System in question is i386 SuSE 8.1 newly installed about four weeks ago. I consider this security, since, if the package manager is buggy, that would affect the whole system. although it seems like there are only two specific packages affected so far. Problem: -------- Index entries have vanished from the rpm database. nothing even complained. hardware is stable, and proven to be good. overall system is stable. not connected to the net. physical access: me. files are there and seem unchanged. the rpm databases are intact. no metadata corruption. yet the index entries are *wrong*, i.e. not in sync with the actual system status. the only "suspicious" thing is, I used patch.rpms for all necessary updates; this might or might not be relevant. I recognized this when an rpm -Uhv failed with the message ... yast2-core is needed for ... ok, so what I did to verify this issue is, brute force straight ahead: rpm -qal | sort > rpm-qal.sort # umount unnecessary stuff find /bin /etc /opt /sbin /usr /var | sort > find.sort join -v rpm-qal find.sort > not-owned.orig cp not-owned.orig not-owned.edited # edit not-owned.edited, i.e. # delete chunks of obviously misleading stuff by hand, # like /usr/src/linux , which I forgot to exclude above :) now, whats left is about 500 files I'm not sure about. so I checked further: zcat /CD1/ARCHIVES.gz > ARCHIVES # I told you, 'tis brute cat /var/SuSE-updates/ARCHIVES \ | sed -ne 's/ -> .*//; s/\(.*\): \+[dl-][rwx-]\{9\}.*[0-9] \(\/.*\)/\1 \2/p;' \ | sort -k 2,2 > ARCHIVES.sort join -1 1 -2 2 not-owned.edited ARCHIVES.sort \ | sort > not-owned.but.in-ARCHIVES and I ended up with a list containing only file entries belonging to these packages: ./CD1/suse/i586/yast2-bootloader-2.6.54-1.i586.rpm ./CD1/suse/i586/yast2-core-2.6.42-4.i586.rpm rpm -q * # shows "not installed" rpm -qlp * | xargs ls -l # lists all files, so they are there. all of them. rpm -yp * # shows up only few changes rpm --whatrequires * # shows a bunch of dependencies! they have been installed. they are required. I never used --force or -nodeps, never ereased any package, and for sure not these two. what I did was to install the update packages by suse, all necessary ones, by hand, using rpm -Uhv * for each update I used the *.patch.rpm when it was available. I have a copy of each of the update rpms. all --checksig ok. WHAT has gone wrong, and WHEN ? what can delete the corresponding index entries? any idea? someone? tia, Lars