Bug 514753 - createrepo's cache generation fails, leading to invalid metadata when repo contains RPMs without an SHA1 signature
Summary: createrepo's cache generation fails, leading to invalid metadata when repo co...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: createrepo
Version: el4
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jeff Sheltren
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-30 16:16 UTC by Jon Fautley
Modified: 2014-01-21 06:14 UTC (History)
1 user (show)

Fixed In Version: 0.4.4-0.4.el4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-28 04:58:14 UTC
Type: ---


Attachments (Terms of Use)
Patch to fix problem described (1.28 KB, patch)
2009-07-30 16:16 UTC, Jon Fautley
no flags Details | Diff

Description Jon Fautley 2009-07-30 16:16:03 UTC
Created attachment 355696 [details]
Patch to fix problem described

Description of problem:

The caching functionality of createrepo in EPEL4 does not handle RPMs that don't contain an SHA1 checksum. This results in an entry in the cachedir that simply contains the RPM name, and no other identifying information.

When using cache, if you have more than 1 RPM with the same name (but different version/release) then createrepo can generate invalid metadata that prevents any version of this package name from being installed.

Version-Release number of selected component (if applicable):
createrepo-0.4.4-0.3.el4

How reproducible:

Find two versions of an RPM that don't contain SHA1 checksums (verify with rpm -K blah.rpm), place into a directory.

Execute createrepo with the -c option to create a cache. Assuming the RPM name is "VMwareTools", you'll end up with an entry in the cache dir called "VMwareTools-[]".

Attempt to install the package using YUM, pointed at this repository. Failure occurs.

Expected results:

Yum should install the latest version (assuming no version specified on command line).

Additional info:

Patch attached that fixes this problem. Patch is a massaged version of:

https://lists.dulug.duke.edu/pipermail/rpm-metadata/attachments/20050730/f47ced7d/createrepo-nohdrid-take2.bin

Which should apply cleanly to the createrepo RPM in EPEL4.

Comment 1 seth vidal 2009-07-30 16:24:58 UTC
I can add this one in.

Comment 2 seth vidal 2009-08-10 21:04:47 UTC
patch applied and build has been submitted to koji:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1596081






Jeff can you take care of releasing this?

Comment 3 Fedora Update System 2009-08-11 16:06:59 UTC
createrepo-0.4.4-0.4.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/createrepo-0.4.4-0.4.el4

Comment 4 Fedora Update System 2009-08-12 19:49:44 UTC
createrepo-0.4.4-0.4.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update createrepo'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-4/FEDORA-EPEL-2009-0254

Comment 5 Fedora Update System 2009-08-28 04:58:09 UTC
createrepo-0.4.4-0.4.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.