Bug 164394 - yum doesnt check integrity of packages before installing them
Summary: yum doesnt check integrity of packages before installing them
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: yum   
(Show other bugs)
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
URL:
Whiteboard:
Keywords:
: 164311 164312 164313 164345 164347 164348 164392 164393 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-27 16:37 UTC by Dams
Modified: 2014-01-21 22:52 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-28 06:52:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The broken packages, as mis-downloaded. (736.00 KB, application/octet-stream)
2005-07-27 16:59 UTC, Dams
no flags Details

Description Dams 2005-07-27 16:37:56 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050712 Galeon/1.3.21

Description of problem:
Yum just doesnt know if packages in its cache are valid or not.

Version-Release number of selected component (if applicable):
yum-2.3.2-7

How reproducible:
Always

Steps to Reproduce:
1. yum -y update &
[wait for yum to download packages that are to be updated...]
2. killall -9 yum
3. yum -y -C update

  

Actual Results:  [...]
  Updating  : system-config-printer        ######################### [2/4]
error: unpacking of archive failed: cpio: read 


Expected Results:  yum should have resumed or restarted the download before trying to install system-config-printer.

Additional info:

Comment 1 Dams 2005-07-27 16:38:27 UTC
Here are some additionnal informations :

[root@gruyere packages]# rpm -Kv system-config-printer-0.6.131.3-1.x86_64.rpm
system-config-printer-0.6.131.3-1.x86_64.rpm:
    Entête signature V3 DSA: OK, key ID 4f2a6fd2
    Hachage de l'entête SHA1: OK (eb620794af8fbd5f466e21ca853ab93a268ea0ff)
    Somme MD5: BAD Expected(601c705a8eaecac829dc625c904d8a7b) !=
(e31fb818233405bcf66e383cce8230e5)
    signature V3 DSA: BAD, key ID 4f2a6fd2


Here's the apt behaviour which is rather simple, package independent and doesnt
require you to re-verify packages integrity of those which are already in the cache:
1. during the download, packages are in /var/cache/apt/archives/partial
2. Once the download is complete, check the package integrity
3. Once the package integrity has been checked put the package in the real cache
directory (in apt case : /var/cache/apt/archives).

If the download is interrupted, the cache isnt polluted by partially-downloaded
packages. Download of the same package may either be known-to-be-resumed from
the 'partial' directory or restarted from zero.

Comment 2 Dams 2005-07-27 16:59:29 UTC
Created attachment 117197 [details]
The broken packages, as mis-downloaded.

This is the system-config-printer package, as it has been downloaded by
interrupted yum.

Comment 3 Seth Vidal 2005-07-28 06:52:37 UTC
So when caching is enabled the package verify was getting run but wasn't being
honored if there was a failure. I've fixed it in cvs and it will out in yum 2.3.5.
Thanks!


Comment 4 Seth Vidal 2005-07-29 17:52:47 UTC
*** Bug 164311 has been marked as a duplicate of this bug. ***

Comment 5 Seth Vidal 2005-07-29 17:52:55 UTC
*** Bug 164312 has been marked as a duplicate of this bug. ***

Comment 6 Seth Vidal 2005-07-29 17:53:22 UTC
*** Bug 164345 has been marked as a duplicate of this bug. ***

Comment 7 Seth Vidal 2005-07-29 17:53:25 UTC
*** Bug 164313 has been marked as a duplicate of this bug. ***

Comment 8 Seth Vidal 2005-07-29 17:53:52 UTC
*** Bug 164348 has been marked as a duplicate of this bug. ***

Comment 9 Seth Vidal 2005-07-29 17:54:01 UTC
*** Bug 164347 has been marked as a duplicate of this bug. ***

Comment 10 Seth Vidal 2005-07-29 17:54:26 UTC
*** Bug 164392 has been marked as a duplicate of this bug. ***

Comment 11 Seth Vidal 2005-07-29 17:54:27 UTC
*** Bug 164393 has been marked as a duplicate of this bug. ***

Comment 12 Dams 2005-07-31 20:59:47 UTC
Sorry for the mess with the duplicates. I think the duplicated entries are from
the '500 Internal Error' pages i had.


Note You need to log in before you can comment on or make changes to this bug.