New RPM verify errors in many, many packages

Axel Thimm Axel.Thimm at ATrpms.net
Sat Nov 20 12:38:24 UTC 2004 

Sorry for top posting, the mail is too long ;)

It's rpms security context flag. C means that there is some conflict
with the security contexts on disk and in the rpm database. Don't know
what the question mark means, perhaps that there no file contexts at
all?

I guess you turned on/off selinux w/o relabeling the filesystems?

On Fri, Nov 19, 2004 at 07:14:50PM -0800, Vladimir G. Ivanovic wrote:
> I am getting errors from RPM verify that I don't recall seeing before.
> For example (on a server):
> 
>    $ rpm -V gcc
>    ........?   /usr/bin/gcc
>    ........?   /usr/bin/gcov
>    ........?   /usr/bin/i386-redhat-linux-gcc
>    ........?   /usr/bin/protoize
>    ........?   /usr/bin/unprotoize
>    ........?   /usr/libexec/gcc/i386-redhat-linux/3.4.2/collect2
> 
> or (on a laptop)
> 
>    ........C   /usr/bin/c89
>    ........C   /usr/bin/c99
>    ........C   /usr/bin/cc
>    ........?   /usr/bin/gcc
>    ........?   /usr/bin/gcov
>    ........?   /usr/bin/i386-redhat-linux-gcc
>    ........?   /usr/bin/protoize
>    ........?   /usr/bin/unprotoize
>    ........C   /usr/lib/gcc
>    ........C   /usr/lib/gcc/i386-redhat-linux
>    ........C   /usr/lib/gcc/i386-redhat-linux/3.4.2
>    [etc]
> 
> The `?' means, according to the rpm(1) man page, that
> 
>    while a single "?" (question mark) indicates the test could not be
>    performed  (e.g.  file  permissions  prevent reading)
> 
> and the 9th position refers to 
> 
>    T mTime differs
> 
> Several things puzzle me:
> 
> 1. I get this error even if I run `rpm -V' as root.
> 
> 2. The mtimes do not differ:
> 
>       $ rpm -qlv gcc | fgrep "/usr/bin/gcc"
>       -rwxr-xr-x    2 root    root            93136 Oct 26 01:48 /usr/bin/gcc
>       You have mail in /var/spool/mail/vladimir
>       $ dir /usr/bin/gcc
>       -rwxr-xr-x  2 root root 94800 Oct 26 01:48 /usr/bin/gcc*
>   
>    but the sizes do, probably because of prelinking. (I couldn't undo
>    the prelinking because I, as root, get a "Could not get security
>    context..." error message. More fun.)
> 
>    Of course, gcc works just fine, even when run as non-root:
> 
>       $ /usr/bin/gcc -v -o hello hello.c
>       Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.2/specs
>       Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux
>       Thread model: posix
>       gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
>        /usr/libexec/gcc/i386-redhat-linux/3.4.2/cc1 -quiet -v hello.c -quiet -dumpbase hello.c -auxbase hello -version -o /tmp/ccQRdajM.s
>       ignoring nonexistent directory "/usr/lib/gcc/i386-redhat-linux/3.4.2/../../../../i386-redhat-linux/include"
>       #include "..." search starts here:
>       #include <...> search starts here:
>        /usr/local/include
>        /usr/lib/gcc/i386-redhat-linux/3.4.2/include
>        /usr/include
>       End of search list.
>       GNU C version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3) (i386-redhat-linux)
>               compiled by GNU C version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3).
>       GGC heuristics: --param ggc-min-expand=100 --param ggc-min-heapsize=131072
>        as -V -Qy -o /tmp/ccquoQtt.o /tmp/ccQRdajM.s
>       GNU assembler version 2.15.92.0.2 (i386-redhat-linux) using BFD version 2.15.92.0.2 20040927
>        /usr/libexec/gcc/i386-redhat-linux/3.4.2/collect2 --eh-frame-hdr -m elf_i386 -dynamic-linker /lib/ld-linux.so.2 -o hello /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../crt1.o /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../crti.o /usr/lib/gcc/i386-redhat-linux/3.4.2/crtbegin.o -L/usr/lib/gcc/i386-redhat-linux/3.4.2 -L/usr/lib/gcc/i386-redhat-linux/3.4.2 -L/usr/lib/gcc/i386-redhat-linux/3.4.2/../../.. /tmp/ccquoQtt.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i386-redhat-linux/3.4.2/crtend.o /usr/lib/gcc/i386-redhat-linux/3.4.2/../../../crtn.o
>       $ ./hello
>       Hello World
> 
> 3. I don't know what the `C' in the laptop's output means. The manpage
>    is silent.
> 
> Both machines are running an updated Fedora Core 3 with the Red Hat
> 2.6.9-1.678_FC3 kernel compiled with OProfile support and some extra
> debugging support.
> 
> Can anyone tell me what's going on?
> 
> Thanks.
> 
> 

-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20041120/fc45e7c0/attachment-0002.bin

More information about the users mailing list