[Yum] PATCH: handle more checksum in repomd file

Miroslav Suchý msuchy at redhat.com
Mon Jun 29 12:11:21 UTC 2009


Seth Vidal wrote:
> On Fri, 26 Jun 2009, Miroslav Suchý wrote:
> 
>> During the work on Spacewalk I tried to create repomd.xml file with 
>> more checksums in that file. See:
>> https://www.redhat.com/archives/spacewalk-devel/2009-June/msg00021.html
>> for more info. But it's safe to skip.
>>
>> But it takes only few moments that I find in yum code, that yum will 
>> pickup only last checksum it will find... :(
>>
>> So I created patch for yum which will pickup only checksums, which are 
>> known to yum.
> 
> So - first:
> in what situation is it useful for the two systems which cannot read 
> both types of checksums to read a single repo?
> 
> do you have a repo that is used by both f11 and el5 systems at the same 
> time? If so - why not just use createrepo -s sha to generate those repos?

You maybe already heard about Spacewalk:
https://fedorahosted.org/spacewalk/
It manage (btw) packages. Spacewalk do not have repositories per se. 
Packages are stored on disk together and meta-data are stored in 
database. Repodata are created on the fly. Each system is always 
subscribed to one base channel (channel == repo, more or less) and can 
be subscribed to more child channels.
If the base channel is one of the standard (Ie. RHEL, Fedora...) we can 
- with little work - determine if system can handle sha or sha256 checksum.
But user can create custom channel with custom content and use it as 
base channel. And he can subscribe whatever machine to it. He can even 
subscribe EL3,EL4,EL5, F-9, F-11, whatever. EL4 and older are no 
problem, but RHEL5 can only understand MD5 and SHA1, whereas F11 and 
newer should (and we want to) use SHA256.
Therefore I think we would generate both checksums, but then find yum 
use not the preffered one, but only the last one.

So back to your questions:
Yes I have systems which cannot read both types of checksums from single 
repo.
And I cannot use "createrepo -s sha", because we do not use createrepo 
at all (since we can not). And second - we would like to use sha256 if 
possible since it is now proffered way in Fedora.


> alternatively, installing python-hashlib from epel on el5 systems allows 
> yum to handle the sha256 checksums fine.

Hmm, this may be the way too...

>> See attachment.
>> Can you please review it and if find appropriate, merge to git?
>>
> 
> Can you explain, again, what benefit we get from this?

Benefit for yum...? Well it comes down to question - are more checksums 
allowed in repomd.xml? If yes - then yum just pickup last checksum now 
instead of preferred, if no - then yum should warn about wrong format. I 
think the first is correct behavior.
BTW - Do you know where is definition of repodata files (repomd.xml, 
primary.xml...)? I could not find DTD file, nor any other documentation 
of the format.


-- 
Miroslav Suchy
Red Hat Satellite Engineering


More information about the Yum mailing list