Bug 179898 - up2date: rpm verify fails due to config files in .spec not marked with %verify
Summary: up2date: rpm verify fails due to config files in .spec not marked with %verify
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Bryan Kearney
QA Contact: Beth Nackashi
Depends On:
Blocks: 179644 181409
TreeView+ depends on / blocked
Reported: 2006-02-03 19:02 UTC by Adrian Likins
Modified: 2013-01-10 08:50 UTC (History)
0 users

Clone Of:
Last Closed: 2006-08-01 21:13:44 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0494 normal SHIPPED_LIVE up2date bug fix update 2006-08-01 04:00:00 UTC

Description Adrian Likins 2006-02-03 19:02:28 UTC
+++ This bug was initially created as a clone of Bug #179896 +++

The TPS rpm-verify tests fail because the /etc/sysconfig/rhn/up2date 
and /etc/sysconfig/rhn/up2date-uuid will always be different from

They need to be flagged with approriate %verify bits so they pass
this test.

Comment 3 Fanny Augustin 2006-05-09 19:31:43 UTC
This bug has been fixed in this release

Comment 5 Beth Nackashi 2006-06-02 19:42:48 UTC
Packages tested:

Architectures tested:
i386, ia64, x86_64, s390, s390x, ppc

All had a timestamp change on the config files (up2date and up2date-uuid). 
Should timestamp be added to the list of excludes as well?

Comment 6 Beth Nackashi 2006-06-02 20:07:16 UTC
Hmm.  After further research, I see that this is not timestamp related at all. 
This is some sort of "context" flag.  It means that the context stored in the
file's extended attribute on disk is inconsistent with the file_contexts
configuration.  To fix, run /sbin/restorecon on the file(s) in question.

So, should "context" be added to the list of excludes?  Is that even allowed?

Comment 7 James Bowes 2006-06-05 14:39:40 UTC
Nice digging, Beth.

I think context is related to SELinux security context. There's no way to add it
to the list of excludes in the spec file though, so I think we'll have to figure
out what's causing the context change and fix that.

Comment 8 James Bowes 2006-06-28 18:13:55 UTC
are expected to have the security context 'system_u:object_r:etc_t'.
In the post install of the up2date rpm we did 2 things:
* find and replace on the up2date-uuid to put a uuid in.
* copy /etc/up2date to /etc/sysconfig/rhn/up2date if it exists.
These two actions will change the context of these files to 'root:object_r:etc_t',
which gives us our rpm --verify error.

I added restorecon -F <filename> after the operations on those two files in the
post, to fix their security contexts.

Comment 9 Beth Nackashi 2006-06-28 19:58:09 UTC
Ok, this doesn't seem to work unless I run restorecon:

.qa.[root@x86_64-4as tmp]# rpm -V up2date
....L....   /etc/sysconfig/rhn
........C c /etc/sysconfig/rhn/up2date
.qa.[root@x86_64-4as tmp]# /sbin/restorecon /etc/sysconfig/rhn/up2date
.qa.[root@x86_64-4as tmp]# rpm -V up2date
....L....   /etc/sysconfig/rhn
.qa.[root@x86_64-4as up2date_client]# rpm -q up2date

Comment 10 Beth Nackashi 2006-06-30 17:20:35 UTC
Looks like I need to run restorecon manually on the TPS boxes before TPS
installs the latest version of up2date.  Otherwise, rpm -V will fail.

Comment 11 Beth Nackashi 2006-06-30 17:21:18 UTC

Comment 13 Red Hat Bugzilla 2006-08-01 21:13:44 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.