741044 – rpm verification indicates size and checksum change, but not time stamp

Bug 741044 - rpm verification indicates size and checksum change, but not time stamp

Summary: rpm verification indicates size and checksum change, but not time stamp

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Panu Matilainen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-24 16:06 UTC by Göran Uddeborg
Modified:	2011-10-11 16:09 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-11 16:09:48 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Göran Uddeborg 2011-09-24 16:06:28 UTC

Description of problem:
When running "rpm --verify" recently I noticed a number of files in the selinux-policy-targeted package that were marked to have been changed when it comes to size and checksum. But there was no indication their time stamps had been modified. Comparing the actual files with the content of the rpm database, it looks as they have indeed been changed. So what makes me confused is why rpm doesn't say so also when it comes to the time stamp. Is this some feature of rpm that I don't understand, or is it a bug?

Version-Release number of selected component (if applicable):
rpm-4.9.1.1-3.fc16.x86_64
selinux-policy-targeted-3.10.0-28.fc16.noarch

How reproducible:
Every time

Steps to Reproduce:
1. rpm -qlv selinux-policy-targeted | grep homedir_template
2. ls -l /etc/selinux/targeted/modules/active/homedir_template
3. rpm --verify selinux-policy-targeted | grep homedir_template

Actual results:
-rw------- 1 root root 6751 sep 13 22:25 /etc/selinux/targeted/modules/active/homedir_template
-rw-------. 1 root root 6829 Sep 20 20:23 /etc/selinux/targeted/modules/active/homedir_template
5S....... /etc/selinux/targeted/modules/active/homedir_template

Expected results:
The output from the first two commands as above, but for the third:
5S.T..... /etc/selinux/targeted/modules/active/homedir_template

Additional info:
I don't think I have modified this file myself, or most of the others. But I have made some additional local SELinux modules, and I imagine these files are generated when I run semanage. If they are meant to be modified in that way, I assume they ought to be marked as config files. But I'll wait to bug report that until I know if what I see above is indeed a bug, or if I'm just not understanding how things are meant to be.

Comment 1 Panu Matilainen 2011-10-11 11:22:20 UTC

mtime verification is explicitly disabled for numerous files in the policy package, that's why rpm doesn't complain about it. Eg (from selinux-policy.spec):

%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/active/homedir_template \

So rpm is simply doing what it's told to do. Why the policy is packaged this way is another question, one that the selinux folks can better answer. But it seems very much intentional to not have them as %config files either:

commit ee6088daa63aad42563fa5459ecabf3212ffc7ef
Author: Dan Walsh <dwalsh>
Date:   Fri Aug 5 16:03:13 2011 -0400

    Fix selinux-policy.spec to not print ugly rpmnew file

Comment 2 Göran Uddeborg 2011-10-11 16:09:48 UTC

I see!  The %verify directive was a corner of RPM spec files I had missed.  sorry for the noise!

Note You need to log in before you can comment on or make changes to this bug.