When an attempt is made to build an RPM sourced from Fedora 11, the SRPM is reported as corrupt: [minfrin@chandler ~]$ rpmbuild --rebuild jabberd-2.2.7.1-1.fc11.src.rpm Installing jabberd-2.2.7.1-1.fc11.src.rpm warning: InstallSourcePackage: Header V3 RSA/SHA256 signature: NOKEY, key ID d22e77f2 warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root error: unpacking of archive failed on file /home/chandler/minfrin/rpm/SOURCES/jabberd;49bedd3d: cpio: MD5 sum mismatch error: jabberd-2.2.7.1-1.fc11.src.rpm cannot be installed The cause as I understand it is this: https://fedoraproject.org/wiki/Features/StrongerHashes I would have expected to see stronger hashes backported to RHEL5 *before* Fedora had made the first releases of Fedora 11, so as to prevent RHEL5 users going on a wild goose chase thinking mirrors are corrupt.
There's no guarantee whatsoever that a given RHEL version can be used to build or install Fedora packages. The only bug here is that rpmlib() dependencies are not checked for source rpms.
Not being able to build "as is" is one thing. Not being able to even install the .src.rpm in order to use it as a starting point in getting some extra software into an RHEL box is IMHO a much bigger issue.
I have encountered the same problem which Aleksey Nogin suffer from. I donot think it is a acceptable issue.
A workaround is to use rpm2cpio and then extract the cpio archive manually. Still, quite annoying...
To Aleksey, "rpm -ivh --nomd5" should works for you. But it's still to ugly.
You can build backwards compatible (i.e. md5) source rpms on fedora 11 that will work on rhel/centos using the following options to rpmbuild. rpmbuild -bs \ --define "_source_filedigest_algorithm md5" \ --define "_binary_filedigest_algorithm md5" \ package.spec This will for example allow the resulting source rpm to be rebuilt for rhel/centos using mock.
Still there in 5.4 :-(
I'd really like to see this; we often use Fedora source RPMs as a starting point for work on EL 5 systems.
and still there in RHEL5.5 trying to look into ovirt...
Every time I go to rebuild a fedora rpm in rhel, I curse this bug.
(In reply to comment #11) > Every time I go to rebuild a fedora rpm in rhel, I curse this bug. I use Jim Radford's suggestion in a simple script. Works nice enough. #!/bin/bash if [ -z $1 ]; then echo Usage $0 package.spec else rpmbuild -bs \ --define "_source_filedigest_algorithm md5" \ --define "_binary_filedigest_algorithm md5" \ $1 fi
I use rpmbuild-md5 which works great
Hi, I need work some package on a rhel 5.x ,from bug #499385, "Fedora 11 is switching to sha256 checksums instead of md5" my question is, if I update rpm package from a newer fedora into rhel , still can use package from rhel ? rpm is backward compatible ? btw and yum ? yum --enablerepo=fedora14 list fedora14/primary_db | 14 MB 00:04 http://ftp.up.pt/fedora/releases/14/Everything/x86_64/os/repodata/190919419ab3582cb090d8006b7fdd02a17616d6df76d426b5d26d9a3ceff158-primary.sqlite.bz2: [Errno -3] Error performing checksum update rpm solve this performing checksum ?
FYI: The SRPMs that contain rpm with back-ported strong hashes + xz payload support are available from the Fedora Infrastructure repositories: http://infrastructure.fedoraproject.org/builder-rpms/SRPMS/ I've been using those for a very long time on my builders and they work nicely. It would be great if they were officially accepted into RHEL5. Most of the work has been done already, and these RPMs are in production on Fedora builders, so hopefully there will be some progress soon. Thanks!
(In reply to comment #15) > FYI: The SRPMs that contain rpm with back-ported strong hashes + xz payload > support are available from the Fedora Infrastructure repositories: with command "rpm -qp rpm-4.6.0-4.0.notting.1.el5.src.rpm --changelog | head" I saw that 4.6.0-4.0.notting.1 is an update of 4.6.0-4.0.mitr.1, which is not clear to me. Thanks , I also agree that would be great if they were officially accepted into RHEL5.
(In reply to comment #15) > It would be great if they were officially accepted into RHEL5. Agreed.
(In reply to comment #16) > (In reply to comment #15) > > FYI: The SRPMs that contain rpm with back-ported strong hashes + xz payload > > support are available from the Fedora Infrastructure repositories: > > with command "rpm -qp rpm-4.6.0-4.0.notting.1.el5.src.rpm --changelog | head" > I saw that 4.6.0-4.0.notting.1 is an update of 4.6.0-4.0.mitr.1, which is not > clear to me. What exactly is not clear to you? If I remember correctly, the mitr.1 version was the version that had the backported support for SHA hashes, before XZ payloads were introduced (that appeared in notting.1).
(In reply to comment #18) what wasn't clear, which package is the newer ? I clear it up. My English was not the best, where I wrote "which is not clear to me" should wrote in past "which was not clear". Thanks,
(In reply to comment #19) > > what wasn't clear, which package is the newer ? I clear it up. 'n' comes after 'm', so 'notting' is newer than 'mitr' ;-)
A Fix for building Update mock to newer version for --buildsrpm --spec --sources wget http://kojipkgs.fedoraproject.org/packages/mock/1.0.25/1.el5/src/mock-1.0.25-1.el5.src.rpm mock mock-1.0.25-1.el5.src.rpm Install mock Install x.src.rpm with rpm2cpio or rpm -ivh --nomd5 x.src.rpm mock mock -r epel-5-x86_64 --buildsrpm --spec xxx/xxx.spec --sources xxx/ Or use mock with git
This request was evaluated by Red Hat Engineering for inclusion in a Red Hat Enterprise Linux maintenance release. Red Hat does not currently plan to provide this change in a Red Hat Enterprise Linux update release for currently deployed products. With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating enhancements for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects.