0079-0082.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Maximum RPM (RPM):Using RPM to Verify Installed Packages:EarthWeb Inc.-</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311054 //-->
<!-- TITLE=Maximum RPM (RPM)//-->
<!-- AUTHOR=Edward Bailey//-->
<!-- PUBLISHER=Macmillan Computer Publishing//-->
<!-- IMPRINT=Sams//-->
<!-- CHAPTER=06 //-->
<!-- PAGES=0079-0092 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<A HREF="../ch05/0075-0078.html">Previous</A> | <A HREF="../ewtoc.html">Table of Contents</A> | <A HREF="0083-0085.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-79"><P>Page 79</P></A>



<H3><A NAME="ch06_ 1">
Chapter 6
</A></H3>

<H2>

Using RPM to Verify Installed Packages

</H2>


<A NAME="PAGENUM-80"><P>Page 80</P></A>

<P>Table 6.1. Verify-mode command syntax and options.
</P>
<TABLE>

<TR><TD>
rpm -V (or --verify, or -y)
</TD><TD>
Options
</TD><TD>
</TD></TR><TR><TD>
</TD><TD>
Package Selection Options
</TD><TD>
Section
</TD></TR><TR><TD>
pkg1...pkgN
</TD><TD>
Verify named package(s)
</TD><TD>
6.3.1
</TD></TR><TR><TD>
-p &lt;file&gt;
</TD><TD>
Verify against package file &lt;file&gt;
</TD><TD>
6.3.4
</TD></TR><TR><TD>
-f &lt;file&gt;
</TD><TD>
Verify package owning &lt;file&gt;
</TD><TD>
6.3.3
</TD></TR><TR><TD>
-a
</TD><TD>
Verify all installed packages
</TD><TD>
6.3.2
</TD></TR><TR><TD>
-g &lt;group&gt;
</TD><TD>
Verify packages belonging to group &lt;group&gt;
</TD><TD>
6.3.5
</TD></TR><TR><TD>
</TD><TD>
Verify-Specific Options
</TD><TD>
Section
</TD></TR><TR><TD>
--noscripts
</TD><TD>
Do not execute verification script
</TD><TD>
6.3.7
</TD></TR><TR><TD>
--nodeps
</TD><TD>
Do not verify dependencies
</TD><TD>
6.3.6
</TD></TR><TR><TD>
--nofiles
</TD><TD>
Do not verify file attributes
</TD><TD>
6.3.8
</TD></TR><TR><TD>
General Options
</TD><TD>
Section
</TD><TD>
-v
</TD></TR><TR><TD>
Display additional information
</TD><TD>
6.3.9
</TD><TD>
-vv
</TD></TR><TR><TD>
Display debugging information
</TD><TD>
6.3.10
</TD><TD>
--root &lt;path&gt;
</TD></TR><TR><TD>
Set alternate root to &lt;path&gt;
</TD><TD>
6.3.12
</TD><TD>
--rcfile &lt;rcfile&gt;
</TD></TR><TR><TD>
Set alternate rpmrc file to &lt;rcfile&gt;
</TD><TD>
6.3.13
</TD><TD>
--dbpath &lt;path&gt;
</TD></TR><TR><TD>
Use &lt;path&gt; to find the RPM database
</TD><TD>
6.3.11
</TD></TR></TABLE>


<H3><A NAME="ch06_ 2">
6.1. rpm -V: What Does It Do?
</A></H3>

<P>From time to time, it's necessary to make sure that everything on your system is okay. Are
you sure the packages you've installed are still configured properly? Have there been any
changes made that you don't know about? Did you mistakenly start a recursive delete in
/usr and now you have to assess the damage?
</P>

<P>RPM can help. It can alert you to changes made to any of the files installed by RPM. Also,
if a package requires capabilities provided by another package, it can make sure the other
package is installed, too.
</P>

<P>The command rpm -V (or -y, or --verify, which are equivalent) verifies an installed
package. Before we see how this is done, let's take a step back and look at the big picture.
</P>

<P>Every time a package is installed, upgraded, or erased, the changes are logged in RPM's
database. It's necessary for RPM to keep track of this information; otherwise, it wouldn't be able
to perform these operations correctly. You can think of the RPM database (and the disk space
it
</P>

<A NAME="PAGENUM-81"><P>Page 81</P></A>


<P>
consumes) as being the price of admission for the easy package management that RPM
provides. (Actually, the price is fairly low. For a completely RPM-based Linux distribution, it
would be unusual to have a database over 5MB.)
</P>

