This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 477029 - Support sha256sums for file checksumming
Support sha256sums for file checksumming
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: createrepo (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Luke Macken
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: fedora-sha2 477030 480791
  Show dependency treegraph
 
Reported: 2008-12-18 13:58 EST by James Bowes
Modified: 2016-09-19 22:39 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-26 11:36:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James Bowes 2008-12-18 13:58:41 EST
We should support sha256 for checksums on both repodata files, and on the rpms themselves.
Comment 1 James Antill 2008-12-18 15:00:43 EST
createrepo doesn't store the file checksums, so nothing needs to change here.
Comment 2 Miloslav Trmač 2009-01-20 10:57:10 EST
repomd.xml can refer to other files using SHA-256 using the (deprecated) -s flag, but the package checksums (<package><checksum type="sha" pkgid="YES">..., <package pkgid="...">) are hard-coded to use SHA-1.

Because these checksums are used to verify authenticity of downloaded packages, they should be using SHA-256 as well.

The SHA-1 package checksums are hard-coded in yum.packages and createrepo.yumBased.

In addition, modifyrepo is hard-coded to use SHA-1 for added repodata files.
Comment 3 seth vidal 2009-01-26 11:36:42 EST
This is now fixed in upstream createrepo:
http://createrepo.baseurl.org/gitweb?p=createrepo.git;a=commitdiff;h=3b43f1280d94776689816cf96c6cc8135726b240

Note You need to log in before you can comment on or make changes to this bug.