Bug 62802

Summary: up2date-2.7.61-7.x.2 - up2date.py using wrong flag for rpm.checksig
Product: [Retired] Red Hat Public Beta Reporter: James Manning <jmm>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: low Docs Contact:
Priority: low    
Version: skipjack-beta2CC: katzj
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-04-11 19:00:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Manning 2002-04-05 18:50:22 UTC 
this may be less of a bug and more a question of expected behavior. 
  
up2date_client/up2date.py's checkRpmMd5 takes one of 2 routes - if it can,  
rpm.checksig(fileName, rpm.RPMTAG_SIGMD5) otherwise /bin/rpm -Kv --nopgp 
--nogpg 
 
if you apply this patch: 
 
http://bugzilla.redhat.com/bugzilla/showattachment.cgi?attach_id=52424 
 
to up2date you see that they don't return the same thing - specifically, rpm 
-Kv does return "MD5 sum OK" (and hence returns 0 for checkRpmMd5) but 
rpm.checksig(fileName, rpm.RPMTAG_SIGMD5) is returning 1 which is breaking 
behavior. 
 
Checking rpm-4.0.4/python/rpmmodule.c, we just call through to rpmCheckSig 
with the appropriate flags set.  Then checking rpm-4.0.4/lib/rpmchecksig.c it 
*looks* like (hard to tell for sure) that it should return 0 if the md5 on the 
file is fine (and the md5 flag was passed) 
 
So the question is: is rpm.checksig returning 1 expected behavior for an rpm 
with a good md5sum?  And if not, any idea what's going on (flag translation is 
all that makes sense as a guess given the rpm -Kv works) 
 
Getting headers for available packages...  
rpm.checksig returns 1 on file /var/spool/up2date/zip-2.3-12.i386.rpm  
rpm -Kv returns 0 on file /var/spool/up2date/zip-2.3-12.i386.rpm
Comment 1 Jeremy Katz 2002-04-11 07:20:07 UTC 
You should do

rpm.checksig(filename, rpm.CHECKSIG_MD5)  
  or
rpm.checksig(filename, rpm.CHECKSIG_GPG)

as opposed to SIGTAG_MD5 and SIGTAG_GPG
Comment 2 James Manning 2002-04-11 07:30:15 UTC 
1) the flag was rpm.RPMTAG_SIGMD5 - what is SIGTAG_MD5? is that the equiv once 
it gets into C space?

2) sounds like you're saying that up2date.py's not using the right flag, so I'm 
reopening this as an up2date bug
Comment 3 James Manning 2002-04-11 07:31:42 UTC 
ugh - i had hoped the bug owner would shift along with component, but here's 
step 2 to get this over to adrian
Comment 4 James Manning 2002-04-11 07:42:37 UTC 
jeremy told me you've already got this fixed in cvs, adrian, so either 
close/dup this on whatever or use it to lemme know when the fix makes it 
out ;)  Kinda funny since this is all orthogonal once you switched to file size 
instead of md5 checks in bug 53583
Comment 5 Adrian Likins 2002-04-11 19:00:17 UTC 
yeah, fixed in cvs, around 2.7.77 or so

It's not completely orthogonal since I use the md5 sum
when reading stuff off local disk cache to see if the files
are complete, and if not I download them again.

Thats what was causing the "skipjack always downloads
the packages" bug.