Project

Profile

Help

Issue #8644

Updated by sskracic@redhat.com over 3 years ago

I'm working off the 'master' branch of pulp-rpm trying to get a glimpse of repo autopublish feature - I know it has not yet been released, so I have been warned.    Nevertheless, I would like to report a possible issue with checksum type in repomd.xml when autopublish feature is used.    Even when both package and metadata checksum types are set to 'sha1', the checksum used in repomd.xml is sha256.    Here's a sample for a RHEL 5 repo synced from cdn.redhat.com: 
 ~~~ 
 

 <repomd> 
 <revision>1619601758</revision> 
 <data type="primary"> 
 <checksum type="sha256"> 
 0f36c55b27e3af5c9c3c13a79e2a438baf9518a98737eeb79481d0f13fd13d2f 
 </checksum> 
 <open-checksum type="sha256"> 
 35424b6b8f28b9890e4a69e2fa60a3dc230c5c3a1a55d440ebf95446da21649c 
 </open-checksum> 
 ... 
 ~~~ 
 

 rendering it unreadable from RHEL 5 yum clients.    However, the publication itself has both checksum types set to 'sha1' as expected, and 'sha1' is indeed used for package checksums in primary.xml.gz - so only the repomd.xml file itself carries the wrong checksums.    I'm running Pulp 3 on RHEL8, btw (I couldn't find it in OS menu dropdown). 

Back