ERRORS IN PACKAGE CONSTRUCTION In the process of recovery after a crash, I ran a complete check of all packages using the rpm -V option. I noted that certain packages had missing files - not unexpected! I re-installed the faulty packages. I then verified the newly installed packages. Surprisingly I found the certain packages, notably stunnel and kernel-sources-2.2.16 still lacked certain files. These files were in the packages, but were not being installed. ( Note - I was running as root. ) I then changed the permissions of the destination directories to 777, and -lo and behold the files were installed correctly. Two versions of stunnel showed the same defect. It seems that the original package (distributed with RH 7.0) contained a fault - in the installation script perhaps - which was not corrected when the package was rebuilt with upgraded binaries. It might be useful to check packages by performing an install and then an immediate verify. This would be useful especially before the release of a new distribution. I used the following simple shell script to verify all packages in the system and to produce a file listing the results. # get list of packages rpm -qa > packagelist1 # remove dev package - not reliable cat packagelist1 |grep -v ^dev > packagelist rm packagelist1 # if previous version of packagequeryresults exists - delete if [ -f packagequeryresults ] then rm packagequeryresults fi for package in $(cat packagelist) do echo $package >> packagequeryresults echo >> packagequeryresults rpm -V $package >> packagequeryresults echo >> packagequeryresults echo '------------------------------------' >> packagequeryresults done It might be worth considering producing a package of verification and spring cleaning utilities. After many upgrades, junk inevitably accumulates on the hard disk. Of course it would have to be exclude the /home, /tmp and possibly /var from the check, but here I believe that the openess of Linux can be used as a selling point compared to Windows, in that verification is much easier and certain.
We already perform sanity tests (and more) on packages in the distribution. If the missing file is the certificate, then it's missing because it's tagged as a ghost configuration file (shipping a default certificate would be a horrible idea -- every system which installed the package would have the same default with the same private and public key, and would effectively provide zero addtional security). You can query a package for the files it includes, and the decimal values of the flags for each file, by running: rpm -q stunnel --queryformat '[%{fileflags} %{filenames}\n]' The flags are defined in /usr/include/rpm/rpmlib.h, and the 89 that accompanies the .pem file breaks down to GHOST(64) + NOREPLACE(32) + MISSINGOK(16) + CONFIG(8).