Bug 477029 - Support sha256sums for file checksumming
Support sha256sums for file checksumming
Product: Fedora
Classification: Fedora
Component: createrepo (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Luke Macken
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: fedora-sha2 477030 480791
  Show dependency treegraph
Reported: 2008-12-18 13:58 EST by James Bowes
Modified: 2016-09-19 22:39 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-26 11:36:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James Bowes 2008-12-18 13:58:41 EST
We should support sha256 for checksums on both repodata files, and on the rpms themselves.
Comment 1 James Antill 2008-12-18 15:00:43 EST
createrepo doesn't store the file checksums, so nothing needs to change here.
Comment 2 Miloslav Trmač 2009-01-20 10:57:10 EST
repomd.xml can refer to other files using SHA-256 using the (deprecated) -s flag, but the package checksums (<package><checksum type="sha" pkgid="YES">..., <package pkgid="...">) are hard-coded to use SHA-1.

Because these checksums are used to verify authenticity of downloaded packages, they should be using SHA-256 as well.

The SHA-1 package checksums are hard-coded in yum.packages and createrepo.yumBased.

In addition, modifyrepo is hard-coded to use SHA-1 for added repodata files.
Comment 3 seth vidal 2009-01-26 11:36:42 EST
This is now fixed in upstream createrepo:

Note You need to log in before you can comment on or make changes to this bug.