https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c2 Jon Nelson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|jnelson-suse@jamponi.net | --- Comment #2 from Jon Nelson 2013-02-14 14:07:55 UTC --- That's precisely what I thought, but the evidence suggested otherwise. The host is a ScientificLinux 6.x host. It's just an obs-worker host. I noticed *builds* on that host only sometimes grumped about rpm db corruption. During the investigation, the *host* rpm db also complained. I noticed in /var/lib/rpm files - four of them - with the exact timestamp of the build. The other rpm files (Packages, etc...) had not been touched. If make those files untouchable (mode 0000), the *builds* fail utterly. This happens during preinstallation primarily. The preinstallation code *does* call out to the host's rpm without using chroot in a few places. I'm as baffled as you, but it's very clear that even *querying* using the hosts's rpm (without chroot or --root) touches the hosts's rpm database (strace can confirm this). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c4 --- Comment #4 from Jon Nelson 2013-02-14 14:17:40 UTC --- A suggestion, perhaps, is to use --dbpath when chroot rpm ... can't be used? I can't explain why there is corruption, either, except that perhaps during a build the host's rpm is used, sees files created by the *build's* invocation of rpm, and gets all grumpy. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c6 --- Comment #6 from Michael Schröder 2013-02-14 14:38:42 UTC --- But that's only used when the build script downloads packages, which doesn't happen for OBS worker or osc builds. We might add a --nosignature to that -K call, though. When the host's rpm is called it never looks at the rpm database from the build system, so I don't see how it can corrupt the host system. And the rpm from the build system is always started in a chroot call (otherwise it could not work as the shared libs would not be found), so it also can't corrupt the hosts' databases. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c8 --- Comment #8 from Michael Schröder 2013-02-14 14:58:42 UTC --- Too bad rpm2cpio doesn't have a --nosignature option. ;-( Hmm, rpm2cpio on my system doesn't do anything in /var/lib/rpm. What rpm version is installed on your host system? Still I don't see how it can corrupt your rpm database. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c10 --- Comment #10 from Jon Nelson 2013-02-14 15:45:17 UTC --- A quick google suggests that an alternative might be to use rpm2tgz, since rpm2cpio is both (a) stupid and (b) simple. Reimplementing rpm2cpio in perl should be a triviality. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c12 --- Comment #12 from Michael Schröder 2013-02-14 16:14:11 UTC --- Those __db files are simply the berkeley db database environment files. They are perfectly normal. I have no clue why rpm2cpio wants to open the database, I guess this was fixed in newer versions of rpm. Still, opening the database does not corrupt it. My guess is that it was corrupt before you called build. Or can you somehow reproduce build breaking your rpm database? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c14 --- Comment #14 from Jon Nelson 2013-02-14 21:01:51 UTC --- Here is an rpm2cpio in both bash and perl (the perl version more likely useful here): http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c16 Jon Nelson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|WONTFIX | --- Comment #16 from Jon Nelson 2013-02-15 16:49:03 UTC --- I have a working fix that doesn't use rpm2cpio.sh (or perl, etc...) It's a fairly non-invasive patch, and would probably forestall other potential issues. I would ask you to at least consider the patch. What it does is this: 1. every invocation of rpm that doesn't use chroot uses --dbpath "$BUILD_ROOT/tmp" 2. the 'rpm2cpio' part is quite problematic, as rpm2cpio in older versions (and who is to say it won't happen again in versions-to-come) will open the rpm database and set (possibly creating) the dbenv. My solution to that is this (commented-out lines are the original): if test "$PAYLOADDECOMPRESS" = cat ; then #rpm2cpio "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" | $CPIO su -s /bin/sh nobody -c "rpm2cpio $BUILD_ROOT/.init_b_cache/rpms/$1.rpm" | $CPIO else #rpm2cpio "$BUILD_ROOT/.init_b_cache/rpms/$1.rpm" | $PAYLOADDECOMPRESS | $CPIO su -s /bin/sh nobody -c "rpm2cpio $BUILD_ROOT/.init_b_cache/rpms/$1.rpm" | $PAYLOADDECOMPRESS | $CPIO fi If rpm2cpio cannot open the (host) /var/lib/rpm directory, it still works, but the rpm database will be opened without a dbenv. 3. The following line was added find $BUILD_ROOT/var/lib/rpm -name '__db.*' -exec rm {} \; right before init_db is called. It could probably be put in init_db directly. rpm2cpio on the host is using libdb 4.3, in this case. It seems to be that preventing the /build/ process from touch the /host/ rpmdb is a worthwhile goal. So far, this appears to have resolved my issue, but I will probably know more in time. I can supply the patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=803642 https://bugzilla.novell.com/show_bug.cgi?id=803642#c18 --- Comment #18 from Michael Schröder 2013-02-18 10:37:23 UTC --- Just to explain things a bit: This is a *serious* issue that needs to be addressed with a ScientificLinux maintenance update. rpm2cpio *must not* corrupt the rpm database. This has nothing to do with the build service at all. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.