[Bug 1069350] Re: suspicious /.rpmdb root directory

Daniel 1069350 at bugs.launchpad.net
Sun Mar 24 12:03:28 UTC 2013 

It happened again. What I did:

 - (it is a system with precise 12.04 LTS installed)
 - removed /.rpmdb/ (I did it just for fun, without any reason)
 - made sure /.rpmdb/ is not here
 - installed updates with update-manager
 - One day later, I checked /.rpmdb/ and it was there again.

ls '--time-style=+%Y-%m-%d %H:%M:%S' -l /.rpmdb/
insgesamt 4648
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Basenames
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Conflictname
-rw-r--r-- 1 root root    24576 2013-03-23 14:05:16 __db.001
-rw-r--r-- 1 root root  3850240 2013-03-23 14:05:16 __db.002
-rw-r--r-- 1 root root 83894272 2013-03-23 14:05:16 __db.003
-rw-r--r-- 1 root root   565248 2013-03-23 14:05:16 __db.004
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Dirnames
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Group
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Installtid
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Name
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Obsoletename
-rw-r--r-- 1 root root    12288 2013-03-23 14:04:03 Packages
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Providename
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Requirename
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Sha1header
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Sigmd5
-rw-r--r-- 1 root root     8192 2013-03-23 14:04:04 Triggername

snippet from /var/log/dpkg.log:
2013-03-23 14:03:58 configure libudev0 175-0ubuntu9.3 <none>
2013-03-23 14:03:58 status unpacked libudev0 175-0ubuntu9.3
2013-03-23 14:03:58 status half-configured libudev0 175-0ubuntu9.3
2013-03-23 14:03:58 status installed libudev0 175-0ubuntu9.3
2013-03-23 14:03:59 configure libgudev-1.0-0 1:175-0ubuntu9.3 <none>
2013-03-23 14:03:59 status unpacked libgudev-1.0-0 1:175-0ubuntu9.3
2013-03-23 14:03:59 status half-configured libgudev-1.0-0 1:175-0ubuntu9.3
2013-03-23 14:04:00 status installed libgudev-1.0-0 1:175-0ubuntu9.3
2013-03-23 14:04:00 configure linux-image-3.2.0-39-generic 3.2.0-39.62 <none>
2013-03-23 14:04:00 status unpacked linux-image-3.2.0-39-generic 3.2.0-39.62
2013-03-23 14:04:00 status half-configured linux-image-3.2.0-39-generic 3.2.0-39.62
2013-03-23 14:05:06 status installed linux-image-3.2.0-39-generic 3.2.0-39.62
2013-03-23 14:05:07 configure udev 175-0ubuntu9.3 <none>
2013-03-23 14:05:07 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:07 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:07 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:08 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:08 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:08 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:08 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:09 status unpacked udev 175-0ubuntu9.3
2013-03-23 14:05:09 status half-configured udev 175-0ubuntu9.3
2013-03-23 14:05:10 status installed udev 175-0ubuntu9.3
2013-03-23 14:05:10 status triggers-pending initramfs-tools 0.99ubuntu13.1
2013-03-23 14:05:11 configure iptables 1.4.12-1ubuntu5 <none>
2013-03-23 14:05:11 status unpacked iptables 1.4.12-1ubuntu5
2013-03-23 14:05:11 status half-configured iptables 1.4.12-1ubuntu5
2013-03-23 14:05:12 status installed iptables 1.4.12-1ubuntu5
2013-03-23 14:05:13 configure gir1.2-gudev-1.0 175-0ubuntu9.3 <none>
2013-03-23 14:05:13 status unpacked gir1.2-gudev-1.0 175-0ubuntu9.3
2013-03-23 14:05:13 status half-configured gir1.2-gudev-1.0 175-0ubuntu9.3
2013-03-23 14:05:13 status installed gir1.2-gudev-1.0 175-0ubuntu9.3
2013-03-23 14:05:14 configure linux-headers-3.2.0-39 3.2.0-39.62 <none>
2013-03-23 14:05:14 status unpacked linux-headers-3.2.0-39 3.2.0-39.62
2013-03-23 14:05:14 status half-configured linux-headers-3.2.0-39 3.2.0-39.62
2013-03-23 14:05:15 status installed linux-headers-3.2.0-39 3.2.0-39.62
2013-03-23 14:05:15 configure linux-headers-3.2.0-39-generic 3.2.0-39.62 <none>
2013-03-23 14:05:15 status unpacked linux-headers-3.2.0-39-generic 3.2.0-39.62
2013-03-23 14:05:15 status half-configured linux-headers-3.2.0-39-generic 3.2.0-39.62
2013-03-23 14:05:16 status installed linux-headers-3.2.0-39-generic 3.2.0-39.62
2013-03-23 14:05:16 configure linux-headers-generic 3.2.0.39.47 <none>
2013-03-23 14:05:16 status unpacked linux-headers-generic 3.2.0.39.47
2013-03-23 14:05:16 status half-configured linux-headers-generic 3.2.0.39.47
2013-03-23 14:05:17 status installed linux-headers-generic 3.2.0.39.47
2013-03-23 14:05:17 configure linux-image-generic 3.2.0.39.47 <none>
2013-03-23 14:05:17 status unpacked linux-image-generic 3.2.0.39.47
2013-03-23 14:05:17 status half-configured linux-image-generic 3.2.0.39.47
2013-03-23 14:05:18 status installed linux-image-generic 3.2.0.39.47
2013-03-23 14:05:18 configure linux-libc-dev 3.2.0-39.62 <none>
2013-03-23 14:05:18 status unpacked linux-libc-dev 3.2.0-39.62
2013-03-23 14:05:18 status half-configured linux-libc-dev 3.2.0-39.62
2013-03-23 14:05:18 status installed linux-libc-dev 3.2.0-39.62
2013-03-23 14:05:19 configure perl-modules 5.14.2-6ubuntu2.3 <none>
2013-03-23 14:05:19 status unpacked perl-modules 5.14.2-6ubuntu2.3
2013-03-23 14:05:19 status unpacked perl-modules 5.14.2-6ubuntu2.3
2013-03-23 14:05:19 status half-configured perl-modules 5.14.2-6ubuntu2.3

