Bug 164394 - yum doesnt check integrity of packages before installing them
yum doesnt check integrity of packages before installing them
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
:
: 164311 164312 164313 164345 164347 164348 164392 164393 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-27 12:37 EDT by Dams
Modified: 2014-01-21 17:52 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-28 02:52:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The broken packages, as mis-downloaded. (736.00 KB, application/octet-stream)
2005-07-27 12:59 EDT, Dams
no flags Details

  None (edit)
Description Dams 2005-07-27 12:37:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050712 Galeon/1.3.21

Description of problem:
Yum just doesnt know if packages in its cache are valid or not.

Version-Release number of selected component (if applicable):
yum-2.3.2-7

How reproducible:
Always

Steps to Reproduce:
1. yum -y update &
[wait for yum to download packages that are to be updated...]
2. killall -9 yum
3. yum -y -C update

  

Actual Results:  [...]
  Updating  : system-config-printer        ######################### [2/4]
error: unpacking of archive failed: cpio: read 


Expected Results:  yum should have resumed or restarted the download before trying to install system-config-printer.

Additional info:
Comment 1 Dams 2005-07-27 12:38:27 EDT
Here are some additionnal informations :

[root@gruyere packages]# rpm -Kv system-config-printer-0.6.131.3-1.x86_64.rpm
system-config-printer-0.6.131.3-1.x86_64.rpm:
    Entête signature V3 DSA: OK, key ID 4f2a6fd2
    Hachage de l'entête SHA1: OK (eb620794af8fbd5f466e21ca853ab93a268ea0ff)
    Somme MD5: BAD Expected(601c705a8eaecac829dc625c904d8a7b) !=
(e31fb818233405bcf66e383cce8230e5)
    signature V3 DSA: BAD, key ID 4f2a6fd2


Here's the apt behaviour which is rather simple, package independent and doesnt
require you to re-verify packages integrity of those which are already in the cache:
1. during the download, packages are in /var/cache/apt/archives/partial
2. Once the download is complete, check the package integrity
3. Once the package integrity has been checked put the package in the real cache
directory (in apt case : /var/cache/apt/archives).

If the download is interrupted, the cache isnt polluted by partially-downloaded
packages. Download of the same package may either be known-to-be-resumed from
the 'partial' directory or restarted from zero.
Comment 2 Dams 2005-07-27 12:59:29 EDT
Created attachment 117197 [details]
The broken packages, as mis-downloaded.

This is the system-config-printer package, as it has been downloaded by
interrupted yum.
Comment 3 Seth Vidal 2005-07-28 02:52:37 EDT
So when caching is enabled the package verify was getting run but wasn't being
honored if there was a failure. I've fixed it in cvs and it will out in yum 2.3.5.
Thanks!
Comment 4 Seth Vidal 2005-07-29 13:52:47 EDT
*** Bug 164311 has been marked as a duplicate of this bug. ***
Comment 5 Seth Vidal 2005-07-29 13:52:55 EDT
*** Bug 164312 has been marked as a duplicate of this bug. ***
Comment 6 Seth Vidal 2005-07-29 13:53:22 EDT
*** Bug 164345 has been marked as a duplicate of this bug. ***
Comment 7 Seth Vidal 2005-07-29 13:53:25 EDT
*** Bug 164313 has been marked as a duplicate of this bug. ***
Comment 8 Seth Vidal 2005-07-29 13:53:52 EDT
*** Bug 164348 has been marked as a duplicate of this bug. ***
Comment 9 Seth Vidal 2005-07-29 13:54:01 EDT
*** Bug 164347 has been marked as a duplicate of this bug. ***
Comment 10 Seth Vidal 2005-07-29 13:54:26 EDT
*** Bug 164392 has been marked as a duplicate of this bug. ***
Comment 11 Seth Vidal 2005-07-29 13:54:27 EDT
*** Bug 164393 has been marked as a duplicate of this bug. ***
Comment 12 Dams 2005-07-31 16:59:47 EDT
Sorry for the mess with the duplicates. I think the duplicated entries are from
the '500 Internal Error' pages i had.

Note You need to log in before you can comment on or make changes to this bug.