<P>The RPM database reflects the configuration of the system on which it resides. When
RPM accesses the database to see how files should be manipulated during an install, upgrade, or
erase, it is using the database as a mirror of the system's configuration.
</P>

<P>However, we can also use the system configuration as a mirror of the RPM database.
What does this backward view give us? What purpose would be served?
</P>

<P>The purpose would be to see if the system configuration accurately reflects the contents of
the RPM database. If the system configuration doesn't match the database, we can reach one
of two conclusions:
</P>

<UL>
<LI>          The RPM database has become corrupt. The system configuration is unchanged.
<LI>          The RPM database is intact. The system configuration has changed.
</UL>

<P>While RPM databases occasionally are corrupted, it is a sufficiently rare occurrence that
the second conclusion is much more likely. So RPM gives us a powerful verification tool,
essentially for free.
</P>

<H4><A NAME="ch06_ 3">
6.1.1. What Does It Verify?
</A></H4>

<P>It would be handy if RPM did nothing more than verify that every file installed by a
package actually exists on your system. In reality, RPM does much more. It makes sure that if a
package depends on other packages to provide certain capabilities, the necessary packages are, in
fact, installed. If the package builder created one, RPM will also run a special verification script
that can verify aspects of the package's installation that RPM cannot.
</P>

<P>Finally, every file installed by RPM is examined. No fewer than the following nine
attributes of each file can be checked:
</P>

<UL>
<LI>          Owner
<LI>          Group
<LI>          Mode
<LI>          MD5 checksum
<LI>          Size
<LI>          Major number
<LI>          Minor number
<LI>          Symbolic link string
<LI>          Modification time
</UL>

<P>Let's take a look at each of these attributes and why they are good things to check.
</P>

<A NAME="PAGENUM-82"><P>Page 82</P></A>



<H4><A NAME="ch06_ 4">
6.1.1.1. File Ownership
</A></H4>

<P>Most operating systems today keep track of each file's creator. This is done primarily for
resource accounting. Linux and UNIX also use file ownership to help determine access rights
to the file. In addition, some files, when executed by a user, can temporarily change the user's
ID, normally to a more privileged ID. Therefore, any change of file ownership may have
far-reaching effects on data security and system availability.
</P>

<H4><A NAME="ch06_ 5">
6.1.1.2. File Group
</A></H4>

<P>In a similar manner to file ownership, a group specification is attached to each file.
Primarily used for determining access rights, a file's group specification can also become a user's
group ID, should that user execute the file's contents. Therefore, any changes in a file's group
specification are important and should be monitored.
</P>

<H4><A NAME="ch06_ 6">
6.1.1.3. File Mode
</A></H4>

<P>Encompassing the file's permissions, the mode is a set of bits that specifies permitted access
for the file's owner, group members, and everyone else. Even more important are two
additional bits that determine whether a user's group or user ID should be changed if he executes
the program contained in the file. Since these little bombshells can let any user become
root for the duration of the program, it pays to be extra careful with a file's permissions.
</P>

<H4><A NAME="ch06_ 7">
6.1.1.4. MD5 Checksum
</A></H4>

<P>The MD5 checksum of a file is simply a 128-bit number that is mathematically derived
from the contents of the file. The MD5 algorithm was designed by Ron Rivest, the
R in the popular RSA public-key encryption algorithm. The
MD in MD5 stands for message digest, which is a pretty accurate description of what it does.
</P>

<P>Unlike literary digests, an MD5 checksum conveys no information about the contents of
the original file. However, it possesses one unique trait: Any change to the file, no matter how
small, results in a change to the MD5 checksum. (From a strictly theoretical standpoint, this is
not entirely true. Using the lingo of cryptologists, it is believed to be &quot;computationally
infeasible&quot; to find two messages that produce the same MD5 checksum.)
</P>

<P>RPM creates MD5 checksums of all files it manipulates, and stores them in its database. For
all intents and purposes, if one of these files is changed, the MD5 checksum will change, and
RPM will detect it.
</P>

<H4><A NAME="ch06_ 8">
6.1.1.5. File Size
</A></H4>

<P>As if the use of MD5 isn't enough, RPM also keeps track of file sizes. A difference of even
1 byte more or less will not go unnoticed.
</P>

<P><CENTER>
<A HREF="../ch05/0075-0078.html">Previous</A> | <A HREF="../ewtoc.html">Table of Contents</A> | <A HREF="0083-0085.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>