-- Start of PGP signed section. >On Fri, 2006-07-07 at 14:10 +0200, Andras Simon wrote: >> Doing an rpm -Va resulted in a lot of scary messages, >> S.?..... /usr/bin/passwd >> being one of the most chilling. (And I thought I was very strictly >> firewalled, with no unnecessary services running, except for >> postgresql. Oh well...) >> >> Anyway, at the very least, I'd like to reinstall the offending >> packages. Since there are other packages depending on them, I wonder >> how this can be done without too much hassle. Would >> >> rpm -e --nodeps <package> >> yum install <package> >> >> be safe? >> >> Also, I get a lot of >> >> prelink: /some/file/or/other : at least one of file's dependencies has >> changed since prelinking >> >> warnings during rpm -Va. Is this something to be worried about? > >this is *exactly* the sort of thing I saw the last time my system went >screwy. > >The first thing you have to worry about is filesystem corruption. boot >from the install cd, and enter the linux rescue mode, and do not mount >the drives when prompted. > >fsck each of your partitions manually, possibly more than once if you >encounter a drive with many problems. > >Once you are able to get through that cleanly, then reboot the system >normally > >identifying the corrupted packages is your next step, again with > rpm -Va > rpmverify.txt 2>&1 > >then step through the packages in question *carefully* > >things like glibc you don't want to first remove and then install :-) > >use ( yumdownloader <packagename> ) to grab the current package one at a >time, and use ( rpm -ivh --force packagename*rpm ) to re-install it in >place. > >it may be a wise idea, once you have finished this process, to use >tune2fs to set up automatic filesystem checks at boot time periodically. >(I myself set up a 25 remount or 3 weeks option set on mine though >that's a tad on the paranoid side.. however faced with the above, you >might think the same way as me -- catch it early. ) > >I used > tune2fs -c 25 -i 3w /dev/sda3 >to make these settings on my / partition. tune2fs -l will list the >current settings for you. the manpage for tune2fs is particularly >enlightening in its description of the -c switch, and I recommend >reading it. > >to catch further filesystem stuff like this, sooner, you might consider >running rpm -Va once a week in a cron job. I'm not yet convinced that things are that bad. Prompted by this thread I just did an 'rpm -Va' on my RHEL4 system, and got piles of S.5....T messages (accompanied by sporadic bursts of prelink activity but no error msgs - is this initiated by rpm if it thinks there is a problem?). I wrote a little script to 'rpm -V' package by package and find that: 1. I seem to have some duplicate package names (this is on an x86_64 system which has only been 'up2date'ed once immediately after installation) e.g: [root@ls1 ~]$ rpm -q tcp_wrappers tcp_wrappers-7.6-37.2 tcp_wrappers-7.6-37.2 2. almost all the entries with S.5... have a .T on the end, and that those entries are in an rpm for which all entries have a .T This suggests to me that there has been some sort of package upgrade which is not being taken into account during the verify. Looks like *something* is wrong, but quite what, I dont know. Cheers, Terry.
