Red Hat Bugzilla – Bug 863440
Need note indicating limitation in syncing sha256 RPMs
Last modified: 2012-12-10 16:59:50 EST
Per bug #855146, we currently cannot presently sync sha/sha256 RPMs. We should indicate this limitation somewhere in the user guide or technical notes or something.
Specifically, see https://bugzilla.redhat.com/show_bug.cgi?id=855146#c7
It would read something to the effect of:
"Note: Due to present limitations in pulp, users will be unable to fully sync repos with RPMs that contains sha/sha256 checksums."
I am not 100% sure if that is technically accurate/complete, however. Dev could provide better details.
The significance here is that at least a couple well-known third party (VirtualBox, [some?] Google) repos contain these signatures, so it could become a fairly prevalent question.
To be clear, we can only sync SHA-256 style RPMs, it is the older SHA-1 style RPMs we can not sync into Katello. I'd reword the above statement to state:
"Note: Due to present limitations in the Pulp subcomponent of Cloudforms System Engine, users will be unable to fully sync repositories that contain RPMs built with SHA-1 checksums. Repositories containing packages built using SHA-256 hashes are able to be synced with full support."
This document is now publicly available on access.redhat.com. For any further issues, please raise a new bug.