Description of problem: Upgrade using smart fails : Failed to download packages: http://dl.atrpms.net/fc5-x86_64/redhat/updates/system-config-printer-0.6.151.8-1.x86_64.rpm: Invalid SHA (expected 933bcf5775f99b25181e3540928eae28da95023f, got 9ac47e284e7829ac84a2fb03161161cc929b4820) http://dl.atrpms.net/fc5-x86_64/redhat/updates/system-config-printer-gui-0.6.151.8-1.x86_64.rpm: Invalid SHA (expected 2bd35906c9aa153fccbd7e15aa360513a5f5e095, got 636933259a3224a8ed2cc42cc89a22ad761f81f6) http://dl.atrpms.net/fc5-x86_64/redhat/updates/coreutils-5.97-1.2.x86_64.rpm: Invalid SHA (expected 20e1b33482d154787a3d36044f66b20e3fe8634c, got b727a021d02f6b144c59f447a542c31d9c452ce3) http://dl.atrpms.net/fc5-x86_64/redhat/updates/ftp-0.17-33.fc5.x86_64.rpm: Invalid SHA (expected 1240228a10a1ed16a0f3f760482dd364c3150fd2, got 4047184d5e51789ae6680735e79554009f3f6ae2) Version-Release number of selected component (if applicable): How reproducible: smart --upgrade always fails this way. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This has happened quite often in the last 6 months. To give some background on one of these files (the rest is similar), there were two files with the same name in the same repo, but with different contents. File 1 file date: Mon Aug 14 15:02:37 CEST 2006 md5sum 636933259a3224a8ed2cc42cc89a22ad761f81f6 sha1sum 933bcf5775f99b25181e3540928eae28da95023f File 2 file date: Mon Aug 21 18:52:28 CEST 2006 md5sum 3f666e448d907a556762c69bb24207c4 sha1sum 9ac47e284e7829ac84a2fb03161161cc929b4820 The first file was replaced on Aug 25th by the second with exactly the same name which breaks the metadata. The first file was officially announced in fedora-package-announce on Mon Aug 21 19:05:05 2006. E.g. a few minutes after creating the second file the first file was uploaded and its checksums announced. A few days later the new packages were pasted over the old ones w/o an evr bump. My guess is that the wrong packages got pushed to the production repo with the old testing signature and they were replaced with a proper one later on. This breaks metadata as well as the posted md5sums. E.g. the announcements with checksums on fedora-package-announce make no sense. For someone not keeping old packages around it is impossible to distinguish whether the payload has changed or only the signature. Thus the warnings by depsolvers (it affects yum as well as smart/apt/etc.) are proper. Also the above analysis is very tedious. IMO every package change, even just signing it again, needs an evr bump. In order to avoid accidental uploads with the wrong signature there should be a signature check in the push operation.
Not a package bug. I only ever build any n-v-r once. Reassigning to distribution to help solve this update process issue. Thanks for the analysis.
We try not to repaste packages. Will try harder.
Could a check in the repo creation scripts catch this? E.g. if a package reappers with the same nevra, but a different checksum cry out loud and die?
Thats a question for repo creation folks. From ourside of things, we need to adjust the update tool so that it doesn't allow an unsigned update to get pushed, or an update signed with the wrong key.
That would fix the issue just as well. Thanks!
Would it make sense for createrepo to have an option added to it so it could check all package gpgkeys?
