Bug 477030

Summary: Support sha256sums checksumming for repo metadata and packages
Product: [Fedora] Fedora Reporter: James Bowes <jbowes>
Component: yumAssignee: Seth Vidal <skvidal>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bkearney, ffesti, james.antill, katzj, kwirth, lmacken, mitr, pmatilai, tim.lauridsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-26 16:35:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 477029    
Bug Blocks: 461972, 477043, 480791    

Description James Bowes 2008-12-18 19:01:32 UTC 
+++ This bug was initially created as a clone of Bug #477029 +++

We should support sha256 for checksums on both repodata files, and on the rpms themselves.

Along with createrepo support, we'll also need yum to be able to understand them.
Comment 1 James Antill 2008-12-18 20:01:33 UTC 
 sha256 _package_ checksums require a repodata .sqlite format change, the .xml already contains the type ... but that info. isn't carried over to the .sqlite files. Internally as soon as we have that type info. it's "easy" to do a sha256 instead of a sha1.

 Of course noone has checked what will happen with older yum's (and other clients) when/if we start generating multiple checksum XML elements with different types.

 _file_ checksums arre gotten directly from the rpmdb or .rpm files, so the major change needs to happen there.
Comment 2 James Antill 2009-01-20 16:22:10 UTC 
"""sha256 _package_ checksums require a repodata .sqlite format change"""

 We think we have a workaround for this, it'll probably confuse older yum (and non-yum) clients ... but, it's better than a format change.
Comment 3 Miloslav Trmač 2009-01-20 16:30:38 UTC 
Can you explain why format change should be necessary, please?

AFAICS createrepo-0.9.6 already contains the "checksum_type" column in the "packages" table.
Comment 4 seth vidal 2009-01-26 16:35:49 UTC 
the format does not need to be changed. I just checked in the necessary changes to createrepo and yum.
in both cases they are minor changes and will not impact backward compatibility of the metadata format.

So - older versions of yum will work with the sha256 metadata. Provided, of course, that the version of python they are using knows about sha256 checksums :)

yum:
http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=e40f8234756b021206d60ef81600e58d38b63489

createrepo:
http://createrepo.baseurl.org/gitweb?p=createrepo.git;a=commitdiff;h=3b43f1280d94776689816cf96c6cc8135726b240

Thanks