Description of problem: The C flag is not documented. It appears (from a quick browse of the source) to be related SE linux security context not matching. Searching for RPMVERIFY_CONTEXTS in lib/verify.c to find it. There is also no --nocontexts flag to rpm --verify, so this check will always turn up. This is also documented in the source. [root@pacific rpm-4.4.1]# grep 'flags |= RPMVERIFY_CONTEXTS' lib/verify.c flags |= RPMVERIFY_CONTEXTS; /* no disable from package. */ Version-Release number of selected component (if applicable): rpm-4.4.1-23 How reproducible: always Steps to Reproduce: I encountered this after replacing an old disk with a new one. My update procedure was to boot to the rescue CD, rsync the old disk partitions with the partitions on the new disk (rsync -aH /mnt/old/ /mnt/new), install grub on the new disk and then remove the old disk. I guess the rsync lost whatever SE linux is looking for. Actual results: [root@pacific rpm-4.4.1]# rpm --verify openssh-clients ........C c /etc/ssh/ssh_config ........C /usr/bin/scp ........C /usr/bin/sftp ........C /usr/bin/slogin ........C /usr/bin/ssh ........C /usr/bin/ssh-add ........C /usr/bin/ssh-agent ........C /usr/bin/ssh-copy-id ........C /usr/bin/ssh-keyscan ........C d /usr/share/man/man1/scp.1.gz ........C d /usr/share/man/man1/sftp.1.gz ........C d /usr/share/man/man1/slogin.1.gz ........C d /usr/share/man/man1/ssh-add.1.gz ........C d /usr/share/man/man1/ssh-agent.1.gz ........C d /usr/share/man/man1/ssh-copy-id.1.gz ........C d /usr/share/man/man1/ssh-keyscan.1.gz ........C d /usr/share/man/man1/ssh.1.gz ........C d /usr/share/man/man5/ssh_config.5.gz Expected results: No output, ie, my rpm installations have not been corrupted. Additional info:
use restorecon to fix contexts. File bugs against rsync for not preserving xattrs which hold the contexts. This check is gone in later RPM so I'm not going to release a man page update for fc4 at this time.
rpm -qa | while read rpm ; do rpm -ql $rpm | restorecon -f - ; done did the trick. I googled a bit for this before filing the bug and saw a few people running ES4 that had a similar problem. thanks for the fix!
I wonder, why this is marked as WONTFIX+CLOSED. I was just wondering the same undocumentd ninth field "C", Googled around, asked on linuxquestions.org but couldn't find anything until then here.
Ah, sorry. Paul already wrote why it wont be fixed. Ok. Just it still gives those "C":s in Fedora core 5, with rpm version 4.4.2