Project

Profile

Help

Issue #8644

closed

Possibly wrong checksum type in repomd.xml on publish

Added by sskracic@redhat.com almost 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 96
Quarter:

Description

I'm working off the 'master' branch of pulp-rpm trying to get a glimpse of repo autopublish feature - I know it has not yet been released, so I have been warned. Nevertheless, I would like to report a possible issue with checksum type in repomd.xml when autopublish feature is used. Even when both package and metadata checksum types are set to 'sha1', the checksum used in repomd.xml is sha256. Here's a sample for a RHEL 5 repo synced from cdn.redhat.com:

<repomd>
<revision>1619601758</revision>
<data type="primary">
<checksum type="sha256">
0f36c55b27e3af5c9c3c13a79e2a438baf9518a98737eeb79481d0f13fd13d2f
</checksum>
<open-checksum type="sha256">
35424b6b8f28b9890e4a69e2fa60a3dc230c5c3a1a55d440ebf95446da21649c
</open-checksum>
...

rendering it unreadable from RHEL 5 yum clients. However, the publication itself has both checksum types set to 'sha1' as expected, and 'sha1' is indeed used for package checksums in primary.xml.gz - so only the repomd.xml file itself carries the wrong checksums. I'm running Pulp 3 on RHEL8, btw (I couldn't find it in OS menu dropdown).


Related issues

Related to RPM Support - Backport #8752: Backport #8644 to 3.11CLOSED - CURRENTRELEASEttereshc

Actions

Also available in: Atom PDF