[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpm-4.0.4: rpm -V md5sum failure, file corruption

On Tue, Jan 21, 2003 at 10:11:09AM -0600, Matthew Callaway wrote:
> On Mon, 20 Jan 2003, Jeff Johnson wrote:
> > Think a bit.
> You make it sound like I'm missing something obvious.  I've been
> "thinking a bit" for days.

Sorry, I didn't mean to sound patronizing.

> > You're getting strange results comparing two md5 sum checks. AFAICT,
> > either md5sum or rpm -V may be "lying".
> This is why I'm asking about rpm's potential for "lying".

Anything is possible, but everything is testable. Since md5 sums on files
are checked during install for every file for every package for quite
a few releases of rpm, stopping on md5 mismatch, I find it unlikely that
there is a problem in rpm.

Same code paths on --verify, or at least very, very similar.

But anything is possible.

> > One possible explanation is that different data is being returned
> > when reading. This wouldn't happen to be NFS, would it?
> No.  NFS is not in use here.

OK. I've had similar reports where NFS was the culprit.

> > Another possible explanantion is memory/disk/cpu hardware problems.
> > Dunno IDE patches, but you might want to check on, say, a SCSI disk.
> This was my first thought, which is why I reran the tests on several
> hardware platforms, as I said, one platform is IDE Compact Flash, one is
> IDE hard drive, and one is IDE Compact Flash on a different mainboard.
> All have similar amounts of RAM, and the same CPU power.  It doesn't
> appear to be hardware.
> > "Large number of machines": Hmmm, look for a common factor.
> The common factor is software.  Each machine is running exactly the same
> software.  The same complete set of RPMs.  The interesting links are
> those that I described, the kernel, the filesystem, and rpm.  During the
> tests nothing else is happening.  They are computers with a known set of
> files, with RPM verifying the files over and over.  But, 2.2, IDE, and
> ext2 should be pretty solid.  It seems to me that there are an awful lot
> of users that should be seeing this if it were those.  The question mark
> is how many users run rpm -Va many times a day and check the output?

Agreed "lot of users". Surprisingly few users run -Va. But md5sums are
checked on every installed file in every installed package with a great
big exit that isn't happening.

> > O_RDONLY means exactly what you think it does.
> >
> > Be forewarned: There's an unexpected transformation of file content
> > with rpm -V if using prelinked libraries. Basically prelink -u is run,
> > and the md5 sum of the output of prelink "undo" is computed.
> > Transformation iff prelinked DSO, but /usr/lib/libadns.so.1.0 is a DSO.
> Can you clarify this for me?  It isn't just libraries that fail this
> test.  Some examples of files that have been reported bad:

If not just libraries, or not prelinking, then my comment does not apply.

> B.so
> gpg
> libc-2.1.3.so
> ldconfig
> libadns.so.1.0
> libc-2.1.3.so
> libnss_nisplus-2.1.3.so
> gawk
> vi
> rpm
> libproc.so.2.0.6

Again, if you can characterize some aspect of the problem that is testable
and/or reproducible, I can try to run a test.

73 de Jeff

Jeff Johnson	ARS N3NPQ
jbj@redhat.com (jbj@jbj.org)
Chapel Hill, NC

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []