Issue #8644
closedPossibly wrong checksum type in repomd.xml on publish
Description
I'm working off the 'master' branch of pulp-rpm trying to get a glimpse of repo autopublish feature - I know it has not yet been released, so I have been warned. Nevertheless, I would like to report a possible issue with checksum type in repomd.xml when autopublish feature is used. Even when both package and metadata checksum types are set to 'sha1', the checksum used in repomd.xml is sha256. Here's a sample for a RHEL 5 repo synced from cdn.redhat.com:
<repomd>
<revision>1619601758</revision>
<data type="primary">
<checksum type="sha256">
0f36c55b27e3af5c9c3c13a79e2a438baf9518a98737eeb79481d0f13fd13d2f
</checksum>
<open-checksum type="sha256">
35424b6b8f28b9890e4a69e2fa60a3dc230c5c3a1a55d440ebf95446da21649c
</open-checksum>
...
rendering it unreadable from RHEL 5 yum clients. However, the publication itself has both checksum types set to 'sha1' as expected, and 'sha1' is indeed used for package checksums in primary.xml.gz - so only the repomd.xml file itself carries the wrong checksums. I'm running Pulp 3 on RHEL8, btw (I couldn't find it in OS menu dropdown).
Related issues
Fix wrong checksum being used for publication
closes: #8644 https://pulp.plan.io/issues/8644