Bug 500697

Summary: Error Checksumming during bigger amount of packages
Product: Red Hat Enterprise Linux 5 Reporter: Petr Sklenar <psklenar>
Component: yumAssignee: James Antill <james.antill>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 5.4CC: bperkins, jhutar, rlerch, sghosh
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
When yum installed local packages, it defaulted to expecting SHA-256 checksums. Because packages for Red Hat Enterprise Linux 5 use MD5 checksums, the installation would fail with a bad checksum type error. Now, when yum encounters a bad SHA-256 checksum, it attempts to verify the package with a SHA-1 checksum instead, which will sucessfully verify the MD5 checksums used for Red Hat Enterprise Linux 5 packages.
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 03:33:16 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Attachments:
Description Flags
log, bad checksum type sha256
none
installed set of packages on system none

Description Petr Sklenar 2009-05-13 14:05:04 EDT
Created attachment 343835 [details]
log, bad checksum type sha256

Description of problem:
yum cannot install bigger amount of packages. There is checksum error during installation of satellite which uses yum.

Version-Release number of selected component (if applicable):
# rpm -q yum rpm
yum-3.2.22-10.el5
rpm-4.4.2.3-9.el5

How reproducible:
always with installation of Satellite

Steps to Reproduce:
1. find installation tree with Satellite-5.3.0-RHEL5-re20090507.1-x86_64
2. ./install.pl  #
3. Error Checksumming, bad checksum type sha256
# there smth like 700Mb of packages
  
Actual results:
I tried i386 and x86_64 with errors:

.
.#see attachment
.
--> Processing Dependency: jakarta-commons-discovery for package: axis
--> Running transaction check
---> Package jakarta-commons-discovery.x86_64 1:0.3-4jpp.1 set to be updated
---> Package wsdl4j.x86_64 0:1.5.2-4jpp.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

Error Checksumming, bad checksum type sha256


Expected results:

It can be installed

Additional info:
it works with yum-3.2.19-18.el5 from RHEL5U3
Comment 2 seth vidal 2009-05-13 14:20:19 EDT
Is rhel5 supporting sha256 checksums?
Comment 3 Petr Sklenar 2009-05-13 14:22:44 EDT
How could I find it?
Comment 4 seth vidal 2009-05-13 14:36:06 EDT
okay, I need some info:

1. can you provide a link to the repodata where these pkgs came from?
2. can you provide the  set of pkgs installed on the system(s) where you were running this?

thanks
Comment 5 James Antill 2009-05-13 15:25:19 EDT
 I'm also reming the Regression keyword, until we get more info. ... as I _highly_ doubt that this is true (that it works on 5.3, that is).
Comment 6 Petr Sklenar 2009-05-13 15:28:13 EDT
Created attachment 343853 [details]
installed set of packages on system
Comment 7 Petr Sklenar 2009-05-13 15:33:36 EDT
system points to rhn.webqa.redhat.com and packages are downloading from channel "rhn satellite"

you can try it on rhts machine:
amd-toonie2-01.rhts.bos.redhat.com
folder: /mnt/hostel/local/Satellite-5.3.0-RHEL5-re20090507.1-i386
./install.pl

then see log with yum:
tail -f /var/log/rhn/rhn-installation.log
Comment 8 James Antill 2009-05-13 16:16:30 EDT
 Ok, I lied ... it's localinstall defaulting to sha256. This patch fixes it:

diff --git a/yum/packages.py b/yum/packages.py
index 3dc7a15..48cee27 100644
--- a/yum/packages.py
+++ b/yum/packages.py
@@ -1580,7 +1580,9 @@ class YumLocalPackage(YumHeaderPackage):
     def localPkg(self):
         return self.localpath
     
-    def _do_checksum(self, checksum_type='sha256'):
+    def _do_checksum(self, checksum_type=None):
+        if checksum_type is None:
+            checksum_type = misc._default_checksums[0]
         if not self._checksum:
             self._checksum = misc.checksum(checksum_type, self.localpath)
             self._checksums = [(checksum_type, self._checksum, 1)]
Comment 14 Ruediger Landmann 2009-09-01 15:46:57 EDT
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
When yum installed local packages, it defaulted to expecting SHA-256 checksums. Because packages for Red Hat Enterprise Linux 5 use MD5 checksums, the installation would fail with a bad checksum type error. Now, when yum encounters a bad SHA-256 checksum, it attempts to verify the package with a SHA-1 checksum instead, which will sucessfully verify the MD5 checksums used for Red Hat Enterprise Linux 5 packages.
Comment 15 errata-xmlrpc 2009-09-02 03:33:16 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1419.html