What to do when rpm verification fails

Scott R. Godin scott.g at mhg2.com
Fri Jul 7 14:49:56 UTC 2006

On Fri, 2006-07-07 at 14:10 +0200, Andras Simon wrote:
> Doing an rpm -Va resulted in a lot of scary messages,
> S.?.....    /usr/bin/passwd
> being one of the most chilling. (And I thought I was very strictly
> firewalled, with no unnecessary services running, except for
> postgresql. Oh well...)
> Anyway, at the very least, I'd like to reinstall the offending
> packages. Since there are other packages depending on them, I wonder
> how this can be done without too much hassle. Would
> rpm -e --nodeps <package>
> yum install <package>
> be safe?
> Also, I get a lot of
> prelink: /some/file/or/other : at least one of file's dependencies has
> changed since prelinking
> warnings during rpm -Va. Is this something to be worried about? 

this is *exactly* the sort of thing I saw the last time my system went

The first thing you have to worry about is filesystem corruption. boot
from the install cd, and enter the linux rescue mode, and do not mount
the drives when prompted.

fsck each of your partitions manually, possibly more than once if you
encounter a drive with many problems.

Once you are able to get through that cleanly, then reboot the system

identifying the corrupted packages is your next step, again with 
    rpm -Va > rpmverify.txt 2>&1

then step through the packages in question *carefully*

things like glibc you don't want to first remove and then install :-)

use ( yumdownloader <packagename> ) to grab the current package one at a
time, and use ( rpm -ivh --force packagename*rpm ) to re-install it in

it may be a wise idea, once you have finished this process, to use
tune2fs to set up automatic filesystem checks at boot time periodically.
(I myself set up a 25 remount or 3 weeks option set on mine though
that's a tad on the paranoid side.. however faced with the above, you
might think the same way as me -- catch it early. ) 

I used 
    tune2fs -c 25 -i 3w /dev/sda3
to make these settings on my / partition. tune2fs -l will list the
current settings for you. the manpage for tune2fs is particularly
enlightening in its description of the -c switch, and I recommend
reading it. 

to catch further filesystem stuff like this, sooner, you might consider
running rpm -Va once a week in a cron job. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20060707/56199a07/attachment-0002.bin 

More information about the users mailing list