Bug 202805 - rpm --verify returns undocumented "C" flag, "C" check cannot be disabled
Summary: rpm --verify returns undocumented "C" flag, "C" check cannot be disabled
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Paul Nasrat
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-08-16 15:21 UTC by Mark Frazer
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-08-16 15:37:22 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Mark Frazer 2006-08-16 15:21:13 UTC 
Description of problem:
The C flag is not documented.  It appears (from a quick browse of the source) to
be related SE linux security context not matching.  Searching for
RPMVERIFY_CONTEXTS in lib/verify.c to find it.

There is also no --nocontexts flag to rpm --verify, so this check will always
turn up.  This is also documented in the source.
[root@pacific rpm-4.4.1]# grep 'flags |= RPMVERIFY_CONTEXTS' lib/verify.c
    flags |= RPMVERIFY_CONTEXTS;        /* no disable from package. */


Version-Release number of selected component (if applicable):
rpm-4.4.1-23

How reproducible:
always

Steps to Reproduce:
I encountered this after replacing an old disk with a new one.  My update
procedure was to boot to the rescue CD, rsync the old disk partitions with the
partitions on the new disk (rsync -aH /mnt/old/ /mnt/new), install grub on the
new disk and then remove the old disk.

I guess the rsync lost whatever SE linux is looking for.

Actual results:
[root@pacific rpm-4.4.1]# rpm --verify openssh-clients
........C c /etc/ssh/ssh_config
........C   /usr/bin/scp
........C   /usr/bin/sftp
........C   /usr/bin/slogin
........C   /usr/bin/ssh
........C   /usr/bin/ssh-add
........C   /usr/bin/ssh-agent
........C   /usr/bin/ssh-copy-id
........C   /usr/bin/ssh-keyscan
........C d /usr/share/man/man1/scp.1.gz
........C d /usr/share/man/man1/sftp.1.gz
........C d /usr/share/man/man1/slogin.1.gz
........C d /usr/share/man/man1/ssh-add.1.gz
........C d /usr/share/man/man1/ssh-agent.1.gz
........C d /usr/share/man/man1/ssh-copy-id.1.gz
........C d /usr/share/man/man1/ssh-keyscan.1.gz
........C d /usr/share/man/man1/ssh.1.gz
........C d /usr/share/man/man5/ssh_config.5.gz

Expected results:
No output, ie, my rpm installations have not been corrupted.

Additional info:
Comment 1 Paul Nasrat 2006-08-16 15:37:22 UTC 
use restorecon to fix contexts.  File bugs against rsync for not preserving
xattrs which hold the contexts.

This check is gone in later RPM so I'm not going to release a man page update
for fc4 at this time.
Comment 2 Mark Frazer 2006-08-16 15:54:04 UTC 
rpm -qa | while read rpm ; do rpm -ql $rpm | restorecon -f - ; done

did the trick.

I googled a bit for this before filing the bug and saw a few people running ES4
that had a similar problem.

thanks for the fix!
Comment 3 zimon 2006-08-28 20:02:30 UTC 
I wonder, why this is marked as WONTFIX+CLOSED.
I was just wondering the same undocumentd ninth field "C", Googled around, asked
on linuxquestions.org but couldn't find anything until then here.
Comment 4 zimon 2006-08-28 20:05:49 UTC 
Ah, sorry. Paul already wrote why it wont be fixed. Ok. Just it still gives
those "C":s in Fedora core 5, with rpm version 4.4.2
Note You need to log in before you can comment on or make changes to this bug.