Trying to create local repo of EL5 packages on F15 host, using: createrepo --update -d --checksum sha . The resulting primary.xml.gz has sha256 checksums for all of the packages rather than the expected sha1 checksums, resulting in "package does not match expected download" errors on target systems. This is with createrepo-0.9.9-3.fc15 If I downgrade createrepo to createrepo-0.9.8-5.fc14, I get the sha1 checksums again.
The upstream patch from Bug #500364 has resolved this for me, though it would nice to see a Fedora update for the problem.
I'm currently using the 0.9.8-5 from F14 also due to this problem. I have a local repo server that has repos for F14, F15, SciLinux5x and SciLinux6x. The SL5x systems need the sha1 checksums. So I'd also like to see a fixed package for F15.
I rebuilt createrepo from rawhide on F15 and it worked for me.
And I tried the patch that shows up in 500364 by hand-jamming the changes to __init__.py and worker.py. And it's working for me now. The big advantage to doing this instead of downgrading is getting the --workers option that wasn't available in 0.9.8-5. On an 8 core box I set workers to 6 and it makes a noticeable time to run difference in my repo syncing.
*** This bug has been marked as a duplicate of bug 500364 ***