Description of problem: I'm getting "md5" errors when trying to build a livecd. Version-Release number of selected component (if applicable): rpm-4.4.2.2-8.fc9 How reproducible: Use livecd-creator on a repo that I have which has some rpms taken out of rawhide at some point in it to make a cd. Actual results: Retrieving file:///var/www/html/repo/core/repodata/primary.xml.gz ...OK warning: setup-2.6.4-1.fc7: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 Installing: setup ##################### [ 1/112] error: unpacking of archive failed on file /etc/aliases;473acafc: cpio: MD5 sum mismatch Installing: filesystem ##################### [ 2/112] Installing: basesystem ##################### [ 3/112] Installing: tzdata ##################### [ 4/112] error: unpacking of archive failed on file /usr/share/doc/tzdata-2007e/README;473acafc: cpio: MD5 sum mismatch Installing: libgcc ##################### [ 5/112] error: unpacking of archive failed on file /lib/libgcc_s-4.1.2-20070503.so.1;473acafc: cpio: MD5 sum mismatch Expected results: It should work :) Additional info: Downgrading rpm to fc8 (plus rpm-libs and the rpm-python dependency) makes the problem go away. The rest of my box is pretty much rawhide btw.
Likely an initial "side-effect" from the beecrypt -> nss switch...
This is caused by too late init of NSS when the calling process is already in chroot. I call it in the rpmDigestInit in the current patch version. Panu, do you have some ideas, where we should put it in?
Hmm, according to http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1234224 NSS_NoDB_Init() should only be called once whereas rpmDigestInit() gets called any number of times from rpmlib. To ensure it gets called always, early on and just once, the place to put it (directly or via some rpmInitCrypto() or such call) would be rpmReadConfigFiles() in lib/rpmrc.c, and even there it's better to protect it with a static nss_initialized flag to ensure it never gets called twice within a process lifetime. BTW the NSS_NoDB_Init() documentation also says PR_Init() must be called first, but PR_Init() documentation says it's only necessary in some specific cases .. dunno what to make of that.
I think the docs aren't too current because in the source code of NSS_NoDB_Init() there is clear that it is guarded by a flag so it should be safe to call it many times. Also the PR_Init is really not necessary in our case.
*** Bug 382251 has been marked as a duplicate of this bug. ***
Ok, initializing nss from rpmReadConfigFiles() indeed fixes this, patch to follow shortly...
Should be fixed in rpm-4.4.2.2-10.fc9. Thanks for debugging Tomas!