Description of problem: Seems createrepo calculates wrong checksums for groups file when using both "-s sha1" and "--unique-md-filenames" See: [thl@thl tmp]$ mkdir tmp; cd tmp [thl@thl tmp]$ wget -q http://download.fedora.redhat.com/pub/fedora/linux/updates/testing/10/i386/backup-light-0.4-2.fc10.noarch.rpm http://download.fedora.redhat.com/pub/fedora/linux/updates/testing/10/i386/repodata/comps-f10.xml [thl@thl tmp]$ createrepo -q -s sha1 -g comps-f10.xml . [thl@thl tmp]$ grep -A 1 comps-f10.xml repodata/repomd.xml <location href="repodata/comps-f10.xml.gz"/> <checksum type="sha1">81f668988c8478c20b16988359ade81ccb1398b0</checksum> -- <location href="repodata/comps-f10.xml"/> <checksum type="sha1">47134e1d6030b6772bc8523a78e532dba71aedf7</checksum> [thl@thl tmp]$ grep -A 1 comps-f10.xml repodata/repomd.xml <location href="repodata/c78f596799c4911050f6a40458060af0231a596cbda32d8313c3874ce9e6b9c7-comps-f10.xml.gz"/> <checksum type="sha1">c78f596799c4911050f6a40458060af0231a596cbda32d8313c3874ce9e6b9c7</checksum> -- <location href="repodata/b9fd41cf97788f5365c97ac5cbf548abfdd5061d7e5414856a52c097d3dbad0a-comps-f10.xml"/> <checksum type="sha1">b9fd41cf97788f5365c97ac5cbf548abfdd5061d7e5414856a52c097d3dbad0a</checksum> [thl@thl tmp]$ The checksum is different and longer in the second case. Version-Release number of selected component (if applicable): createrepo-0.9.7-1.fc11.noarch Additional information: Actually ran into this for RPM Fusion after updating to new yum/createrepo on a RHEL5 system, but could reproduced it on rawhide (see above)
sorry, forgot to cut-n-paste one important line; here it is again: [thl@thl tmp]$ mkdir tmp; cd tmp [thl@thl tmp]$ wget -q http://download.fedora.redhat.com/pub/fedora/linux/updates/testing/10/i386/backup-light-0.4-2.fc10.noarch.rpm http://download.fedora.redhat.com/pub/fedora/linux/updates/testing/10/i386/repodata/comps-f10.xml [thl@thl tmp]$ createrepo -q -s sha1 -g comps-f10.xml . [thl@thl tmp]$ grep -A 1 comps-f10.xml repodata/repomd.xml <location href="repodata/comps-f10.xml.gz"/> <checksum type="sha1">81f668988c8478c20b16988359ade81ccb1398b0</checksum> -- <location href="repodata/comps-f10.xml"/> <checksum type="sha1">47134e1d6030b6772bc8523a78e532dba71aedf7</checksum> [thl@thl tmp]$ createrepo -q --unique-md-filenames -s sha1 -g comps-f10.xml . [thl@thl tmp]$ grep -A 1 comps-f10.xml repodata/repomd.xml <location href="repodata/c78f596799c4911050f6a40458060af0231a596cbda32d8313c3874ce9e6b9c7-comps-f10.xml.gz"/> <checksum type="sha1">c78f596799c4911050f6a40458060af0231a596cbda32d8313c3874ce9e6b9c7</checksum> -- <location href="repodata/b9fd41cf97788f5365c97ac5cbf548abfdd5061d7e5414856a52c097d3dbad0a-comps-f10.xml"/> <checksum type="sha1">b9fd41cf97788f5365c97ac5cbf548abfdd5061d7e5414856a52c097d3dbad0a</checksum> [thl@thl tmp]$
You're right- the checksum type wasn't being propagated there. That's fixed now. http://createrepo.baseurl.org/gitweb?p=createrepo.git;a=commit;h=5dd00f425f64cdc1bfc1005f560fb4761abac007 Thanks
*** Bug 498767 has been marked as a duplicate of this bug. ***
@seth I reopen this bug since the diff pointed in Comment #2 is already applied in the 0.9.7-6 version (in createrepo-head.patch) but this doesn't fix the Bug 498767 sha256 still used in primary.xml Regards
Created attachment 342411 [details] use config checksum in read_in_package
FWIW, I also ran into more trouble from RPM Fusion users with F9 or EL5 after the problems this bug is about was fixed; but I was not able to properly track it down yet -- sorry, there are more pressing issues and so I just went back to an older createrepo for F9 and EL5
okay. I've built a newer createrepo with the latest patch from git upstream. I cannot replicate any sha/sha1 issues with this package. rawhide: http://kojipkgs.fedoraproject.org/packages/createrepo/0.9.7/7.fc12/noarch/createrepo-0.9.7-7.fc12.noarch.rpm f11: http://kojipkgs.fedoraproject.org/packages/createrepo/0.9.7/7.fc11/noarch/createrepo-0.9.7-7.fc11.noarch.rpm let me know if it doesn't work.
This build solves the issue I've detected. Thanks for this. Regards.
(In reply to comment #8) > This build solves the issue I've detected. Same here. I'll test with RPM Fusion over the next few days and will reopen this bug if any other problems show up > Thanks for this. +1
Seems there is still one more bug hidden somewhere, as the data RPM Fusion generates with the latest createrepo (running on RHEL5 with manual updated RPM and yum) is unusable in F9 anaconda. See https://bugzilla.rpmfusion.org/show_bug.cgi?id=536 /me wonders if the "sha1" (instead of "sha", as it was in the past) could lead to this problem Someone also mentioned on IRC that the data RPM Fusion generates for RHEL does not work on older RHEL-5-Version (no exact data, but I suppose something older than 5.2 or 5.3). But he said it works fine after updating yum. Seth, is it worth investigating this further?
To provide compatibility with F9 yum version, maybe createrepo could accept the '-s sha' option, pass sha1 instead of sha to yum's misc.Checksums(), and keep the 'sha' name in the files created in repodata ?
(In reply to comment #11) > To provide compatibility with F9 yum version, maybe createrepo could accept the > '-s sha' option, pass sha1 instead of sha to yum's misc.Checksums(), and keep > the 'sha' name in the files created in repodata ? From my current point of view everything is working after using latest yum from rawhide with this patch on the machine that is running createrepo: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=a8f894049d43b37aa429468999e89531206cfd3d So what you suggest seems to complicated to me. But to not confuse people it maybe would be nice/wise if createrepo would write "sha" everywhere to the repo files if the users uses "-s sha1"
Seth fixed yum.misc.Checksums() to accept sha. I added some warning text to createrepo. Both those things should make it much more obvious what is happening.
The patch to yum works for me too. Thanks!