Red Hat Bugzilla – Bug 477030
Support sha256sums checksumming for repo metadata and packages
Last modified: 2014-01-21 18:07:15 EST
+++ This bug was initially created as a clone of Bug #477029 +++
We should support sha256 for checksums on both repodata files, and on the rpms themselves.
Along with createrepo support, we'll also need yum to be able to understand them.
sha256 _package_ checksums require a repodata .sqlite format change, the .xml already contains the type ... but that info. isn't carried over to the .sqlite files. Internally as soon as we have that type info. it's "easy" to do a sha256 instead of a sha1.
Of course noone has checked what will happen with older yum's (and other clients) when/if we start generating multiple checksum XML elements with different types.
_file_ checksums arre gotten directly from the rpmdb or .rpm files, so the major change needs to happen there.
"""sha256 _package_ checksums require a repodata .sqlite format change"""
We think we have a workaround for this, it'll probably confuse older yum (and non-yum) clients ... but, it's better than a format change.
Can you explain why format change should be necessary, please?
AFAICS createrepo-0.9.6 already contains the "checksum_type" column in the "packages" table.
the format does not need to be changed. I just checked in the necessary changes to createrepo and yum.
in both cases they are minor changes and will not impact backward compatibility of the metadata format.
So - older versions of yum will work with the sha256 metadata. Provided, of course, that the version of python they are using knows about sha256 checksums :)