Bug 204167 - Package contents changes breaking checksums in metadata and announcements
Package contents changes breaking checksums in metadata and announcements
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: createrepo (Show other bugs)
6
All Linux
medium Severity high
: ---
: ---
Assigned To: Peter Jones
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-26 05:58 EDT by Marcel
Modified: 2014-01-21 17:54 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-26 15:03:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marcel 2006-08-26 05:58:36 EDT
Description of problem:

Upgrade using smart fails :
Failed to download packages:
    
http://dl.atrpms.net/fc5-x86_64/redhat/updates/system-config-printer-0.6.151.8-1.x86_64.rpm: 
Invalid SHA (expected 933bcf5775f99b25181e3540928eae28da95023f, got 
9ac47e284e7829ac84a2fb03161161cc929b4820)
    
http://dl.atrpms.net/fc5-x86_64/redhat/updates/system-config-printer-gui-0.6.151.8-1.x86_64.rpm: 
Invalid SHA (expected 2bd35906c9aa153fccbd7e15aa360513a5f5e095, got 
636933259a3224a8ed2cc42cc89a22ad761f81f6)
    
http://dl.atrpms.net/fc5-x86_64/redhat/updates/coreutils-5.97-1.2.x86_64.rpm: 
Invalid SHA (expected 20e1b33482d154787a3d36044f66b20e3fe8634c, got 
b727a021d02f6b144c59f447a542c31d9c452ce3)
    http://dl.atrpms.net/fc5-x86_64/redhat/updates/ftp-0.17-33.fc5.x86_64.rpm: 
Invalid SHA (expected 1240228a10a1ed16a0f3f760482dd364c3150fd2, got 
4047184d5e51789ae6680735e79554009f3f6ae2)

Version-Release number of selected component (if applicable):


How reproducible:
smart --upgrade always fails this way.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Axel Thimm 2006-08-27 06:05:40 EDT
This has happened quite often in the last 6 months. To give some background on
one of these files (the rest is similar), there were  two files with the same
name in the same repo, but with different contents.

File 1
file date: Mon Aug 14 15:02:37 CEST 2006
md5sum     636933259a3224a8ed2cc42cc89a22ad761f81f6
sha1sum    933bcf5775f99b25181e3540928eae28da95023f

File 2
file date: Mon Aug 21 18:52:28 CEST 2006
md5sum     3f666e448d907a556762c69bb24207c4
sha1sum    9ac47e284e7829ac84a2fb03161161cc929b4820

The first file was replaced on Aug 25th by the second with exactly the same
name which breaks the metadata. The first file was officially announced in
fedora-package-announce on Mon Aug 21 19:05:05 2006. E.g. a few minutes after
creating the second file the first file was uploaded and its checksums
announced. A few days later the new packages were pasted over the old ones w/o
an evr bump.

My guess is that the wrong packages got pushed to the production repo with the
old testing signature and they were replaced with a proper one later on. This
breaks metadata as well as the posted md5sums. E.g. the announcements with
checksums on fedora-package-announce make no sense. For someone not keeping old
packages around it is impossible to distinguish whether the payload has changed
or only the signature. Thus the warnings by depsolvers (it affects yum as well
as smart/apt/etc.) are proper. Also the above analysis is very tedious.

IMO every package change, even just signing it again, needs an evr bump. In
order to avoid accidental uploads with the wrong signature there should be a
signature check in the push operation.
Comment 2 Tim Waugh 2006-08-28 05:48:48 EDT
Not a package bug.  I only ever build any n-v-r once.  Reassigning to
distribution to help solve this update process issue.  Thanks for the analysis.
Comment 3 Jesse Keating 2006-08-29 23:59:14 EDT
We try not to repaste packages.  Will try harder.
Comment 4 Axel Thimm 2006-08-30 05:54:53 EDT
Could a check in the repo creation scripts catch this? E.g. if a package
reappers with the same nevra, but a different checksum cry out loud and die?
Comment 5 Jesse Keating 2006-08-30 08:06:17 EDT
Thats a question for repo creation folks.

