Bug 202805 - rpm --verify returns undocumented "C" flag, "C" check cannot be disabled
rpm --verify returns undocumented "C" flag, "C" check cannot be disabled
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
Mike McLean
Depends On:
  Show dependency treegraph
Reported: 2006-08-16 11:21 EDT by Mark Frazer
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-16 11:37:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark Frazer 2006-08-16 11:21:13 EDT
Description of problem:
The C flag is not documented.  It appears (from a quick browse of the source) to
be related SE linux security context not matching.  Searching for
RPMVERIFY_CONTEXTS in lib/verify.c to find it.

There is also no --nocontexts flag to rpm --verify, so this check will always
turn up.  This is also documented in the source.
[root@pacific rpm-4.4.1]# grep 'flags |= RPMVERIFY_CONTEXTS' lib/verify.c
    flags |= RPMVERIFY_CONTEXTS;        /* no disable from package. */

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
I encountered this after replacing an old disk with a new one.  My update
procedure was to boot to the rescue CD, rsync the old disk partitions with the
partitions on the new disk (rsync -aH /mnt/old/ /mnt/new), install grub on the
new disk and then remove the old disk.

I guess the rsync lost whatever SE linux is looking for.

Actual results:
[root@pacific rpm-4.4.1]# rpm --verify openssh-clients
........C c /etc/ssh/ssh_config
........C   /usr/bin/scp
........C   /usr/bin/sftp
........C   /usr/bin/slogin
........C   /usr/bin/ssh
........C   /usr/bin/ssh-add
........C   /usr/bin/ssh-agent
........C   /usr/bin/ssh-copy-id
........C   /usr/bin/ssh-keyscan
........C d /usr/share/man/man1/scp.1.gz
........C d /usr/share/man/man1/sftp.1.gz
........C d /usr/share/man/man1/slogin.1.gz
........C d /usr/share/man/man1/ssh-add.1.gz
........C d /usr/share/man/man1/ssh-agent.1.gz
........C d /usr/share/man/man1/ssh-copy-id.1.gz
........C d /usr/share/man/man1/ssh-keyscan.1.gz
........C d /usr/share/man/man1/ssh.1.gz
........C d /usr/share/man/man5/ssh_config.5.gz

Expected results:
No output, ie, my rpm installations have not been corrupted.

Additional info:
Comment 1 Paul Nasrat 2006-08-16 11:37:22 EDT
use restorecon to fix contexts.  File bugs against rsync for not preserving
xattrs which hold the contexts.

This check is gone in later RPM so I'm not going to release a man page update
for fc4 at this time.
Comment 2 Mark Frazer 2006-08-16 11:54:04 EDT
rpm -qa | while read rpm ; do rpm -ql $rpm | restorecon -f - ; done

did the trick.

I googled a bit for this before filing the bug and saw a few people running ES4
that had a similar problem.

thanks for the fix!
Comment 3 zimon 2006-08-28 16:02:30 EDT
I wonder, why this is marked as WONTFIX+CLOSED.
I was just wondering the same undocumentd ninth field "C", Googled around, asked
on linuxquestions.org but couldn't find anything until then here.
Comment 4 zimon 2006-08-28 16:05:49 EDT
Ah, sorry. Paul already wrote why it wont be fixed. Ok. Just it still gives
those "C":s in Fedora core 5, with rpm version 4.4.2

Note You need to log in before you can comment on or make changes to this bug.