Bug 179898 - up2date: rpm verify fails due to config files in .spec not marked with %verify
up2date: rpm verify fails due to config files in .spec not marked with %verify
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bryan Kearney
Beth Nackashi
Depends On:
Blocks: 179644 181409
  Show dependency treegraph
Reported: 2006-02-03 14:02 EST by Adrian Likins
Modified: 2013-01-10 03:50 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2006-0494
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-01 17:13:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adrian Likins 2006-02-03 14:02:28 EST
+++ This bug was initially created as a clone of Bug #179896 +++

The TPS rpm-verify tests fail because the /etc/sysconfig/rhn/up2date 
and /etc/sysconfig/rhn/up2date-uuid will always be different from

They need to be flagged with approriate %verify bits so they pass
this test.
Comment 3 Fanny Augustin 2006-05-09 15:31:43 EDT
This bug has been fixed in this release
Comment 5 Beth Nackashi 2006-06-02 15:42:48 EDT
Packages tested:

Architectures tested:
i386, ia64, x86_64, s390, s390x, ppc

All had a timestamp change on the config files (up2date and up2date-uuid). 
Should timestamp be added to the list of excludes as well?
Comment 6 Beth Nackashi 2006-06-02 16:07:16 EDT
Hmm.  After further research, I see that this is not timestamp related at all. 
This is some sort of "context" flag.  It means that the context stored in the
file's extended attribute on disk is inconsistent with the file_contexts
configuration.  To fix, run /sbin/restorecon on the file(s) in question.

So, should "context" be added to the list of excludes?  Is that even allowed?
Comment 7 James Bowes 2006-06-05 10:39:40 EDT
Nice digging, Beth.

I think context is related to SELinux security context. There's no way to add it
to the list of excludes in the spec file though, so I think we'll have to figure
out what's causing the context change and fix that.
Comment 8 James Bowes 2006-06-28 14:13:55 EDT
are expected to have the security context 'system_u:object_r:etc_t'.
In the post install of the up2date rpm we did 2 things:
* find and replace on the up2date-uuid to put a uuid in.
* copy /etc/up2date to /etc/sysconfig/rhn/up2date if it exists.
These two actions will change the context of these files to 'root:object_r:etc_t',
which gives us our rpm --verify error.

I added restorecon -F <filename> after the operations on those two files in the
post, to fix their security contexts.
Comment 9 Beth Nackashi 2006-06-28 15:58:09 EDT
Ok, this doesn't seem to work unless I run restorecon:

.qa.[root@x86_64-4as tmp]# rpm -V up2date
....L....   /etc/sysconfig/rhn
........C c /etc/sysconfig/rhn/up2date
.qa.[root@x86_64-4as tmp]# /sbin/restorecon /etc/sysconfig/rhn/up2date
.qa.[root@x86_64-4as tmp]# rpm -V up2date
....L....   /etc/sysconfig/rhn
.qa.[root@x86_64-4as up2date_client]# rpm -q up2date
Comment 10 Beth Nackashi 2006-06-30 13:20:35 EDT
Looks like I need to run restorecon manually on the TPS boxes before TPS
installs the latest version of up2date.  Otherwise, rpm -V will fail.
Comment 11 Beth Nackashi 2006-06-30 13:21:18 EDT
Comment 13 Red Hat Bugzilla 2006-08-01 17:13:44 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.