rpjday wrote:
> i don't recall if there's a specific rpm list, so here goes.
> i'm unclear on what exactly rpm is "verifying" when i verify
> an installed package.
It compares the MD5 that's in its records, and then runs an MD5 checksum
on the file on your hard drive to see if there are any differences.
> as i understand it, rpm will check
> various attributes such as size, perms, checksum and so on,
> against the initial attributes at time of package installation,
> and flag any discrepancies.
You got it. On the nose. Bingo. Exactly.
> ok, so
>
> # rpm -ql setup (basic OS files, including
> /etc/passwd)
>
> but when i verify setup:
>
> # rpm -V setup
>
> only /etc/services is flagged, despite the fact that i've
> added extra users which clearly has changed /etc/passwd.
> why is rpm not flagging that?
This has to do with the way RPM works. (In other words, this is a
feature) (and it's documented, too) The RPM, when created by its author
or packager, can have specific files flagged as 'configuration files',
those files won't install over existing configuration files. The setup
rpm is full of 'configuration files'. You can view configuration files
by using the command
rpm -qlc setup
And you'll see everything that's tagged as a configuration file.
Another neat thing about RPM, is you can specify files that don't get
checked when using Verify.
This is specified in the SPEC file, which is used to make an RPM.
Here's the source RPM. You can get it off of the source CDrom, or go to
the URL:
ftp://ftp.redhat.com/pub/redhat/redhat-6.1/SRPMS/SRPMS/setup-2.0.5-1.src.rpm
When you get it, type
rpm -Uvh setup-2.05-1.src.rpm
You're not installing any executables, or any configuration files, but
you're converting the .src.rpm to regular files, thereby putting the
source tarball in /usr/src/redhat/SOURCES, and the SPEC file in
/usr/src/SPEC
In the /usr/src/redhat/SPEC directory, there is a new file named
'spec-2.0.5-1.src.rpm'
If you read through that file, the last part of the file is the comments
and change log.
Go up from that a bit and find:
%verify(not md5 size mtime) %config(noreplace) /etc/passwd
%verify(not md5 size mtime) %config(noreplace) /etc/group
Which means 'don't bother verifying md5 size or date/time on files
/etc/passwd and /etc/group
Those spunky RedHatters thought of everything, didn't they?
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
