Mailinglist Archive: opensuse-security (300 mails)
| < Previous | Next > |
RPM buggy or db corruption?
- From: Lars Ellenberg <l.g.e@xxxxxx>
- Date: Sun, 8 Dec 2002 07:45:54 +0100
- Message-id: <20021208064554.GA4390@johann>
System in question is i386 SuSE 8.1
newly installed about four weeks ago.
I consider this security, since, if the package manager is buggy, that would
affect the whole system. although it seems like there are only two specific
packages affected so far.
Problem:
--------
Index entries have vanished from the rpm database.
nothing even complained.
hardware is stable, and proven to be good.
overall system is stable. not connected to the net.
physical access: me. files are there and seem unchanged.
the rpm databases are intact.
no metadata corruption.
yet the index entries are *wrong*,
i.e. not in sync with the actual system status.
the only "suspicious" thing is, I used patch.rpms for all
necessary updates; this might or might not be relevant.
I recognized this when an rpm -Uhv failed with the message
... yast2-core is needed for ...
ok, so what I did to verify this issue is, brute force straight ahead:
rpm -qal | sort > rpm-qal.sort
# umount unnecessary stuff
find /bin /etc /opt /sbin /usr /var | sort > find.sort
join -v rpm-qal find.sort > not-owned.orig
cp not-owned.orig not-owned.edited
# edit not-owned.edited, i.e.
# delete chunks of obviously misleading stuff by hand,
# like /usr/src/linux , which I forgot to exclude above :)
now, whats left is about 500 files I'm not sure about.
so I checked further:
zcat /CD1/ARCHIVES.gz > ARCHIVES
# I told you, 'tis brute
cat /var/SuSE-updates/ARCHIVES \
| sed -ne 's/ -> .*//;
s/\(.*\): \+[dl-][rwx-]\{9\}.*[0-9] \(\/.*\)/\1 \2/p;' \
| sort -k 2,2 > ARCHIVES.sort
join -1 1 -2 2 not-owned.edited ARCHIVES.sort \
| sort > not-owned.but.in-ARCHIVES
and I ended up with a list containing only file entries belonging to
these packages:
./CD1/suse/i586/yast2-bootloader-2.6.54-1.i586.rpm
./CD1/suse/i586/yast2-core-2.6.42-4.i586.rpm
rpm -q * # shows "not installed"
rpm -qlp * | xargs ls -l # lists all files, so they are there. all of them.
rpm -yp * # shows up only few changes
rpm --whatrequires * # shows a bunch of dependencies!
they have been installed. they are required. I never used --force or -nodeps,
never ereased any package, and for sure not these two.
what I did was to install the update packages by suse, all necessary ones, by
hand, using rpm -Uhv *
for each update I used the *.patch.rpm when it was available.
I have a copy of each of the update rpms. all --checksig ok.
WHAT has gone wrong, and WHEN ?
what can delete the corresponding index entries?
any idea? someone?
tia, Lars
newly installed about four weeks ago.
I consider this security, since, if the package manager is buggy, that would
affect the whole system. although it seems like there are only two specific
packages affected so far.
Problem:
--------
Index entries have vanished from the rpm database.
nothing even complained.
hardware is stable, and proven to be good.
overall system is stable. not connected to the net.
physical access: me. files are there and seem unchanged.
the rpm databases are intact.
no metadata corruption.
yet the index entries are *wrong*,
i.e. not in sync with the actual system status.
the only "suspicious" thing is, I used patch.rpms for all
necessary updates; this might or might not be relevant.
I recognized this when an rpm -Uhv failed with the message
... yast2-core is needed for ...
ok, so what I did to verify this issue is, brute force straight ahead:
rpm -qal | sort > rpm-qal.sort
# umount unnecessary stuff
find /bin /etc /opt /sbin /usr /var | sort > find.sort
join -v rpm-qal find.sort > not-owned.orig
cp not-owned.orig not-owned.edited
# edit not-owned.edited, i.e.
# delete chunks of obviously misleading stuff by hand,
# like /usr/src/linux , which I forgot to exclude above :)
now, whats left is about 500 files I'm not sure about.
so I checked further:
zcat /CD1/ARCHIVES.gz > ARCHIVES
# I told you, 'tis brute
cat /var/SuSE-updates/ARCHIVES \
| sed -ne 's/ -> .*//;
s/\(.*\): \+[dl-][rwx-]\{9\}.*[0-9] \(\/.*\)/\1 \2/p;' \
| sort -k 2,2 > ARCHIVES.sort
join -1 1 -2 2 not-owned.edited ARCHIVES.sort \
| sort > not-owned.but.in-ARCHIVES
and I ended up with a list containing only file entries belonging to
these packages:
./CD1/suse/i586/yast2-bootloader-2.6.54-1.i586.rpm
./CD1/suse/i586/yast2-core-2.6.42-4.i586.rpm
rpm -q * # shows "not installed"
rpm -qlp * | xargs ls -l # lists all files, so they are there. all of them.
rpm -yp * # shows up only few changes
rpm --whatrequires * # shows a bunch of dependencies!
they have been installed. they are required. I never used --force or -nodeps,
never ereased any package, and for sure not these two.
what I did was to install the update packages by suse, all necessary ones, by
hand, using rpm -Uhv *
for each update I used the *.patch.rpm when it was available.
I have a copy of each of the update rpms. all --checksig ok.
WHAT has gone wrong, and WHEN ?
what can delete the corresponding index entries?
any idea? someone?
tia, Lars
| < Previous | Next > |