What to do when rpm verification fails

T. Horsnell tsh at mrc-lmb.cam.ac.uk
Fri Jul 7 16:29:40 UTC 2006


-- Start of PGP signed section.
>On Fri, 2006-07-07 at 14:10 +0200, Andras Simon wrote:
>> Doing an rpm -Va resulted in a lot of scary messages,
>> S.?.....    /usr/bin/passwd
>> being one of the most chilling. (And I thought I was very strictly
>> firewalled, with no unnecessary services running, except for
>> postgresql. Oh well...)
>> 
>> Anyway, at the very least, I'd like to reinstall the offending
>> packages. Since there are other packages depending on them, I wonder
>> how this can be done without too much hassle. Would
>> 
>> rpm -e --nodeps <package>
>> yum install <package>
>> 
>> be safe?
>> 
>> Also, I get a lot of
>> 
>> prelink: /some/file/or/other : at least one of file's dependencies has
>> changed since prelinking
>> 
>> warnings during rpm -Va. Is this something to be worried about? 
>
>this is *exactly* the sort of thing I saw the last time my system went
>screwy. 
>
>The first thing you have to worry about is filesystem corruption. boot
>from the install cd, and enter the linux rescue mode, and do not mount
>the drives when prompted.
>
>fsck each of your partitions manually, possibly more than once if you
>encounter a drive with many problems.
>
>Once you are able to get through that cleanly, then reboot the system
>normally
>
>identifying the corrupted packages is your next step, again with 
>    rpm -Va > rpmverify.txt 2>&1
>
>then step through the packages in question *carefully*
>
>things like glibc you don't want to first remove and then install :-)
>
>use ( yumdownloader <packagename> ) to grab the current package one at a
>time, and use ( rpm -ivh --force packagename*rpm ) to re-install it in
>place. 
>
>it may be a wise idea, once you have finished this process, to use
>tune2fs to set up automatic filesystem checks at boot time periodically.
>(I myself set up a 25 remount or 3 weeks option set on mine though
>that's a tad on the paranoid side.. however faced with the above, you
>might think the same way as me -- catch it early. ) 
>
>I used 
>    tune2fs -c 25 -i 3w /dev/sda3
>to make these settings on my / partition. tune2fs -l will list the
>current settings for you. the manpage for tune2fs is particularly
>enlightening in its description of the -c switch, and I recommend
>reading it. 
>
>to catch further filesystem stuff like this, sooner, you might consider
>running rpm -Va once a week in a cron job. 

I'm not yet convinced that things are that bad. Prompted by this thread
I just did an 'rpm -Va' on my RHEL4 system, and got piles of 
S.5....T messages (accompanied by sporadic bursts of prelink
activity but no error msgs - is this initiated by rpm if it thinks
there is a problem?). I wrote a little script to 'rpm -V'
package by package and find that:

1. I seem to have some duplicate package names (this is on an x86_64
   system which has only been 'up2date'ed once immediately after
   installation) e.g:

[root at ls1 ~]$ rpm -q tcp_wrappers
tcp_wrappers-7.6-37.2
tcp_wrappers-7.6-37.2

2. almost all the entries with S.5... have a .T on the end,
   and that those entries are in an rpm for which all entries
   have a .T This suggests to me that there has been some sort
   of package upgrade which is not being taken into account
   during the verify.


Looks like *something* is wrong, but quite what, I dont know.


Cheers,
Terry.




More information about the fedora-list mailing list