[Yum] PATCH: handle more checksum in repomd file

Seth Vidal skvidal at fedoraproject.org
Tue Jun 30 15:56:07 UTC 2009



On Tue, 30 Jun 2009, Miroslav Suchý wrote:

>> 1. you most certain can (and should) use createrepo - or at least its libs.
> Nope. It is slow for us. Spacewalk store metadata to db and generating 
> repodata from db is much much faster then reading from rpm files on disk.
> An library? Maybe modifyrepo.py can be usefull for us. Other probably not 
> (judging from quick look). Not mentioning that repomd code is now in java in 
> Spacewalk.

1. I think you haven't used createrepo in a while.

2. createrepo is now setup so you can make a repository out of any set of 
Package Objects.


>> Spacewalk and rhn having its own repodata generating tool has always been 
>> incorrect in my opinion. It duplicates effort needlessly and it means 
>> spacewalk (and rhn) always lag behind createrepo badly.
>
> I disagree. Spacewalk focus on something different then createrepo.


apparently, spacewalk focuses on making a repository type that is not 
compatible with yum and other solvers.


>> 2. and why isn't -s sha seen as the 'backwards compatible' checksum type 
>> and sha256 as the forward going checksum type?
>
> Probability of collision in SHA1 in attack has been reduced to 2^52. So we 
> would like to move to SHA256 and following Fedora. If we would like to be 
> 'backwards compatible', yeah - we can use sha1 or md5. But we would like to 
> have sha256 to follow Fedora. It is the same as if you ask if Fedora can stay 
> on SHA1 to be  'backwards compatible'.


Then the  solution is rhel5 needs to grow support for larger checksums - 
via python-hashlib.


> Which non-yum depsolvers?

Smart and apt, for example.

> And this brings me back to my question - do we have documentation of the 
> format of these files? if the structure will be well documented then we 
> should not care about other programs (including Spacewalk). Program either 
> comply with documentation or not.
> But only documentation I find is yum code itself.

we don't have a lot of docs outside of the yum, code for these files, no.


-sv


More information about the Yum mailing list