So I come to the clue that linux-image-3.2.0-39-generic(3.2.0-39.62) or
linux-headers-generic(3.2.0-39.62->3.2.0.39.47) were responsible, or any
package triggered by those, like dkms, initramfs etc.

Unfortunately, I did an update to raring 13.04 after the update, so the
following commands didn't run on the same package versions:

find /etc/kernel:
/etc/kernel
/etc/kernel/postinst.d
/etc/kernel/postinst.d/nvidia-common.dpkg-remove
/etc/kernel/postinst.d/dkms
/etc/kernel/postinst.d/pm-utils
/etc/kernel/postinst.d/zz-update-grub
/etc/kernel/postinst.d/update-notifier
/etc/kernel/postinst.d/initramfs-tools
/etc/kernel/postinst.d/apt-auto-removal
/etc/kernel/postrm.d
/etc/kernel/postrm.d/zz-update-grub
/etc/kernel/postrm.d/initramfs-tools
/etc/kernel/header_postinst.d
/etc/kernel/header_postinst.d/nvidia-common.dpkg-remove
/etc/kernel/header_postinst.d/dkms
/etc/kernel/prerm.d
/etc/kernel/prerm.d/dkms

rgrep rpm /etc/kernel
->no result

One interesting result: in the package dpkg the following files contain the string 'rpm':
/usr/sbin/dkms
/usr/lib/dkms/common.postinst
/usr/share/doc/dkms/examples/sample-suse-9-mkkmp.spec
/usr/share/doc/dkms/AUTHORS
/etc/bash_completion.d/dkms

and /var/log/apt/term.log contains the following lines which were called during this time:
run-parts: executing /etc/kernel/prerm.d/dkms 3.2.0-26-generic /boot/vmlinuz-3.2.0-26-generic
run-parts: executing /etc/kernel/prerm.d/dkms 3.2.0-27-generic /boot/vmlinuz-3.2.0-27-generic
run-parts: executing /etc/kernel/prerm.d/dkms 3.2.0-31-generic /boot/vmlinuz-3.2.0-31-generic
run-parts: executing /etc/kernel/postinst.d/dkms 3.2.0-39-generic /boot/vmlinuz-3.2.0-39-generic
run-parts: executing /etc/kernel/header_postinst.d/dkms 3.2.0-39-generic /boot/vmlinuz-3.2.0-39-generic

replaying these commands (again, now on raring instead of precise),
don't create a /.rpmdb but a /root/.rpmdb. So again, I assume, this
happens because in apt-get/dpkg, the commands are called with a reduced
set of environment variables, and then this directory is created. in
fact, I assume $HOME is not set:

# ls -ld .rpmdb* /.rpmdb*
# HOME= /etc/kernel/postinst.d/dkms 3.8.0-14-generic /boot/vmlinuz-3.8.0-14-generic
# ls -ld .rpmdb* /.rpmdb*
drwxr-xr-x 2 root root 4096 Mär 24 13:02 /.rpmdb

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rpm in Ubuntu.
https://bugs.launchpad.net/bugs/1069350

Title:
  suspicious /.rpmdb root directory

Status in rpm package manager:
  Opinion
Status in “rpm” package in Ubuntu:
  Confirmed

Bug description:
  I have the following directory structure on my system which conflicts
  to the LSB standard:

  ls -ld /.rpmdb/{,*}
  drwxr-xr-x 2 root root     4096 Okt 21  2011 /.rpmdb/
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Basenames
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Conflictname
  -rw-r--r-- 1 root root    24576 Apr 27 00:52 /.rpmdb/__db.001
  -rw-r--r-- 1 root root  4096000 Apr 27 00:52 /.rpmdb/__db.002
  -rw-r--r-- 1 root root 83894272 Apr 27 00:52 /.rpmdb/__db.003
  -rw-r--r-- 1 root root   811008 Apr 27 00:52 /.rpmdb/__db.004
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Dirnames
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Group
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Installtid
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Name
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Obsoletename
  -rw-r--r-- 1 root root    12288 Okt 21  2011 /.rpmdb/Packages
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Providename
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Requirename
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Sha1header
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Sigmd5
  -rw-r--r-- 1 root root     8192 Okt 21  2011 /.rpmdb/Triggername

  Afaik, this directory belongs to rpm or alien. Maybe it appears
  because of a lack of environment variables (e.g. $HOME not set) in
  particular situations.

  As you can see in the listing, the directory is not used frequently,
  but I'm not sure if it's save to delete it. Maybe the problem is
  already solved in the current version of ubuntu (at last the time the
  files were touched I was running Ubuntu 11.10), but I think it's
  important to have this bug registered so other users can find it.
  There is an active thread about it at ubuntuforums:
  http://ubuntuforums.org/showthread.php?t=1864423

To manage notifications about this bug go to:
https://bugs.launchpad.net/rpm/+bug/1069350/+subscriptions

More information about the foundations-bugs mailing list