Description of problem: I cannot upgrade to release thunderbird.i686 0:24.5.0-1.fc19 using yum Version-Release number of selected component (if applicable): thunderbird.i686 0:24.5.0-1.fc19 How reproducible: yum update Steps to Reproduce: 1. 2. 3. Actual results: Downloading packages: thunderbird-24.5.0-1.fc19.i686.rpm | 15 MB 00:00:20 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : thunderbird-24.5.0-1.fc19.i686 1/2 Error unpacking rpm package thunderbird-24.5.0-1.fc19.i686 error: unpacking of archive failed on file /usr/lib/thunderbird/langpacks/langpack-si.org.xpi;53647b41: cpio: read Verifying : thunderbird-24.5.0-1.fc19.i686 1/2 thunderbird-24.4.0-1.fc19.i686 was supposed to be removed but is not! Verifying : thunderbird-24.4.0-1.fc19.i686 2/2 Failed: thunderbird.i686 0:24.4.0-1.fc19 thunderbird.i686 0:24.5.0-1.fc19 Expected results: A correctly upgraded release. Additional info:
same here: Abhängigkeiten aufgelöst ======================================================================================================================== Package Arch Version Paketquelle Größe ======================================================================================================================== Aktualisieren: thunderbird i686 24.5.0-1.fc19 updates 15 M Transaktionsübersicht ======================================================================================================================== Aktualisieren 1 Paket Gesamte Downloadgröße: 15 M Is this ok [y/d/N]: y Downloading packages: thunderbird-24.5.0-1.fc19.i686.rpm | 15 MB 00:00:25 Running transaction check Running transaction test Transaction test succeeded Running transaction Aktualisieren : thunderbird-24.5.0-1.fc19.i686 1/2 Error unpacking rpm package thunderbird-24.5.0-1.fc19.i686 error: unpacking of archive failed on file /usr/lib/thunderbird/langpacks/langpack-si.org.xpi;53650cc3: cpio: read Überprüfung läuft: thunderbird-24.5.0-1.fc19.i686 1/2 thunderbird-24.4.0-1.fc19.i686 was supposed to be removed but is not! Überprüfung läuft: thunderbird-24.4.0-1.fc19.i686 2/2 Fehlgeschlagen: thunderbird.i686 0:24.4.0-1.fc19 thunderbird.i686 0:24.5.0-1.fc19
Same here as well. Unfortunately, this bug renders thunderbird unusable $ thunderbird (process:6267): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed Error: Platform version '24.4.0' is not compatible with minVersion >= 24.5.0 maxVersion <= 24.5.0
> error: unpacking of archive failed on > file /usr/lib/thunderbird/langpacks/langpack- > si.org.xpi;53650cc3: cpio: read A corrupted package has been pushed to the mirrors: $ rpm -Kv thunderbird-24.5.0-1.fc19.i686.rpm thunderbird-24.5.0-1.fc19.i686.rpm: Header V3 RSA/SHA256 Signature, key ID fb4b18e6: NOKEY Header SHA1 digest: OK (dde21ed383e5eca5d85cad68ec3e189d3dcfd80d) V3 RSA/SHA256 Signature, key ID fb4b18e6: BAD MD5 digest: BAD Expected(db58f29a674c9ac24d39cd7247c481a4) != (8b50ee8e3ba29c5434cb9204a804da41)
Same here. Big question is why yum/rpm did not check the MD5 status before trying to install ? I ended up with a non working thunderbird ... I had to find an old thunderbird-24.4.0-1.fc19.i686.rpm in a yum cache so I could get my previous version of thunderbird working again. Are the old package updates available somewhere so we can go back in these sort of cases ?
https://fedorahosted.org/rel-eng/ticket/5898
Question #1: I think Comment 4 has got the key point: If MD5 is incorrect, why is the package installed? The installer should detect the bad MD5, and refuse to install it. Question #2: If the file is corrupt, why the public/private key security system doesn't detect it? Question #3: Is the corrupted file an attack? Has the file been modified to cause damage and/or to stole data and/or to control/spy the updated machines?
(In reply to Terry Barnaby from comment #4) > Same here. > Big question is why yum/rpm did not check the MD5 status before trying to > install ? I ended up with a non working thunderbird ... > I had to find an old thunderbird-24.4.0-1.fc19.i686.rpm in a yum cache so I > could get my previous version of thunderbird working again. Could you put thunderbird-24.4.0-1.fc19.i686.rpm somewhere and explain the steps you used to get thunderbird working again? Thanks > Are the old > package updates available somewhere so we can go back in these sort of cases > ?
I put the one I used at: http://www.beam.org.uk/files/share/thunderbird-24.4.0-1.fc19.i686.rpm I would have thought these old update packages would be available on a backup repository somewhere ? To install all I did (from the directory where thunderbird-24.4.0-1.fc19.i686.rpm is): rpm -e thunderbird yum install thunderbird-24.4.0-1.fc19.i686.rpm ("yum remove thunderbird"; probably would have been better than "rpm -e thunderbird") For subsequent updates I am using: "yum update --exclude=thunderbird"
For Comment 7 : The official list of built packages for thunderbird seems to be at: http://koji.fedoraproject.org/koji/packageinfo?packageID=39 Click on link "thunderbird-24.4.0-1.fc19" and then, at the "RPM > i686" section, click on "download", which is the following link: http://kojipkgs.fedoraproject.org//packages/thunderbird/24.4.0/1.fc19/i686/thunderbird-24.4.0-1.fc19.i686.rpm To install the downloaded file: yum remove thunderbird yum install /your_path_to_the_file/thunderbird-24.4.0-1.fc19.i686.rpm And, as Comment 8 has explained, use "--exclude=thunderbird" option when updating with yum (at least until fedora releases a new working version).
Thanks very much Terry and Fdor!
I too wonder what's the point of having MD5 checksums and transaction "verifying" if yum simply writes over the intact files and also whether this could be an attack or something.
The problem is with Fedora mirror infrastructure. If you download the package directly from koji (http://koji.fedoraproject.org/koji/buildinfo?buildID=513840) the MD5 check-sum is correct: $ rpm -Kv thunderbird-24.5.0-1.fc19.i686.rpm thunderbird-24.5.0-1.fc19.i686.rpm: Header SHA1 digest: OK (dde21ed383e5eca5d85cad68ec3e189d3dcfd80d) MD5 digest: OK (db58f29a674c9ac24d39cd7247c481a4) You can install the package directly from koji by: #rpm -Uhv http://kojipkgs.fedoraproject.org//packages/thunderbird/24.5.0/1.fc19/i686/thunderbird-24.5.0-1.fc19.i686.rpm
IT has to be resolved by Fedora rel-eng team, not by developers. Please follow rel-eng ticket at https://fedorahosted.org/rel-eng/ticket/5898
*** Bug 1094028 has been marked as a duplicate of this bug. ***
*** Bug 1094430 has been marked as a duplicate of this bug. ***
Still waiting for answers to the questions posted at Comment 6 . More specifically: - Why yum didn't detect the bad MD5? - Why the public/private key system didn't detect the corrupted file? - Was the corrupted file an attack? What were the effects of the partially installed file? I have looked at https://fedorahosted.org/rel-eng/ticket/5898 and see no answers. I have looked at https://bugzilla.redhat.com/show_bug.cgi?id=1094846 and see no answers. Has it been investigated? Is it being investigated? Is it going to be investigated?