Bug 602762

Summary: linux platform discovery now gets sha256, not md5
Product: [Other] RHQ Project Reporter: John Mazzitelli <mazz>
Component: PluginsAssignee: John Mazzitelli <mazz>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: low Docs Contact:
Priority: low    
Version: 3.0.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-02 03:27:08 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description John Mazzitelli 2010-06-10 13:23:43 EDT
Description of problem:

rpm now returns a SHA256, even though it is being asked to return MD5 (see %{FILEMD5S} in the below command)

rpm -q --qf "%{NAME}\n%{FILEMD5S}\n" quota-3.17-6.fc11.x86_64

This is bad because our linux platform plugin component uses that command to give us MD5 and we set the package version MD5 to that value. Real MD5s are 32 chars long, this is 64 (we assume its a SHA256). This blows up on server when we try to insert it into the database since the column is only 32chars wide.

Need to fix plugin component to set MD5 or SHA256 accordingly:

Here's the code fix:

@@ -173,3 +173,7 @@ public class RpmPackageDiscoveryDelegate {
-                packageDetails.setMD5(md5);
+                if (md5.length() <= 32) {
+                    packageDetails.setMD5(md5);
+                } else {
+                    packageDetails.setSHA256(md5); // md5's can only be 32 chars, anything more and we assume its a SHA256
+                }
Comment 1 John Mazzitelli 2010-06-10 16:33:05 EDT
we need to wrap that new if statement in:

if (!md5.startsWith("00000000000000000000000000000000")) {

in other words, if rpm returns their "empty md5" token, we don't set SHA or MD5 in the package version since we don't know it.
Comment 2 John Mazzitelli 2010-08-24 14:10:26 EDT
commit 0f34ac2c5509187eb3d991ff4e21c47b60f539da and 83d0bd01759ddc48af69697273f08bbf361bb7a4 implemented this.  Done back in June 2010.

how to test:

1) make sure you are on RHEL or Fedora (anything with rpm really)
2) Run this command (note: if you don't have "quota 3.17" installed, just pick any package you do have installed):
      rpm -q --qf "%{NAME}\n%{FILEMD5S}\n" quota-3.17-6.fc11.x86_64
3) if the hashcode that is output is longer than 32 chars, then rpm is returning SHA256 and not MD5 and thus this bug would have been triggered
4) import your platform and wait until the package information is discovered and uploaded to the server (should take no more than several minutes, though I forget how long to wait). I think you need to enable package discovery, so don't forget to do that (go to the plugin configuration and enable package discovery)
5) Go to the platform's summary tab and see that you have discovered packages. If you do, this bug is fixed.
Comment 3 Heiko W. Rupp 2013-09-02 03:27:08 EDT
Bulk closing of issues that were VERIFIED, had no target release and where the status changed more than a year ago.