Hello managers -
I would like to thank Dr. Tom Blinn for his quick response
to my original post shown at the bottom. I guess I am not
the only one working over the weekend. He confirmed what I
thought was the situation with fverify. Running fverify on
a software subset inventory that has been patched will result
in checksum and file size errors. He informed me that DEC
knows about this problem and that it "results from the way that
the patch installation tools manage the software subset
inventory records". Or actually, I guess the patch tools do not
make a merged inventory file for those software subsets that
are patched. We can hope that future releases of fverify will
take this into account.
So, if you run fverify on a system that has been patched, you
can expect to see checksum and file size errors. Do not
initially conclude that something is wrong(something I did
initially).
Sincerely,
Ron Bowman
Techno-Sciences, Inc.
864-646-4028
864-646-4001(fax)
rdbowma_at_tsi.clemson.edu
Original Post:
===================================================
Hello Managers -
Sorry about the length. The question is marked a few paragraphs down.
I have a question concerning fverify. After installing Pathch #6,
I decided to run fverify on all the inventories in /usr/.smdb./.
What I found was the following(after a little extra work) -
All patch files verified ok. All software subsets that were not
patched verified ok. However, all software subsets that were
patched had checksum and file size errors.
Further investigative work on this last condition, led us to the following
conclusion: When patches are installed various files in a software
subset are modified(thus changing the checksum and file size), the
inventory list for the software subset is not changed(It can't be
in case the patch is removed). Therefore to correctly check a particular
file in a software subset you would have to know if a patch modified it, and
verify that patches inventory. Plus you would have to manually confirm
files that failed in the software subset inventory verification were
successfully verified in the patch inventory verification.
From the man page on fverify there is a way you can mark particular files,
and then use a flag with fverify to ignore changes to those files. That
sounds great if it is only a few files. However, that is more tedious if
it is a large number of files modified by several patches.
QUESTION:
Is there a way to use fverify on a software subset
such that it also takes into account patches that have been applied?
I would like to be able to verify a software subset such that fverify
would determine if a patch has been applied. Then if a patch has been
applied, the files modified by the patch would be verified using
the patch inventory entry instead of the software subset inventory entry.
If it is not possible to currently verify patch modified software subsets, it
would be nice if that feature could be added in future versions of fverify.
In my case too little knowledge on something led me to think that something
was wrong when in fact everything was normal.
Any explanation about how to get(or not get) fverify to work the way
I would like is greatly apprecitated
Received on Sun Feb 15 1998 - 18:56:40 NZDT