Menu

#157 Figure out "not performed" et al on rpmverify probe

Version 5.10
open
nobody
Probe Specific (60)
5
2011-04-11
2011-04-11
Michael Chisholm
No

The rpmverify probe as checked in probably is not totally correct as far as when "not performed" is used on an item entity. There has been some email discussion about this; we need to bring that to a conclusion and fix the probe. (And maybe improve the documentation for the test.)

Discussion

  • Michael Chisholm

    Michael Chisholm - 2011-04-11

    Quoting some discussion on this:

    >> - In general, "not performed" in an item entity can mean one of a few things,
    >> >> and it's ambiguous which occurred:
    >> >> + the package specified that that verification not be performed on the file
    >> >> + the file exists but the verification could not be performed
    >> >> + the file didn't exist
    >> >>
    > >
    > > I am actually having second thoughts on this now... the docs say "not performed"
    > > is equivalent to "?", but I am using it in other ways than that, which could be
    > > confusing. If the file doesn't exist, I really don't think it makes sense to
    > > give it an automatic pass. (rpm -V I think prints "missing" in place of showing
    > > .'s amd ?'s for the tests.) So "not performed" might be ok there (the third
    > > case). Maybe in the first case, if the package config says to not perform the
    > > test, I should give a "pass" anyway?? Also, what if a behavior says not to
    > > perform the test? Does that also mean an automatic pass? Right now I am using
    > > "not performed". (I guess that's a fourth bullet I forgot to list!) The schema
    > > docs don't say what to do with the entity in that case.
    Ok, since there is a "not collected" status value, that opens up some other
    possibilities for this.

    Use status="exists" and value="not performed" on an item entity if:

    - the file exists but the verification could not be performed (afaik this only
    applies to the md5 and linkto verifications)

    Use status="not collected" and value="" on an item entity if:

    - the verification isn't implemented (capabilities_differ)
    - the file didn't exist or could not be read
    - the package specified that the verification not be performed

    I guess this is all the rest of the cases? That preserves "not performed" as
    only corresponding to the '?' output of rpm -V. Does that sound better?

     

  • Michael Chisholm

    Michael Chisholm - 2011-04-11
    • milestone: 1833777 --> Version 5.10
     

Log in to post a comment.