New RPM verify errors in many, many packages

Vladimir G. Ivanovic vladimir at acm.org
Sat Nov 20 23:00:11 UTC 2004 

Axel and Wong: Thanks for replying.

How does one "relabel the filesystem"? (I would have expected the
SELinux installation to have automatically taken care of this, but I
guess not.)

Also, how did you find out that the `C' flag means "context"? I haven't
seen it in any documentation.

Thanks.

--- Vladimir

-- 
Vladimir G. Ivanovic                      http://leonora.org/~vladimir
Palo Alto, CA 94306                                    +1 650 678 8014

>>>>> "at" == Axel Thimm <Axel.Thimm at ATrpms.net> writes:

    at> It's rpms security context flag. C means that there is some conflict
    at> with the security contexts on disk and in the rpm database. Don't know
    at> what the question mark means, perhaps that there no file contexts at
    at> all?
    at> 
    at> I guess you turned on/off selinux w/o relabeling the filesystems?
    at> 
    at> On Fri, Nov 19, 2004 at 07:14:50PM -0800, Vladimir G. Ivanovic wrote:
    >> I am getting errors from RPM verify that I don't recall seeing before.
    >> For example (on a server):
    >> 
    >> $ rpm -V gcc
    >> ........?   /usr/bin/gcc
    >> ........?   /usr/bin/gcov
    >> ........?   /usr/bin/i386-redhat-linux-gcc
    >> ........?   /usr/bin/protoize
    >> ........?   /usr/bin/unprotoize
    >> ........?   /usr/libexec/gcc/i386-redhat-linux/3.4.2/collect2
    >> 
    >> or (on a laptop)
    >> 
    >> ........C   /usr/bin/c89
    >> ........C   /usr/bin/c99
    >> ........C   /usr/bin/cc
    >> ........?   /usr/bin/gcc
    >> ........?   /usr/bin/gcov
    >> ........?   /usr/bin/i386-redhat-linux-gcc
    >> ........?   /usr/bin/protoize
    >> ........?   /usr/bin/unprotoize
    >> ........C   /usr/lib/gcc
    >> ........C   /usr/lib/gcc/i386-redhat-linux
    >> ........C   /usr/lib/gcc/i386-redhat-linux/3.4.2
    >> [etc]
    >> 
    >> The `?' means, according to the rpm(1) man page, that
    >> 
    >> while a single "?" (question mark) indicates the test could not be
    >> performed  (e.g.  file  permissions  prevent reading)
    >> 
    >> and the 9th position refers to 
    >> 
    >> T mTime differs
    >> 
    >> Several things puzzle me:
    >> 
    >> 1. I get this error even if I run `rpm -V' as root.
    >> 
    >> 2. The mtimes do not differ:
    >> 
    >> $ rpm -qlv gcc | fgrep "/usr/bin/gcc"
    >> -rwxr-xr-x    2 root    root            93136 Oct 26 01:48 /usr/bin/gcc
    >> You have mail in /var/spool/mail/vladimir
    >> $ dir /usr/bin/gcc
    >> -rwxr-xr-x  2 root root 94800 Oct 26 01:48 /usr/bin/gcc*
    >> 
    >> but the sizes do, probably because of prelinking. (I couldn't undo
    >> the prelinking because I, as root, get a "Could not get security
    >> context..." error message. More fun.)
    >> 
    >> Of course, gcc works just fine, even when run as non-root:
    >> 
    >> $ /usr/bin/gcc -v -o hello hello.c
    >> Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.2/specs
    >> Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux
    >> Thread model: posix
    >> gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
    >> /usr/libexec/gcc/i386-redhat-linux/3.4.2/cc1 -quiet -v hello.c -quiet -dumpbase hello.c -auxbase hello -version -o /tmp/ccQRdajM.s
    >> ignoring nonexistent directory "/usr/lib/gcc/i386-redhat-linux/3.4.2/../../../../i386-redhat-linux/include"
    >> #include "..." search starts here:
    >> #include <...> search starts here:
    >> /usr/local/include
    >> /usr/lib/gcc/i386-redhat-linux/3.4.2/include
    >> /usr/include
    >> End of search list.
    >> GNU C version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3) (i386-redhat-linux)
    >> compiled by GNU C version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3).
    >> GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
    >> as -V -Qy -o /tmp/ccquoQtt.o /tmp/ccQRdajM.s
    >> GNU assembler version 2.15.92.0.2 (i386-redhat-linux) using BFD version 2.15.92.0.2 20040927
    >> /usr/libexec/gcc/i386-redhat-linux/3.4.2/collect2 --eh-frame-hdr -m elf_i386 -dynamic-linker /lib/ld-linux.so.2 -o hello /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../crt1.o /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../crti.o /usr/lib/gcc/i386-redhat-linux/3.4.2/crtbegin.o -L/usr/lib/gcc/i386-redhat-linux/3.4.2 -L/usr/lib/gcc/i386-redhat-linux/3.4.2 -L/usr/lib/gcc/i386-redhat-linux/3.4.2/../../.. /tmp/ccquoQtt.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i386-redhat-linux/3.4.2/crtend.o /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../crtn.o
    >> $ ./hello
    >> Hello World
    >> 
    >> 3. I don't know what the `C' in the laptop's output means. The manpage
    >> is silent.
    >> 
    >> Both machines are running an updated Fedora Core 3 with the Red Hat
    >> 2.6.9-1.678_FC3 kernel compiled with OProfile support and some extra
    >> debugging support.
    >> 
    >> Can anyone tell me what's going on?
    >> 
    >> Thanks.
    >> 
    >> 
    at> 
    at> -- 
    at> Axel.Thimm at ATrpms.net
    at> -- 
    at> fedora-list mailing list
    at> fedora-list at redhat.com
    at> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

More information about the fedora-list mailing list