It just happened again: coreutils-5.97-1.2 was built and announced less than a week ago with the following md5sums (quote for the announcement): This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ eb588cb5228facf471f9c2d2292092affb080a04 SRPMS/coreutils-5.97-1.2.src.rpm eb588cb5228facf471f9c2d2292092affb080a04 noarch/coreutils-5.97-1.2.src.rpm 6caa8bd5bb152a3ceee8ff3a03300fa567391f31 ppc/debug/coreutils-debuginfo-5.97-1.2.ppc.rpm f912480a3bfa0d9c8acce772be43518ae7f358a8 ppc/coreutils-5.97-1.2.ppc.rpm 83e94adf2c479c5cee1921f3abdc87f70e375e52 x86_64/debug/coreutils-debuginfo-5.97-1.2.x86_64.rpm b727a021d02f6b144c59f447a542c31d9c452ce3 x86_64/coreutils-5.97-1.2.x86_64.rpm a40ebb0c3785fb0f9fff9467c351768438bf67e5 i386/coreutils-5.97-1.2.i386.rpm 5d7372155b00a76ae05e6812553b22e52a1ff720 i386/debug/coreutils-debuginfo-5.97-1.2.i386.rpm Now they have become (I don't have the debuginfos at hand, but you get the idea): fa974d06459e24bc2bbe41c6a4840488 download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/coreutils-5.97-1.2.src.rpm a5731ef64547109a0af44845f42c97bc download.fedora.redhat.com/pub/fedora/linux/core/updates/5/i386/coreutils-5.97-1.2.i386.rpm fb0e8757cd96e9a0ed8ab5f28c687618 download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ppc/coreutils-5.97-1.2.ppc.rpm cc03e4342e8b577c869aa5911b22eae2 download.fedora.redhat.com/pub/fedora/linux/core/updates/5/x86_64/coreutils-5.97-1.2.x86_64.rpm The modification time of the new packages is half an hour before the announcement was made. So something looks rather rotten somewhere. The packages seem to have been replaced yesterday according to my rsync logs.
BTW having a safeguard in createrepo would be great as a last resort to alert the updates maintainer that something wrong is happening. But the real root of evil needs to be found and squashed, so I'm moving this back to distribution.
This happened again with kernel-2.6.20-1.2933.fc6 movinf from testing to updates proper. The packages were probably signed again, but that breaks createrepo's caching mechanism. The announcement mails did contain the final checksums, so that was OK. -rw-r--r-- 2 ftp ftp 16100552 Mar 19 22:38 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-2.6.20-1.2933.fc6.i586.rpm -rw-r--r-- 2 ftp ftp 16100552 Mar 23 16:59 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-2.6.20-1.2933.fc6.i586.rpm -rw-r--r-- 2 ftp ftp 16681670 Mar 19 22:38 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 16681670 Mar 23 16:59 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 20874578 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 20874578 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 18166079 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 18166079 Mar 23 17:02 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 4 ftp ftp 47385971 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/SRPMS/kernel-2.6.20-1.2933.fc6.src.rpm -rw-r--r-- 4 ftp ftp 47385971 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/SRPMS/kernel-2.6.20-1.2933.fc6.src.rpm -rw-r--r-- 2 ftp ftp 17275933 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 17275933 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 16932218 Mar 19 22:38 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-debug-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 16932218 Mar 23 16:59 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-debug-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 17531247 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-debug-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 17531247 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-debug-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 5020424 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-debug-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5020424 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-debug-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5194649 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-debug-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 5194649 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-debug-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 4 ftp ftp 4977430 Mar 19 22:38 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-devel-2.6.20-1.2933.fc6.i586.rpm -rw-r--r-- 4 ftp ftp 4977430 Mar 19 22:38 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i586.rpm -rw-r--r-- 4 ftp ftp 4977430 Mar 23 16:59 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-devel-2.6.20-1.2933.fc6.i586.rpm -rw-r--r-- 4 ftp ftp 4977430 Mar 23 16:59 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i586.rpm -rw-r--r-- 4 ftp ftp 5012623 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5012623 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5012623 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5012623 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5024448 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 5024448 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 5154218 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 5154218 Mar 23 17:02 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 5186146 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 5186146 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 6 ftp ftp 2873270 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm -rw-r--r-- 6 ftp ftp 2873270 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm -rw-r--r-- 6 ftp ftp 2873270 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm -rw-r--r-- 6 ftp ftp 2873270 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm -rw-r--r-- 6 ftp ftp 2873270 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm -rw-r--r-- 6 ftp ftp 2873270 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm -rw-r--r-- 2 ftp ftp 672494 Mar 19 22:38 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-headers-2.6.20-1.2933.fc6.i386.rpm -rw-r--r-- 2 ftp ftp 672494 Mar 23 16:59 