514753 – createrepo's cache generation fails, leading to invalid metadata when repo contains RPMs without an SHA1 signature

Bug 514753 - createrepo's cache generation fails, leading to invalid metadata when repo contains RPMs without an SHA1 signature

Summary: createrepo's cache generation fails, leading to invalid metadata when repo co...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	createrepo
Sub Component:
Version:	el4
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jeff Sheltren
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-07-30 16:16 UTC by Jon Fautley
Modified:	2014-01-21 06:14 UTC (History)
CC List:	1 user (show)
Fixed In Version:	0.4.4-0.4.el4
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-08-28 04:58:14 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)
Patch to fix problem described (1.28 KB, patch) 2009-07-30 16:16 UTC, Jon Fautley	no flags	Details \| Diff
View All

Description Jon Fautley 2009-07-30 16:16:03 UTC

Created attachment 355696 [details]
Patch to fix problem described

Description of problem:

The caching functionality of createrepo in EPEL4 does not handle RPMs that don't contain an SHA1 checksum. This results in an entry in the cachedir that simply contains the RPM name, and no other identifying information.

When using cache, if you have more than 1 RPM with the same name (but different version/release) then createrepo can generate invalid metadata that prevents any version of this package name from being installed.

Version-Release number of selected component (if applicable):
createrepo-0.4.4-0.3.el4

How reproducible:

Find two versions of an RPM that don't contain SHA1 checksums (verify with rpm -K blah.rpm), place into a directory.

Execute createrepo with the -c option to create a cache. Assuming the RPM name is "VMwareTools", you'll end up with an entry in the cache dir called "VMwareTools-[]".

Attempt to install the package using YUM, pointed at this repository. Failure occurs.

Expected results:

Yum should install the latest version (assuming no version specified on command line).

Additional info:

Patch attached that fixes this problem. Patch is a massaged version of:

https://lists.dulug.duke.edu/pipermail/rpm-metadata/attachments/20050730/f47ced7d/createrepo-nohdrid-take2.bin

Which should apply cleanly to the createrepo RPM in EPEL4.

Comment 1 seth vidal 2009-07-30 16:24:58 UTC

I can add this one in.

Comment 2 seth vidal 2009-08-10 21:04:47 UTC

patch applied and build has been submitted to koji:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1596081






Jeff can you take care of releasing this?

Comment 3 Fedora Update System 2009-08-11 16:06:59 UTC

createrepo-0.4.4-0.4.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/createrepo-0.4.4-0.4.el4

Comment 4 Fedora Update System 2009-08-12 19:49:44 UTC

createrepo-0.4.4-0.4.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update createrepo'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0254

Comment 5 Fedora Update System 2009-08-28 04:58:09 UTC

createrepo-0.4.4-0.4.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.