Description of problem: A file located at the url https://mirror.stream.centos.org/9-stream/CRB/x86_64/os/Packages/postgresql-docs-13.7-1.el9.x86_64.rpm failed validation due to checksum. Expected '59930a07af95a826b1d4b182b7895205e71bef2cbd1b5b7e3f992dcd19908dea', Actual '8992bc89ef759f805d8a13889728adba091a9867cda6035109aa4b0cad7cb97d' Version-Release number of selected component (if applicable): 13.7-1.el9 How reproducible: Perform a repo sync with Foreman, or download the rpm binary and verify the checksum against the repository metadata. Steps to Reproduce: 1. 2. 3. Actual results: Checksum differs. Expected results: Checksums should match. Additional info:
As it was discussed on Discourse, it should be fixed in Cloudfront CDN. curl --silent https://mirror.stream.centos.org/9-stream/CRB/x86_64/os/Packages/postgresql-docs-13.7-1.el9.x86_64.rpm |sha256sum 59930a07af95a826b1d4b182b7895205e71bef2cbd1b5b7e3f992dcd19908dea - Explanation: one of the origin servers behind cloudfront had a corrupted pkg, then served by cloudfront depending on the location. Taken action: - identified which origin node had the problematic pkg and ensuring it got the correct one (it seems rsync doesn't complain which itself is a problem) - invalidated that pkg/path in cloudfront - test that it was serving correct pkg For people in charge of routing from Bugzilla to Jira CS (CentOS Stream) project: you can refer this one and it's already solved but can be used to add more checks to ensure it doesn't happen again