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-headers-2.6.20-1.2933.fc6.i386.rpm -rw-r--r-- 2 ftp ftp 677690 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 677690 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 678822 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 678822 Mar 23 17:02 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 707617 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-headers-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 707617 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-headers-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 16849614 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-kdump-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 16849614 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-kdump-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 20874527 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-kdump-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 20874527 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-kdump-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 16928545 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-kdump-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 16928545 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-kdump-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 4 ftp ftp 5016394 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5016394 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5016394 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5016394 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5043337 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-kdump-devel-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 5043337 Mar 23 17:02 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-kdump-devel-2.6.20-1.2933.fc6.ppc64.rpm -rw-r--r-- 2 ftp ftp 5195144 Mar 19 22:42 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 5195144 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 16692796 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 16692796 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 16946301 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-debug-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 16946301 Mar 23 17:00 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-debug-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5035611 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-debug-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5035611 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-debug-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5018736 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5018736 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 18216888 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-smp-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 18216888 Mar 23 17:02 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-smp-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 5164112 Mar 19 22:41 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-smp-devel-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 5164112 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-smp-devel-2.6.20-1.2933.fc6.ppc.rpm -rw-r--r-- 2 ftp ftp 17324794 Mar 19 22:39 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-xen-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 17324794 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-xen-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 17768870 Mar 19 22:42 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-xen-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 17768870 Mar 23 17:03 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-xen-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 4 ftp ftp 5007566 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5007566 Mar 19 22:40 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5007566 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 4 ftp ftp 5007566 Mar 23 17:01 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm -rw-r--r-- 2 ftp ftp 5186988 Mar 19 22:42 download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.x86_64.rpm -rw-r--r-- 2 ftp ftp 5186988 Mar 23 17:04 download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.x86_64.rpm
Hm, on second thought this is probably inevitable, since we want the packages to be signed with another key while moving from testing to updates. Either createrepo -c needs to cope with packages with identical names/sizes but different timestamps, or we need to rethink signing policies. I'll check on a patch for createrepo.
The following patch to createrepo helps keeping the cache in check by adding size and mtime timestamp to the name of the checksum file. Instead of the rpm name of the package the whole package name is used to make future debugging easier. So signing packages again will trigger new checksum calculations. Also any other action like accidentially rebuilding the same package will be caught, since the timestamp will change. Please apply to createrepo, thanks! --- /usr/share/createrepo/dumpMetadata.py.org 2006-03-04 07:30:50.000000000 +0100 +++ /usr/share/createrepo/dumpMetadata.py 2007-03-24 20:47:50.000000000 +0100 @@ -566,7 +566,7 @@ if not self.options['cache']: return getChecksum(self.options['sumtype'], fo) - csumtag = '%s-%s' % (self.hdr['name'] , self.hdr[rpm.RPMTAG_SHA1HEADER]) + csumtag = '%s-%s-%s-%s' % (os.path.basename(self.relativepath), self.hdr[rpm.RPMTAG_SHA1HEADER], self.size, self.mtime) csumfile = '%s/%s' % (self.options['cachedir'], csumtag) if os.path.exists(csumfile) and self.mtime <= os.stat(csumfile)[8]: csumo = open(csumfile, 'r')
User pnasrat's account has been closed
ping jkeating - does axel's patch in comment #12 sound reasonable to you? It looks fine to me but I want to make sure it's not going to break things in a horrible way that I can't think of.
Seems OK to me. Momentary invalidation of the cache is better than continued failures.
okay committed - closing this.