Project

Profile

Help

Issue #4253

Updated by jsherril@redhat.com almost 6 years ago

A report from upstream katello (https://projects.theforeman.org/issues/25529) indicates that pulp generates a repomd.xml file that claims to use the checksum type that has been set on the publisher, but in fact is not using that: 

 In this example it purports to have used a sha1 checksum, but in fact its actually a sha256 checksum: 


 <pre> 
   <data type="modules"> 
     <location href="repodata/824ffe238f202a0612ecbb2b0c0459dc289a7ef47adb1f26406453d41f476449-modules.yaml.gz"/> 
     <timestamp>1542811864</timestamp> 
     <size>33</size> 
     <checksum type="sha1">824ffe238f202a0612ecbb2b0c0459dc289a7ef47adb1f26406453d41f476449</checksum> 
     <open-size>0</open-size> 
     <open-checksum type="sha1">da39a3ee5e6b4b0d3255bfef95601890afd80709</open-checksum> 
   </data> 
 </pre> 


 To reproduce: 

 1.    create and sync a yum repository 
 2.    set a checksum type of sha1 
 3.    publish the repository

Back