trouble upgrading rpm,
 

I'm trying to install rpmbuild on redhat which requires upgrading rpm. After more time then I care to admit I have sorted out most of the dependencies but I still get one warning.

failed dependencies: /bin/rpm is needed by (installed) policycoreutils-1.33.12-14.el5.i386.

I don't know how to satisfy this dependency sense it doesn’t look like regular dependencies. I'm thinking that policycore would presumably work with any rpm version and if I force the upgrade policycoreutils would still work correctly, but I'm not brave enough to try it. I don't even know what policycoreutils is.

So what is the best solution here?

For some reason you have decided not to use:

yum install rpm-build

... and that /bin/rpm exists?

policycoreutils provides the core policies for SELinux.

You can switch selinux off, or reinstall the package.

I can't use yum because none of our linux machines have internet access. We aren’t allowed to connect the linux machines to our network for security reasons. Because apparently it's easier to harden a windows computer then a linux computer :doh:

/bin/rpm currently exists, I’m assuming that upgrading the RPM package modifies the /bin/rpm directory leading to the complaint.

I have no clue how I would turn off selinux, I would think even if it were currently deactivated I would still have the same complaints doing the upgrade unless i uninstalled the policycoreutils package wouldn't I?

I can try reinstalling/upgrading the policycoreutils package though. I assume that is the package your referring to when you say reinstall the package.

ehwatay? :doh:

I suppose we cannot just let these guys know that linux comes pre-hardened...

The directory is /bin, the program is called rpm. Upgrading rpm will certainly change rpm ;)

I'm guessing that you are trying to upgrade the policy package as well.
What lead you to think that may be needed?

/etc/selinux/config

SELINUX=disabled

You could also put selinux=0 at the end of the kernel line in grub.conf

SELinux needs the policy package.
If you are not using selinux, then the policy package is not needed, so you don't need to upgrade it.You'll have to upgrade to the absolute newest one you can find - jic the one you have needs the previous version of rpm.

However, it occurs to me that the new rpm or something it needs is being blocked by the old selinux policies ... so disabling selinux, then trying to upgrade the policies, may do the trick.

If that turns out to be the case, you'll have an argument for letting the linux boxes online - proof of NSA level hardening.

I’m only upgrading the policy package if I have to to get RPM. The command that failed is only upgrading rpm, rpm-libs and rpm-python. If I could manage to do that without upgrading anything else that would be great. (it's such a pain downloading and burning rpms to cd every time you realize you missed a dependency).

honestly I’m really really tempted to force the install. after all the /bin/rpm folder should exist after the upgrade. I'm just not brave enough to do it. I've already came close to breaking my entire install when I accidently added a / in front of bin in an rm statment, so I'm going to be a bit more cautious from now one ;)

I'll try it.

-edit: it turns out it was already disabled anyways. so now I'm fighting linux over an rpm I don't even need?

sadly I think I’ve already lost that particular argument. But hey if I sit around for *way* too long doing what I could have done with 10 min with internet access I still end up getting paid in the end.

You are telling me that policycoreutils is a dependency for one of those packages?
Not sure I understand...

you are running something like:

rpm -Uvh rpm*

and it returns a missing dependency error?

Here's the reference to the package causing the trouble.

I am using rpm -uvh and linking rpm-python-5, rpm-lib-5 and rpm-5 packages. quick testing shows that it is the rpm-5.0-0.2.0.el5.rf.1386 rpm that is giving me the dependency complaint, not surprising sense it is presumably due to policycoreutils not liking the fact that the /bin/rpm directory is being modified when RPM is upgraded.

while I'm way too much of a linux newbie to be cretin I would assume the problem is that policycoreutils has a poorly written dependency that requires the /bin/rpm directory rather then requiring a specific rpm version.

I went ahead and ran the rpm –U command with the -vv option to see what would happen. A lot of stuff is spit out, but the two relevant lines seem to be.


=============== ---rpm-4.4.2-48.el5 i386/linux 0x1
Requires: /bin/rpm NO
package policycoreutils-1.33.12.14.el5.1386 has unsatisfied Requires: /bin/rpm


I noticed that the lines show up under the RPM-4.4 heading. That's the rpm I’m replacing with RPM-5.0. RPM-5.0 was listed earlier in the –vv output and appears satisfied with all the dependencies except that it conflicts with RPM-4.4

so as a linux newbie it would seem the problem is not with the rpm I’m trying to install, but with the previous rpm it's replacing? I don’t know if any of that is actually relevant.


ps. having and .rpm file named RPM is confusing ;)

Looking at the packages:

policycoreutils-1.33.12.14.el5.1386 looks to need rpm-5.0 to unpack.
You have conflicting information - rpm -Uvh rpm* says you need this for rpm-5.0 package, but rpm -Uvvh says that rpm-5.0 dependencies are satisfied.

