[Yum-devel] [PATCH] Check all checksums for repomd, from metalink, validation.

James Antill james at and.org
Mon Sep 13 14:51:32 UTC 2010


---
 yum/yumRepo.py |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/yum/yumRepo.py b/yum/yumRepo.py
index b501d61..4016ce5 100644
--- a/yum/yumRepo.py
+++ b/yum/yumRepo.py
@@ -1119,6 +1119,7 @@ class YumRepository(Repository, config.RepoConf):
         if repoXML.length != repomd.size:
             return False
 
+        done = False
         for checksum in repoXML.checksums:
             if checksum not in repomd.chksums:
                 continue
@@ -1126,11 +1127,11 @@ class YumRepository(Repository, config.RepoConf):
             if repoXML.checksums[checksum] != repomd.chksums[checksum]:
                 return False
 
-            #  If we don't trust the checksum, then don't generate it in
-            # repoMDObject().
-            return True
+            #  All checksums should be trusted, but if we have more than one
+            # then we might as well check them all ... paranoia is good.
+            done = True
 
-        return False
+        return done
 
     def _checkRepoMetalink(self, repoXML=None, metalink_data=None):
         """ Check the repomd.xml against the metalink data, if we have it. """
-- 
1.7.2



More information about the Yum-devel mailing list