Bug 108427 - doesn't detect missing rpm over yum ftp:// or file:// urls
Summary: doesn't detect missing rpm over yum ftp:// or file:// urls
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: up2date
Version: rawhide
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Bret McMillan
QA Contact: Fanny Augustin
URL:
Whiteboard:
Depends On:
Blocks: 120092
TreeView+ depends on / blocked
 
Reported: 2003-10-29 13:32 UTC by Damjan Lango
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-10-29 13:52:21 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Damjan Lango 2003-10-29 13:32:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031023

Description of problem:
If a rpm is missing in a yum repository with an ftp:// or file:// URL, up2date
fails to handle this situation. If the http:// URL is used then up2date
correctly reports that the file cannot be downloaded and aborts with:
Error while retrieving package kernel-source-2.4.22-1.2110.nptl.
The message was: An HTTP error occurred:
URL:http://linux.hermes.si/pub/redhat/rawhide//i386/Fedora/RPMS/kernel-source-2.4.22-1.2110.nptl.i386.rpm
Status Code: 404 Error Message: Not Found

but if the url is file://, then a rpm package is created with it's own url text
inside the rpm file, if ftp:// is used then an empty rpm file is created and in
both cases up2date tries to install the corrupt .rpm package.

this situation can happen for example, if the mirror of repository was not
complete so that the headers are new, but rpms are not.


Version-Release number of selected component (if applicable):
up2date-4.1.12-1

How reproducible:
Always

Steps to Reproduce:
1. use file:// or ftp:// url as a yum repository in sources
2. remove a .rpm file in the repository, but leave the header
3. try to update
    

Actual Results:  corrupted rpms are created and tried to install

Expected Results:  abort with an error message

Additional info:

Comment 1 John Thacker 2006-10-29 13:52:21 UTC
Note that FC2 is no longer supported even by Fedora Legacy.  Also, up2date has
been replaced by pirut and pup since FC5.  FC3 and FC4 are supported by Fedora
Legacy for security issues only.  If this still occurs on FC3 or FC4 and is a
security issue, please reopen and assign to that version and Fedora Legacy.  If
it occurs on RHEL 3 or 4, please reassign or refile against that product.

The codebase for pirut and pup is quite different, so existing bugs do not
apply, but please continue testing them on the still supported versions of
Fedora Core and file bugs as necessary.


Note You need to log in before you can comment on or make changes to this bug.