From ourside of things, we need to adjust the update tool so that it doesn't
allow an unsigned update to get pushed, or an update signed with the wrong key.
Comment 6 Axel Thimm 2006-08-30 09:13:36 EDT
That would fix the issue just as well. Thanks!
Comment 7 Seth Vidal 2006-08-30 09:25:29 EDT
Would it make sense for createrepo to have an option added to it so it could
check all package gpgkeys?
Comment 8 Axel Thimm 2006-08-31 08:13:39 EDT
It just happened again: coreutils-5.97-1.2 was built and announced less than a
week ago with the following md5sums (quote for the announcement):

This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

eb588cb5228facf471f9c2d2292092affb080a04  SRPMS/coreutils-5.97-1.2.src.rpm
eb588cb5228facf471f9c2d2292092affb080a04  noarch/coreutils-5.97-1.2.src.rpm
6caa8bd5bb152a3ceee8ff3a03300fa567391f31 
ppc/debug/coreutils-debuginfo-5.97-1.2.ppc.rpm
f912480a3bfa0d9c8acce772be43518ae7f358a8  ppc/coreutils-5.97-1.2.ppc.rpm
83e94adf2c479c5cee1921f3abdc87f70e375e52 
x86_64/debug/coreutils-debuginfo-5.97-1.2.x86_64.rpm
b727a021d02f6b144c59f447a542c31d9c452ce3  x86_64/coreutils-5.97-1.2.x86_64.rpm
a40ebb0c3785fb0f9fff9467c351768438bf67e5  i386/coreutils-5.97-1.2.i386.rpm
5d7372155b00a76ae05e6812553b22e52a1ff720 
i386/debug/coreutils-debuginfo-5.97-1.2.i386.rpm

Now they have become (I don't have the debuginfos at hand, but you get the idea):

fa974d06459e24bc2bbe41c6a4840488 
download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/coreutils-5.97-1.2.src.rpm
a5731ef64547109a0af44845f42c97bc 
download.fedora.redhat.com/pub/fedora/linux/core/updates/5/i386/coreutils-5.97-1.2.i386.rpm
fb0e8757cd96e9a0ed8ab5f28c687618 
download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ppc/coreutils-5.97-1.2.ppc.rpm
cc03e4342e8b577c869aa5911b22eae2 
download.fedora.redhat.com/pub/fedora/linux/core/updates/5/x86_64/coreutils-5.97-1.2.x86_64.rpm

The modification time of the new packages is half an hour before the
announcement was made. So something looks rather rotten somewhere. The packages
seem to have been replaced yesterday according to my rsync logs.
Comment 9 Axel Thimm 2006-08-31 08:16:45 EDT
BTW having a safeguard in createrepo would be great as a last resort to alert
the updates maintainer that something wrong is happening. But the real root of
evil needs to be found and squashed, so I'm moving this back to distribution.
Comment 10 Axel Thimm 2007-03-24 15:31:12 EDT
This happened again with kernel-2.6.20-1.2933.fc6 movinf from testing to updates
proper. The packages were probably signed again, but that breaks createrepo's
caching mechanism. The announcement mails did contain the final checksums, so
that was OK.