I'd like to see the command and the output that shows policycoreutils as a missing dependency.

Some reading around the issue shows:
http://www.mail-archive.com/rpm-user.../msg00170.html
try removing the __db* files from your rpm db directory, then run rpm --rebuild

http://rpm5.org/community/rpm-devel/0759.html
rpm 4.4 binary lives in /bin, but rpm4.5 binary lives is /usr/bin ...
check if rpm 5.0 is in /usr/bin - if so then try /usr/bin/rpm -Uvh policycoreutils*

Some related thoughts:

How many rhel machines are there?

Reason: if there are more than, say, two, it is probably worthwhile to mirror the yum repositories locally, using a windows machine to get the files. You could mirror exactly the files needed on a CD or transfer an entire database to a linux box. It may even be possible to run a caching mirror on a windows box under cygwin.

http://linux.wxs.ro/2009/08/07/how-t...or-iso-images/

You may even be able to convince the company to allow one RHEL machine limited internet access on the grounds that it is like WGA - you will only access RHN servers on a VPN to download digitally signed packages from the authorised distributor. This will be done infrequently and no access granted either way when not accessing RHN servers. While accessing, no incoming connections can be initiated. Point out how much the company is paying you for this compared with what they are paying with yum access. RHN provide this service out of the box.

The company already allows authorised packages to be installed to the machines, so it is within existing security policies.

Which leads to the other thing:

Does the company have a RH support contract?

If not, then then where are you getting these rpms from?

In which case it would be cheaper and safer for the company to run CentOS on these machines. This is exactly RHEL but with free/gratis support rather than paid support. Which is a step up because right now they have no support, free or otherwise.

Your only concern would be that the company may decide it is too hard to run any linux boxes at all.

If they do though, you are at the point you need to contact support. They will be able to help with this very directly, including using a CD as a yum repo.

Basically, yum is the answer to your problems ... this is the sort of problem that yum was designed to solve. It is also why it is so hard to find other solutions.


Another approach is to work around the network restrictions - I'm guessing some sort of firewall on the gateway which blocks the rhel machines? You'd need to spoof one of the other network machines, or use a windows machine to act as a bridge, you send packages to that machine, it sends them to the gateway, gateway thinks the packages come from an authorised machine. Of course, this could get you fired.





having a program called rpm which handles files called .rpm which are called RPMs, is confusing. The program is Redhat Package Manager. Technically the files should be Redhat Packages - giving .rpg suffix for 8.3 format naming. RPG files sound rather more interesting than they are... the inevitable "help with rpg" questions that would result seem to invite the wrong kind of response ;)

thank you. This is great information you provided, which I'm afraid I have to admit I was too impatient to wait for. I got to the point yesterday where I really needed rpmbuild and having gotten no feedback yet I was bad. I went ahead and ran the install with --nodeps flag.

...and ended up with the rpm command not working at all. Even an rpm –qa just returned something like ‘/usr/bin directory or file doesn’t exist’. If I had this information then I would have realized that /bin/rpm was deleted but not /usr/bin/rpm. Sense I didn't I thought I broke things completely and used a bootdisk to do an OS update and reinstall RPM.

from there I recreated my database, did a re-install of the RPM-5 package with the --replacepkgs argument, and finally installed rpmbuild.

and so I have rpmbuild, but I can't be completely certain which version of rpm is actually being run on my computer at this time. Yeah I’m way to impatient to be trusted with root privileges.


as to your other statements about getting linux on the network the real problem is were not using linux much, and our software engineer department (me) is separate from the IT department that makes the decisions. we have a single small program which had to be developed for a linux system and needed a linux environment for some of it's development. we have in total two laptops that don't 'officially' have Linux and the SBC I set up with linux environment that is emulating the final production environment. In a few months we deliver this program and are theoretically done (yeah right). My linux woes are considered too minor and short term for the company to bother changing their policies over, and their policies forbid any machine that isn’t officially hardened from coming close to our network.

Besides while your idea would no doubt work it would have to be implemented by me and judging from my reliance on Linux boot disks just to install a program most distros come with by default if I were to try anything more complicated then installing rpm's I would probably wind up with a smoking crater where my computer use to sit. :p

rpm --version

Well, as the only machine and a temporary project, it is not cost effective to do anything real fancy.
At least now you know you can set up a yum repo out of a DVD if you need to.


I can usually respond in a timely manner since, being 12 hours ahead of most (usa) folk here I get to work on the problem while you sleep on it. When you wake up I may have a solution. Even with the asia and india folk, the time difference is significant. This time I had to check an obscure reference then verify it before telling you. It is a long time since anybody had to deal with this stuff.