[CentOS] RPM verify weirdness

Wed Mar 19 05:41:39 UTC 2008
Ignacio Vazquez-Abrams <ivazqueznet at gmail.com>

On Wed, 2008-03-19 at 16:32 +1100, Gavin Carr wrote:
> On Wed, Mar 19, 2008 at 12:08:50AM -0400, Ignacio Vazquez-Abrams wrote:
> > On Wed, 2008-03-19 at 14:48 +1100, Gavin Carr wrote:
> > > Can anyone explain this to me? (CentOS 4/5)
> > > 
> > >   # rpm -qf /etc/exports
> > >   setup
> > >   # rpm -V setup
> > >   S.5....T c /etc/bashrc
> > >   S.5....T c /etc/printcap
> > >   ..?..... c /etc/securetty
> > >   # echo '#### foo' > /etc/exports
> > >   # cat /etc/exports
> > >   #### foo
> > >   # rpm -V setup
> > >   S.5....T c /etc/bashrc
> > >   S.5....T c /etc/printcap
> > >   ..?..... c /etc/securetty
> > > 
> > > I thought verify was supposed to check every file in the package?
> > 
> > From the spec file:
> > 
> > %verify(not md5 size mtime) %config(noreplace) /etc/exports
> > 
> > rpm has been explicitly told to *not* check certain traits.
> 
> Ah, very cool, thanks. Any pointers to why one would do this?

Verifying against a stock /etc/bashrc is useful, since it influences
system behavior. Verifying against a stock /etc/exports is not, beyond
who owns the file and what permissions it has.

-- 
Ignacio Vazquez-Abrams <ivazqueznet at gmail.com>

PLEASE don't CC me; I'm already subscribed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20080319/2e8c7b0e/attachment-0005.sig>