Bug 602762 - linux platform discovery now gets sha256, not md5
Summary: linux platform discovery now gets sha256, not md5
Alias: None
Product: RHQ Project
Classification: Other
Component: Plugins   
(Show other bugs)
Version: 3.0.0
Hardware: All
OS: All
low vote
Target Milestone: ---
: ---
Assignee: John Mazzitelli
QA Contact: Mike Foley
Depends On:
TreeView+ depends on / blocked
Reported: 2010-06-10 17:23 UTC by John Mazzitelli
Modified: 2013-09-02 07:27 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-09-02 07:27:08 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description John Mazzitelli 2010-06-10 17:23:43 UTC
Description of problem:

rpm now returns a SHA256, even though it is being asked to return MD5 (see %{FILEMD5S} in the below command)

rpm -q --qf "%{NAME}\n%{FILEMD5S}\n" quota-3.17-6.fc11.x86_64

This is bad because our linux platform plugin component uses that command to give us MD5 and we set the package version MD5 to that value. Real MD5s are 32 chars long, this is 64 (we assume its a SHA256). This blows up on server when we try to insert it into the database since the column is only 32chars wide.

Need to fix plugin component to set MD5 or SHA256 accordingly:

Here's the code fix:

@@ -173,3 +173,7 @@ public class RpmPackageDiscoveryDelegate {
-                packageDetails.setMD5(md5);
+                if (md5.length() <= 32) {
+                    packageDetails.setMD5(md5);
+                } else {
+                    packageDetails.setSHA256(md5); // md5's can only be 32 chars, anything more and we assume its a SHA256
+                }

Comment 1 John Mazzitelli 2010-06-10 20:33:05 UTC
we need to wrap that new if statement in:

if (!md5.startsWith("00000000000000000000000000000000")) {

in other words, if rpm returns their "empty md5" token, we don't set SHA or MD5 in the package version since we don't know it.

Comment 2 John Mazzitelli 2010-08-24 18:10:26 UTC
commit 0f34ac2c5509187eb3d991ff4e21c47b60f539da and 83d0bd01759ddc48af69697273f08bbf361bb7a4 implemented this.  Done back in June 2010.

how to test:

1) make sure you are on RHEL or Fedora (anything with rpm really)
2) Run this command (note: if you don't have "quota 3.17" installed, just pick any package you do have installed):
      rpm -q --qf "%{NAME}\n%{FILEMD5S}\n" quota-3.17-6.fc11.x86_64
3) if the hashcode that is output is longer than 32 chars, then rpm is returning SHA256 and not MD5 and thus this bug would have been triggered
4) import your platform and wait until the package information is discovered and uploaded to the server (should take no more than several minutes, though I forget how long to wait). I think you need to enable package discovery, so don't forget to do that (go to the plugin configuration and enable package discovery)
5) Go to the platform's summary tab and see that you have discovered packages. If you do, this bug is fixed.

Comment 3 Heiko W. Rupp 2013-09-02 07:27:08 UTC
Bulk closing of issues that were VERIFIED, had no target release and where the status changed more than a year ago.

Note You need to log in before you can comment on or make changes to this bug.