+++ This bug was initially created as a clone of Bug #477029 +++ We should support sha256 for checksums on both repodata files, and on the rpms themselves. Along with createrepo support, we'll also need yum to be able to understand them.
sha256 _package_ checksums require a repodata .sqlite format change, the .xml already contains the type ... but that info. isn't carried over to the .sqlite files. Internally as soon as we have that type info. it's "easy" to do a sha256 instead of a sha1. Of course noone has checked what will happen with older yum's (and other clients) when/if we start generating multiple checksum XML elements with different types. _file_ checksums arre gotten directly from the rpmdb or .rpm files, so the major change needs to happen there.
"""sha256 _package_ checksums require a repodata .sqlite format change""" We think we have a workaround for this, it'll probably confuse older yum (and non-yum) clients ... but, it's better than a format change.
Can you explain why format change should be necessary, please? AFAICS createrepo-0.9.6 already contains the "checksum_type" column in the "packages" table.
the format does not need to be changed. I just checked in the necessary changes to createrepo and yum. in both cases they are minor changes and will not impact backward compatibility of the metadata format. So - older versions of yum will work with the sha256 metadata. Provided, of course, that the version of python they are using knows about sha256 checksums :) yum: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=e40f8234756b021206d60ef81600e58d38b63489 createrepo: http://createrepo.baseurl.org/gitweb?p=createrepo.git;a=commitdiff;h=3b43f1280d94776689816cf96c6cc8135726b240 Thanks