-rw-r--r-- 2 ftp ftp 16100552 Mar 19 22:38
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-2.6.20-1.2933.fc6.i586.rpm
-rw-r--r-- 2 ftp ftp 16100552 Mar 23 16:59
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-2.6.20-1.2933.fc6.i586.rpm
-rw-r--r-- 2 ftp ftp 16681670 Mar 19 22:38
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 16681670 Mar 23 16:59
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 20874578 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp 20874578 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp 18166079 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp 18166079 Mar 23 17:02
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 4 ftp ftp 47385971 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/SRPMS/kernel-2.6.20-1.2933.fc6.src.rpm
-rw-r--r-- 4 ftp ftp 47385971 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/SRPMS/kernel-2.6.20-1.2933.fc6.src.rpm
-rw-r--r-- 2 ftp ftp 17275933 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 17275933 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 16932218 Mar 19 22:38
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-debug-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 16932218 Mar 23 16:59
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-debug-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 17531247 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-debug-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 17531247 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-debug-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp  5020424 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-debug-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5020424 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-debug-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5194649 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-debug-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp  5194649 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-debug-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 4 ftp ftp  4977430 Mar 19 22:38
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-devel-2.6.20-1.2933.fc6.i586.rpm
-rw-r--r-- 4 ftp ftp  4977430 Mar 19 22:38
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i586.rpm
-rw-r--r-- 4 ftp ftp  4977430 Mar 23 16:59
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-devel-2.6.20-1.2933.fc6.i586.rpm
-rw-r--r-- 4 ftp ftp  4977430 Mar 23 16:59
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i586.rpm
-rw-r--r-- 4 ftp ftp  5012623 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5012623 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5012623 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5012623 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5024448 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp  5024448 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp  5154218 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp  5154218 Mar 23 17:02
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-devel-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp  5186146 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp  5186146 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 6 ftp ftp  2873270 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm
-rw-r--r-- 6 ftp ftp  2873270 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm
-rw-r--r-- 6 ftp ftp  2873270 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm
-rw-r--r-- 6 ftp ftp  2873270 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm
-rw-r--r-- 6 ftp ftp  2873270 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm
-rw-r--r-- 6 ftp ftp  2873270 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-doc-2.6.20-1.2933.fc6.noarch.rpm
-rw-r--r-- 2 ftp ftp   672494 Mar 19 22:38
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-headers-2.6.20-1.2933.fc6.i386.rpm
-rw-r--r-- 2 ftp ftp   672494 Mar 23 16:59
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-headers-2.6.20-1.2933.fc6.i386.rpm
-rw-r--r-- 2 ftp ftp   677690 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp   677690 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp   678822 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp   678822 Mar 23 17:02
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-headers-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp   707617 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-headers-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp   707617 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-headers-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 16849614 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-kdump-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 16849614 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-kdump-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 20874527 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-kdump-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp 20874527 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-kdump-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp 16928545 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-kdump-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 16928545 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-kdump-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 4 ftp ftp  5016394 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5016394 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5016394 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5016394 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5043337 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-kdump-devel-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp  5043337 Mar 23 17:02
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-kdump-devel-2.6.20-1.2933.fc6.ppc64.rpm
-rw-r--r-- 2 ftp ftp  5195144 Mar 19 22:42
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp  5195144 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-kdump-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 16692796 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 16692796 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 16946301 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-debug-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 16946301 Mar 23 17:00
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-debug-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5035611 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-debug-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5035611 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-debug-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5018736 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-PAE-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5018736 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-PAE-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 18216888 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-smp-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp 18216888 Mar 23 17:02
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-smp-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp  5164112 Mar 19 22:41
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/ppc/kernel-smp-devel-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp  5164112 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ppc/kernel-smp-devel-2.6.20-1.2933.fc6.ppc.rpm
-rw-r--r-- 2 ftp ftp 17324794 Mar 19 22:39
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-xen-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 17324794 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-xen-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp 17768870 Mar 19 22:42
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-xen-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp 17768870 Mar 23 17:03
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-xen-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 4 ftp ftp  5007566 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/i386/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5007566 Mar 19 22:40
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5007566 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/i386/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 4 ftp ftp  5007566 Mar 23 17:01
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.i686.rpm
-rw-r--r-- 2 ftp ftp  5186988 Mar 19 22:42
download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.x86_64.rpm
-rw-r--r-- 2 ftp ftp  5186988 Mar 23 17:04
download.fedora.redhat.com/pub/fedora/linux/core/updates/6/x86_64/kernel-xen-devel-2.6.20-1.2933.fc6.x86_64.rpm
Comment 11 Axel Thimm 2007-03-24 15:36:42 EDT
Hm, on second thought this is probably inevitable, since we want the packages to
be signed with another key while moving from testing to updates.

Either createrepo -c needs to cope with packages with identical names/sizes but
different timestamps, or we need to rethink signing policies. I'll check on a
patch for createrepo.
Comment 12 Axel Thimm 2007-03-24 16:30:05 EDT
The following patch to createrepo helps keeping the cache in check by adding
size and mtime timestamp to the name of the checksum file. Instead of the rpm
name of the package the whole package name is used to make future debugging easier.

So signing packages again will trigger new checksum calculations. Also any other
action like accidentially rebuilding the same package will be caught, since the
timestamp will change.

Please apply to createrepo, thanks!

--- /usr/share/createrepo/dumpMetadata.py.org   2006-03-04 07:30:50.000000000 +0100
+++ /usr/share/createrepo/dumpMetadata.py       2007-03-24 20:47:50.000000000 +0100
@@ -566,7 +566,7 @@
         if not self.options['cache']:
             return getChecksum(self.options['sumtype'], fo)
         
-        csumtag = '%s-%s' % (self.hdr['name'] , self.hdr[rpm.RPMTAG_SHA1HEADER])
+        csumtag = '%s-%s-%s-%s' % (os.path.basename(self.relativepath),
self.hdr[rpm.RPMTAG_SHA1HEADER], self.size, self.mtime)
         csumfile = '%s/%s' % (self.options['cachedir'], csumtag)
         if os.path.exists(csumfile) and self.mtime <= os.stat(csumfile)[8]:
             csumo = open(csumfile, 'r')
Comment 13 Red Hat Bugzilla 2007-08-21 01:25:05 EDT
User pnasrat@redhat.com's account has been closed
Comment 14 Seth Vidal 2007-11-26 13:24:08 EST
ping jkeating - does axel's patch in comment #12 sound reasonable to you? It
looks fine to me but I want to make sure it's not going to break things in a
horrible way that I can't think of.
Comment 15 Jesse Keating 2007-11-26 13:52:31 EST
Seems OK to me.  Momentary invalidation of the cache is better than continued
failures.
Comment 16 Seth Vidal 2007-11-26 15:03:45 EST
okay committed - closing this.

Note You need to log in before you can comment on or make changes to this bug.