Bug 203884 - sha checksum of cvs-package seems do be different from the checksum in repodata/primary.xml.gz
sha checksum of cvs-package seems do be different from the checksum in repoda...
Status: CLOSED UPSTREAM
Product: Fedora Legacy
Classification: Retired
Component: cvs (Show other bugs)
rhl7.3
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Fedora Legacy Bugs
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-24 03:41 EDT by Red Ochsenbein
Modified: 2007-04-18 13:48 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-30 08:27:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Red Ochsenbein 2006-08-24 03:41:23 EDT
Description of problem:
sha checksum of cvs-package seems do be different from the checksum in
repodata/primary.xml.gz

How reproducible:
$ sha1sum cvs-1.11.1p1-7.i386.rpm
06fc933f5fca5ee8c13d97d0ea320ab8f9ba57a0  cvs-1.11.1p1-7.i386.rpm

$ gunzip primary.xml.gz
$ grep 06fc933f5fca5ee8c13d97d0ea320ab8f9ba57a0 primary.xml

  
Actual results:
The sha checksum in primary.xml.gz is 46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad

Expected results:
The sha checksum in primary.xml.gz is 06fc933f5fca5ee8c13d97d0ea320ab8f9ba57a0

Additional info:
Comment 1 David Eisenstein 2006-08-30 01:07:01 EDT
I verified that this is indeed the case here.  I don't know why.  In all
other cases I looked at, the file sha1sum of the i386.rpm package matches
the value inside the primary.xml.gz repodata file.

Jesse - do we need to regenerate the repodata for RHL 7.3 on the Fedora
Legacy's build server?

My findings:
----<http://download.fedoralegacy.org/redhat/7.3/os/i386/repodata/primary.xml.gz>-----
...
<package type="rpm">
<name>cvs</name>
<arch>i386</arch>
<version epoch="0" ver="1.11.1p1" rel="7"/>
<checksum type="sha" pkgid="YES">46da2ca673b3af8a08eab8b1d4322e0d6a9d08ad</checksum>
  ...
--------------------------------------------------------------------------------------

$ sha1sum cvs-1.11.1p1-7.i386.rpm
06fc933f5fca5ee8c13d97d0ea320ab8f9ba57a0  cvs-1.11.1p1-7.i386.rpm
Comment 2 David Eisenstein 2006-08-30 01:15:56 EDT
By the way, doing an "rpm --checksig" on the cvs.1.11.1p1-7.i386.rpm package
indicates that the package has *not* been tampered with.  It passes verification
okay.  So that indicates a problem with whatever created the repodata, not with
the package itself.
Comment 3 Jesse Keating 2006-08-30 08:27:32 EDT
Metadata regenerated.
Comment 4 David Eisenstein 2006-08-30 23:15:59 EDT
Verified - checksum in regenerated metadata in primary.xml.gz for the 
RHL 7.3 cvs-1.11.1p1-7.i386.rpm package now matches the sha1sum of the
package.  Thanks, Jesse!  And thanks for bringing this to our attention,
Rolf!  :)

Note You need to log in before you can comment on or make changes to this bug.