rpm5 package verification and md5sum of config files
Adam Osuchowski
adwol at zonk.pl
Tue Oct 16 00:47:57 CEST 2012
Jeffrey Johnson wrote:
> FYI: the --nomd5 option changed to --nofdigests like 4-5y ago.
> If there is still "legacy compatibility" for --nomd5, then its time
> to rip it out imho: I see no reason to maintain myriad
> confusing alternative invocations for changes made years ago.
What's the difference... With --nofdigests bahaviour is the same.
> What are you showing me?
I'm showing you invalid output of rpm. Tell me sincerely, is it normal
that rpm with option --nomd5/--nofdigests shows that ALL files in
package are modified even though they aren't?
> I can't tell what rpm version, and
> I have no comparison to be able to tell what you consider
> a "bug" from the above display. I have no idea what/how
> rpm is patched in PLD, assuming that is the OS being used.
I wrote version I checked in my first mail, but I can repeat:
rpm-5.4.10-18 from PLD distro (I report it on pld-devel mailing list,
so it should be obvious). Anyway, it doesn't matter because vanilla
rpm5 behaves in the same way.
> I also cannot tell what the output SHOULD look like
> without knowing more details.
Run rpm4 and you can see it yourself. Hint: there should be empty
output, because no files were modified, so `rpm -V' should print
nothing.
BTW, why there is no information in documentation about --nohmacs
option which tell rpm to not show this faked information?
> You are entirely entitled to hold whatever point of view and
> opinion you wish.
Should I understand you think that situation I report is quite normal
and rpm5 will always show that md5 digest of file is changed even if
content is not modified? Interesting...
> But if you are seriously interested in a change in RPM, then post
> a bug (launchpad/rpm preferred) with sufficient information to analyze,
> not just POV/opinion.
I don't have time and don't feel like creating launchpad account, so
I report here.
The problem is: rpm5 keeps md5 digests of files in its database, but
when veryfing files marked in specfile like this (in PLD most of config
files have this mark):
%verify(not md5)
it compares these md5 digests with hmac-md5 of current files on disk
what of course leads to differences (rpmvfVerify() in lib/verify.c:265).
Changing this to:
%verify(not hmac)
helps, but I think it is not good solution. Rather, there should be
consistency in digest types (plain vs. hmac): since md5 digests are
stored in database, -V should check md5 not hmac-md5. So, I propose
change like in my mail attachment (btw, I really don't have any idea
what this line is for).
Make what do you want with this knowledge. I only would like rpm5 works
not worse than rpm4 and I hope you now understand where the problem lies.
-------------- next part --------------
--- rpm-5.4.10.orig/build/files.c 2012-10-15 23:29:13.601832730 +0200
+++ rpm-5.4.10/build/files.c 2012-10-15 23:29:50.264308164 +0200
@@ -393,7 +393,6 @@
if (strcmp(p, vfa->attribute))
/*@innercontinue@*/ continue;
verifyFlags |= vfa->flag;
- verifyFlags &= ~RPMVERIFY_FDIGEST;
/*@innerbreak@*/ break;
}
if (vfa->attribute)
More information about the pld-devel-en
mailing list