62802 – up2date-2.7.61-7.x.2 - up2date.py using wrong flag for rpm.checksig

Bug 62802 - up2date-2.7.61-7.x.2 - up2date.py using wrong flag for rpm.checksig

Summary: up2date-2.7.61-7.x.2 - up2date.py using wrong flag for rpm.checksig

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Public Beta
Classification:	Retired
Component:	up2date
Sub Component:
Version:	skipjack-beta2
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Adrian Likins
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-04-05 18:50 UTC by James Manning
Modified:	2005-10-31 22:00 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2002-04-11 19:00:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description James Manning 2002-04-05 18:50:22 UTC

this may be less of a bug and more a question of expected behavior. 
  
up2date_client/up2date.py's checkRpmMd5 takes one of 2 routes - if it can,  
rpm.checksig(fileName, rpm.RPMTAG_SIGMD5) otherwise /bin/rpm -Kv --nopgp 
--nogpg 
 
if you apply this patch: 
 
http://bugzilla.redhat.com/bugzilla/showattachment.cgi?attach_id=52424 
 
to up2date you see that they don't return the same thing - specifically, rpm 
-Kv does return "MD5 sum OK" (and hence returns 0 for checkRpmMd5) but 
rpm.checksig(fileName, rpm.RPMTAG_SIGMD5) is returning 1 which is breaking 
behavior. 
 
Checking rpm-4.0.4/python/rpmmodule.c, we just call through to rpmCheckSig 
with the appropriate flags set.  Then checking rpm-4.0.4/lib/rpmchecksig.c it 
*looks* like (hard to tell for sure) that it should return 0 if the md5 on the 
file is fine (and the md5 flag was passed) 
 
So the question is: is rpm.checksig returning 1 expected behavior for an rpm 
with a good md5sum?  And if not, any idea what's going on (flag translation is 
all that makes sense as a guess given the rpm -Kv works) 
 
Getting headers for available packages...  
rpm.checksig returns 1 on file /var/spool/up2date/zip-2.3-12.i386.rpm  
rpm -Kv returns 0 on file /var/spool/up2date/zip-2.3-12.i386.rpm

Comment 1 Jeremy Katz 2002-04-11 07:20:07 UTC

You should do

rpm.checksig(filename, rpm.CHECKSIG_MD5)  
  or
rpm.checksig(filename, rpm.CHECKSIG_GPG)

as opposed to SIGTAG_MD5 and SIGTAG_GPG

Comment 2 James Manning 2002-04-11 07:30:15 UTC

1) the flag was rpm.RPMTAG_SIGMD5 - what is SIGTAG_MD5? is that the equiv once 
it gets into C space?

2) sounds like you're saying that up2date.py's not using the right flag, so I'm 
reopening this as an up2date bug

Comment 3 James Manning 2002-04-11 07:31:42 UTC

ugh - i had hoped the bug owner would shift along with component, but here's 
step 2 to get this over to adrian

Comment 4 James Manning 2002-04-11 07:42:37 UTC

jeremy told me you've already got this fixed in cvs, adrian, so either 
close/dup this on whatever or use it to lemme know when the fix makes it 
out ;)  Kinda funny since this is all orthogonal once you switched to file size 
instead of md5 checks in bug 53583

Comment 5 Adrian Likins 2002-04-11 19:00:17 UTC

yeah, fixed in cvs, around 2.7.77 or so

It's not completely orthogonal since I use the md5 sum
when reading stuff off local disk cache to see if the files
are complete, and if not I download them again.

Thats what was causing the "skipjack always downloads
the packages" bug.

Note You need to log in before you can comment on or make changes to this bug.