[Rpm-maint] [PATCH v2 0/4] Fixes for file signatures

Stefan Berger stefanb at us.ibm.com
Fri Sep 23 17:33:15 UTC 2016

Stefan Berger/Watson/IBM wrote on 09/23/2016 12:43:33 PM:

> From: Stefan Berger/Watson/IBM
> To: Panu Matilainen <pmatilai at laiskiainen.org>
> Cc: fionnuala.gunter at gmail.com, rpm-maint at lists.rpm.org, Stefan 
> Berger <stefanb at linux.vnet.ibm.com>
> Date: 09/23/2016 12:43 PM
> Subject: Re: [Rpm-maint] [PATCH v2 0/4] Fixes for file signatures
> Panu Matilainen <pmatilai at laiskiainen.org> wrote on 09/23/2016 07:50:15 
> > >>
> > >> So... to achieve all this and actually behave correct in the face 
> > >> skipped files  - whether due to color, netshared path or other file
> > >> policies - the IMA plugin should really just do what the selinux 
> > >> does and use fsm_file_prepare hook for its task, which after all is
> > >> highly similar anyway.
> > >
> > > Has the file been written when fsm_file_prepare is called? Otherwise 
> > > seems better to do it in fsm_file_post.
> > 
> > Yes, the entire file has been created but not yet moved to its final 
> > destination. That's why it gets two path parameters: "path" for the 
> > actual current filename which has a temporary suffix, and "dest" which 

> > is the actual destination filename. So this is really the best place 
> > do any metadata work because then the file actually ready when it gets 

> > renamed to its final distination (ie without the suffix).
> For some mysterious reason dnf now exists in an update when I run in
> the fsm_file_prepare hook. After that, when telling dnf to install a
> package, it enumerates all kinds of locks that it unlocks. Do you 
> know what may be the cause for this ?
> Following these issues, I would like to try to meve it to the 
> fsm_file_post hook.

The same happens there. DNF just terminates. And on a 'dnf install' I get 
the error message

BDB2053 Freeing read locks for locker 0x852: 3387/139931634120448

I have not seen this problem when running the same update using the 
patches that introduce and use the fsm_post hook.

>    Stefan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20160923/13e4fa9b/attachment-0001.html>

More information about the Rpm-maint mailing list