Bug 573320
| Summary: | chattr attrib on /etc/samba/smb.conf file during package update | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Aaron Lippold <aaron.lippold> |
| Component: | rpm | Assignee: | Packaging Maintenance Team <packaging-team-maint> |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 5.4 | CC: | aaron.lippold, dpal, ffesti, gdeschner, jamisonm |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
lsattr /etc/samba/smb.conf
----i-------- /etc/samba/smb.conf
chattr -i /etc/samba/smb.conf
yum update samba-common
chattr +i /etc/samba/smb.conf
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-03-15 11:23:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: lsattr /etc/samba/smb.conf ----i-------- /etc/samba/smb.conf chattr -i /etc/samba/smb.conf yum update samba-common chattr +i /etc/samba/smb.conf The samba spec file has: %config(noreplace) %{_sysconfdir}/samba/smb.conf
so we think there is something wrong with how rpm is behaving in this case.
Hmm, interesting case. The deal here is that %config(noreplace) does not mean rpm will /never/ replace the file, it means rpm will not replace a /modified/ configuration file. As long as the config file is pristine from the package, rpm will update it, this is the intended and wanted behavior to allow packages to tweak their default configuration as long as user didn't customize it. It's just that rpm doesn't know anything about immutable files currently. So here's the reproducer case into an empty chroot: [root@dhcp102 rpm]# ./rpm -Uvh --root /home/test/ /home/pmatilai/rpmbuild/RPMS/noarch/conftest-1.0-1.noarch.rpm Preparing... ########################################### [100%] 1:conftest ########################################### [100%] [root@dhcp102 rpm]# chattr +i /home/test/etc/boo.conf[root@dhcp102 rpm]# ./rpm -Uvh --root /home/test/ /home/pmatilai/rpmbuild/RPMS/noarch/conftest-1.0-2.noarch.rpm Preparing... ########################################### [100%] 1:conftest ########################################### [100%] error: unpacking of archive failed on file /etc/boo.conf: cpio: rename failed - Operation not permitted error: conftest-1.0-2.noarch: install failed error: conftest-1.0-1.noarch: erase skipped And the same with a modified config file: [root@dhcp102 rpm]# ./rpm -Uvh --root /home/test/ /home/pmatilai/rpmbuild/RPMS/noarch/conftest-1.0-1.noarch.rpm Preparing... ########################################### [100%] 1:conftest ########################################### [100%] [root@dhcp102 rpm]# echo foobar > /home/test/etc/boo.conf [root@dhcp102 rpm]# chattr +i /home/test/etc/boo.conf [root@dhcp102 rpm]# ./rpm -Uvh --root /home/test/ /home/pmatilai/rpmbuild/RPMS/noarch/conftest-1.0-2.noarch.rpm Preparing... ########################################### [100%] 1:conftest ########################################### [100%] [root@dhcp102 rpm]# Oh and I tend to agree, this isn't the most productive way of handling the situation, at least for %config files. Just in case it's not obvious from between the lines of the above, the simple workaround to this issue is: If you dont want rpm to touch the config file, just modify it before making it immutable. Anything that changes the checksum of the file will do, such as adding a blank trailing line (which many, if not all config files accept): # echo -e "\n" >> /etc/samba/smb.conf # chattr +i /etc/samba/smb.conf While rpm trying to replace the file is not a bug a better error handling is desirable. But this is out of the scope of an RHEL5 update but needs some serious work upstream. Moved the issue to the upstream bugtracker: http://rpm.org/ticket/860 Thanks for reporting! |
Description of problem: The /etc/samba/smb.conf file is set immutable. This need to be taken into account in the spec file when doing an update or remove action. Version-Release number of selected component (if applicable): All versions of samba-common on the RHEL5.x baseline that I can think of How reproducible: Steps to Reproduce: 1. Do a yum update on samba-common 2. 3. Actual results: [~]# yum update samba-common Loaded plugins: changelog, downloadonly, kmod, protectbase, rhnplugin, security, : versionlock 0 packages excluded due to repository protections Skipping security plugin, no data Reading version lock configuration Setting up Update Process Resolving Dependencies Skipping security plugin, no data --> Running transaction check ---> Package samba-common.i386 0:3.0.33-3.15.el5_4.1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: samba-common i386 3.0.33-3.15.el5_4.1 rhel-i386-server-5 8.7 M Transaction Summary ================================================================================ Install 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total size: 8.7 M Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : samba-common 1/2 Error unpacking rpm package samba-common-3.0.33-3.15.el5_4.1.i386 error: unpacking of archive failed on file /etc/samba/smb.conf: cpio: rename Failed: samba-common.i386 0:3.0.33-3.15.el5_4.1 Complete! Expected results: root@CPK01R-02 ~]# yum update samba-common Loaded plugins: changelog, downloadonly, kmod, protectbase, rhnplugin, security, : versionlock 0 packages excluded due to repository protections Skipping security plugin, no data Reading version lock configuration Setting up Update Process Resolving Dependencies Skipping security plugin, no data --> Running transaction check ---> Package samba-common.i386 0:3.0.33-3.15.el5_4.1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: samba-common i386 3.0.33-3.15.el5_4.1 rhel-i386-server-5 8.7 M Transaction Summary ================================================================================ Install 0 Package(s) Update 1 Package(s) Remove 0 Package(s) Total size: 8.7 M Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : samba-common 1/2 Cleanup : samba-common 2/2 Updated: samba-common.i386 0:3.0.33-3.15.el5_4.1 Complete! Additional info: [ ~]# chattr -i /etc/samba/smb.conf [ ~]# yum update samba-common