What to do when rpm verification fails

Fri Jul 7 17:00:33 UTC 2006

On Fri, 2006-07-07 at 17:29 +0100, T. Horsnell wrote:
> -- Start of PGP signed section.
> >On Fri, 2006-07-07 at 14:10 +0200, Andras Simon wrote:
> >> Doing an rpm -Va resulted in a lot of scary messages,
> >> S.?.....    /usr/bin/passwd
> >> being one of the most chilling. (And I thought I was very strictly
> >> firewalled, with no unnecessary services running, except for
> >> postgresql. Oh well...)
> >> 
> >> Anyway, at the very least, I'd like to reinstall the offending
> >> packages. Since there are other packages depending on them, I wonder
> >> how this can be done without too much hassle. Would
> >> 
> >> rpm -e --nodeps <package>
> >> yum install <package>
> >> 
> >> be safe?
> >> 
> >> Also, I get a lot of
> >> 
> >> prelink: /some/file/or/other : at least one of file's dependencies has
> >> changed since prelinking
> >> 
> >> warnings during rpm -Va. Is this something to be worried about? 
> >
> >this is *exactly* the sort of thing I saw the last time my system went
> >screwy. 
> >
> >The first thing you have to worry about is filesystem corruption. boot
> >from the install cd, and enter the linux rescue mode, and do not mount
> >the drives when prompted.
> >
> >fsck each of your partitions manually, possibly more than once if you
> >encounter a drive with many problems.
> >
> >Once you are able to get through that cleanly, then reboot the system
> >normally
> >
> >identifying the corrupted packages is your next step, again with 
> >    rpm -Va > rpmverify.txt 2>&1
> >
> >then step through the packages in question *carefully*
> >
> >things like glibc you don't want to first remove and then install :-)
> >
> >use ( yumdownloader <packagename> ) to grab the current package one at a
> >time, and use ( rpm -ivh --force packagename*rpm ) to re-install it in
> >place. 
> >
> >it may be a wise idea, once you have finished this process, to use
> >tune2fs to set up automatic filesystem checks at boot time periodically.
> >(I myself set up a 25 remount or 3 weeks option set on mine though
> >that's a tad on the paranoid side.. however faced with the above, you
> >might think the same way as me -- catch it early. ) 
> >
> >I used 
> >    tune2fs -c 25 -i 3w /dev/sda3
> >to make these settings on my / partition. tune2fs -l will list the
> >current settings for you. the manpage for tune2fs is particularly
> >enlightening in its description of the -c switch, and I recommend
> >reading it. 
> >
> >to catch further filesystem stuff like this, sooner, you might consider
> >running rpm -Va once a week in a cron job. 
> 
> I'm not yet convinced that things are that bad. Prompted by this thread
> I just did an 'rpm -Va' on my RHEL4 system, and got piles of 
> S.5....T messages (accompanied by sporadic bursts of prelink
> activity but no error msgs - is this initiated by rpm if it thinks
> there is a problem?). I wrote a little script to 'rpm -V'
> package by package and find that:
> 
> 1. I seem to have some duplicate package names (this is on an x86_64
>    system which has only been 'up2date'ed once immediately after
>    installation) e.g:
> 
> [root at ls1 ~]$ rpm -q tcp_wrappers
> tcp_wrappers-7.6-37.2
> tcp_wrappers-7.6-37.2
> 
> 2. almost all the entries with S.5... have a .T on the end,
>    and that those entries are in an rpm for which all entries
>    have a .T This suggests to me that there has been some sort
>    of package upgrade which is not being taken into account
>    during the verify.
> 
> 
> Looks like *something* is wrong, but quite what, I dont know.
> 
> 
> Cheers,
> Terry.
> 

the ones to watch for in particular are instances with S.? 

S.?......   /usr/bin/gedit
S.5......   /var/www/mediawiki/languages/LanguageRo.php
S.?......   /usr/lib/libgtkjava-2.8.so
SM?......   /usr/share/fonts/default/Type1/c059016l.afm
.......T.   /usr/share/locale/sk/LC_MESSAGES/system-config-display.mo
SM?......   /usr/share/locale/ta/LC_MESSAGES/system-config-display.mo

from the manpage: 

 Each of the 8 characters denotes the result of  a  comparison
       of  attribute(s)  of  the file to the value of those attribute(s)
recorded in the database.  A single "." (period)
       means the test passed, while a single "?" (question mark)
indicates the test could not  be  performed  (e.g.  file
       permissions  prevent  reading).  Otherwise,  the (mnemonically
emBoldened) character denotes failure of the corre-
       sponding --verify test:

       S file Size differs
       M Mode differs (includes permissions and file type)
       5 MD5 sum differs
       D Device major/minor number mismatch
       L readLink(2) path mismatch
       U User ownership differs
       G Group ownership differs
       T mTime differs

it being very odd that it can see the size differs but not run an md5sum
on it. 

in your case it's possible an install was halted in mid-progress, or
something else prevented a proper install/update from occurring. 

in some cases it may be dangerous to remove and then install a package
(in the case of glibc for example) but for many, you can remove and then
re-install

yum remove tcp_wrappers
rpm -q tcp\* (to see if both are gone. if only one is left, use rpm -V
tcp_wrappers to check its state)
yum install tcp_wrappers (to reinstall)

should clear that up for you. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060707/0f3cafea/attachment-0001.sig>