comment 11 Jim Cornette 2006-01-14 23:03:22 EST
somehow selinux-targeted ended up missing in action when updating this rawhide
round. The packages that were multi-versioned are corrected after using rpm to
straighten out the problem and yum update to reinstall the packages.
With the next round, I'll open another report since the problem is similar but
different in effect. Error messages were visible in the gnome-terminal where pup
was launched on opening bug. I see no errors displayed in the terminal with the
present state.
Comment 12 Jim Cornette 2006-01-14 23:07:51 EST
Created attachment 123210 [details]
This is the log for pup

pup.log submitted for if anything is revealing in log.
Comment 13 Jim Cornette 2006-01-14 23:13:01 EST
For the log, entries on the bottom for cvs and later were from running pup
without selinux active. the process seemed to complete successfully. I installed
the latest kernel with pup, not rpm from yum cache as reported earlier.
END

Note You need to log in before you can comment on or make changes to this bug.