[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpm-4.0.4: rpm -V md5sum failure, file corruption



On Tue, Jan 21, 2003 at 10:11:09AM -0600, Matthew Callaway wrote:
> 
> On Mon, 20 Jan 2003, Jeff Johnson wrote:
> 
> > Think a bit.
> 
> You make it sound like I'm missing something obvious.  I've been
> "thinking a bit" for days.
> 

Sorry, I didn't mean to sound patronizing.

> > You're getting strange results comparing two md5 sum checks. AFAICT,
> > either md5sum or rpm -V may be "lying".
> 
> This is why I'm asking about rpm's potential for "lying".
> 

Anything is possible, but everything is testable. Since md5 sums on files
are checked during install for every file for every package for quite
a few releases of rpm, stopping on md5 mismatch, I find it unlikely that
there is a problem in rpm.

Same code paths on --verify, or at least very, very similar.

But anything is possible.

> > One possible explanation is that different data is being returned
> > when reading. This wouldn't happen to be NFS, would it?
> 
> No.  NFS is not in use here.

OK. I've had similar reports where NFS was the culprit.

> 
> > Another possible explanantion is memory/disk/cpu hardware problems.
> > Dunno IDE patches, but you might want to check on, say, a SCSI disk.
> 
> This was my first thought, which is why I reran the tests on several
> hardware platforms, as I said, one platform is IDE Compact Flash, one is
> IDE hard drive, and one is IDE Compact Flash on a different mainboard.
> All have similar amounts of RAM, and the same CPU power.  It doesn't
> appear to be hardware.
> 
> > "Large number of machines": Hmmm, look for a common factor.
> 
> The common factor is software.  Each machine is running exactly the same
> software.  The same complete set of RPMs.  The interesting links are
> those that I described, the kernel, the filesystem, and rpm.  During the
> tests nothing else is happening.  They are computers with a known set of
> files, with RPM verifying the files over and over.  But, 2.2, IDE, and
> ext2 should be pretty solid.  It seems to me that there are an awful lot
> of users that should be seeing this if it were those.  The question mark
> is how many users run rpm -Va many times a day and check the output?
> 

Agreed "lot of users". Surprisingly few users run -Va. But md5sums are
checked on every installed file in every installed package with a great
big exit that isn't happening.

> > O_RDONLY means exactly what you think it does.
> >
> > Be forewarned: There's an unexpected transformation of file content
> > with rpm -V if using prelinked libraries. Basically prelink -u is run,
> > and the md5 sum of the output of prelink "undo" is computed.
> > Transformation iff prelinked DSO, but /usr/lib/libadns.so.1.0 is a DSO.
> 
> Can you clarify this for me?  It isn't just libraries that fail this
> test.  Some examples of files that have been reported bad:

If not just libraries, or not prelinking, then my comment does not apply.

> 
> B.so
> gpg
> libc-2.1.3.so
> ldconfig
> libadns.so.1.0
> libc-2.1.3.so
> libnss_nisplus-2.1.3.so
> gawk
> vi
> rpm
> libproc.so.2.0.6
> 

Again, if you can characterize some aspect of the problem that is testable
and/or reproducible, I can try to run a test.

73 de Jeff

-- 
Jeff Johnson	ARS N3NPQ
jbj@redhat.com (jbj@jbj.org)
Chapel Hill, NC





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []