From the:
https://fedorahosted.org/spacewalk/wiki/Sha256Support
> So once approach is to get the checksum for the packages associated to
> the custom channel and generate the repomd as sha1 if its older
> content or sha256 if its newer. This is gona be the tricky part.
I today experimentally tested that we do not need to test if that
channel is "old" or "new". We can generate both checksum and yum will
handle it.
Normal F11 repomd.xml file look like:
...
<data type="primary">
<checksum
type="sha256">3073d9655a39b10fd6cb737c42131715c7bda76f215158a1e8f5b2356827742</checksum>
<timestamp>1246008857</timestamp>
<open-checksum
type="sha256">b7106b15fd36c3e918145532dfcb4e5531ae1e86b9ab4a1e8cf1622b363a98d2</open-checksum>
<location href="repodata/primary.xml.gz"/>
</data>
...
If I add there 'checksum type="sha"':
...
<data type="primary">
<checksum
type="sha256">3073d9655a39b10fd6cb737c42131715c7bda76f215158a1e8f5b2356827742</checksum>
<checksum
type="sha">311713f4751afe91adf3a9d95177618e8c7273ad</checksum>
<timestamp>1246008857</timestamp>
<open-checksum
type="sha256">b7106b15fd36c3e918145532dfcb4e5531ae1e86b9ab4a1e8cf1622b363a98d2</open-checksum>
<location href="repodata/primary.xml.gz"/>
</data>
...
It will start work. The same for primary.xml.gz. Normal file looks like:
...
<package type="rpm">
<name>bash-completion</name>
<arch>noarch</arch>
<version epoch="0" ver="20060301" rel="1"/>
<checksum type="sha256"
pkgid="YES">ad2e82c1e3c85abc763a3ec63d7d9c16cd98cb1f84d2de31b0e69b2215a3bce3</checksum>
...
I changed it to:
...
<checksum type="sha256"
pkgid="YES">ad2e82c1e3c85abc763a3ec63d7d9c16cd98cb1f84d2de31b0e69b2215a3bce3</checksum>
<checksum type="sha1">db8860d090e8cba1422748e68b911ad789513222</checksum>
...
With both checksum presented, I'm able to install package on both F11
and EL5 from the same repo.
Several scenarios I tested, What will happend if
- only sha256 is present:
- able to install on F11, not able to install on EL5
- only sha1 is present:
- not able to install on F11, able to install on EL5
- but we use currently md5, not sha1
- it does not matter. EL5 can handle both md5 and sha1, the same for F11
- sha256 is broken (I replaced one char), but sha1 is correct
- both EL5 and F11 will install sucessfully.
- THIS MAY BE THE PROBLEM - is it yum desired behaviour or bug?
- can we check this in yum-rhn-plugin?
- sha1 is broken (I replaced one char), but sha256 is correct
- both EL5 and F11 will error with "does not match checksum"
- you have normal createrepo in dir and if you puth it satellite and
access it through yum-rhn-plugin
- both scenarios are handled in same manner, nothing different here.
--
Miroslav Suchy
Red Hat Satellite Engineering
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
