Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-156

RedHat RPM has different checksum than repository metadata

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Component/s: etc
    • Labels:
    • Environment:
      Redhat Yum repository
    • Similar Issues:

      Description

      Jenkins RPM for version 1.469 has a different checksum than published in yum repository metadata.
      When first time version 1.469 appeared, we couldn't found the rpm, although repository metadata contained all required information. After a day, rpm appeared, but with different checksum.
      Was the rpm been rebuilt/replaced without rebuilding repository metadata?

      Here is yum update output:
      --------------------------
      Setting up Update Process
      Resolving Dependencies
      --> Running transaction check
      ---> Package jenkins.noarch 0:1.469-1.1 set to be updated
      --> Finished Dependency Resolution

      Dependencies Resolved

      ==============================================================================================================
      Package Arch Version Repository Size
      ==============================================================================================================
      Updating:
      jenkins noarch 1.469-1.1 jenkins 46 M

      Transaction Summary
      ==============================================================================================================
      Install 0 Package(s)
      Upgrade 1 Package(s)

      Total download size: 46 M
      Is this ok [y/N]: y
      Downloading Packages:
      jenkins-1.469-1.1.noarch.rpm | 46 MB 00:56
      http://pkg.jenkins-ci.org/redhat/jenkins-1.469-1.1.noarch.rpm: [Errno -1] Package does not match intended download
      Trying other mirror.

        Attachments

          Activity

          Hide
          vgirnet Vladimir Girnet added a comment -

          Here are checksums:

          From primary.xml.gz: <package type="rpm"><name>jenkins</name><arch>noarch</arch><version epoch="0" ver="1.469" rel="1.1"/><checksum type="sha" pkgid="YES">60510d947732d40caa134221fbde32c33f8fbf3c</checksum>

          "sha1sum jenkins-1.469-1.1.noarch.rpm": 26ae66214c61b6aff6134862a48a8335a2db9364

          Show
          vgirnet Vladimir Girnet added a comment - Here are checksums: From primary.xml.gz: <package type="rpm"><name>jenkins</name><arch>noarch</arch><version epoch="0" ver="1.469" rel="1.1"/><checksum type="sha" pkgid="YES">60510d947732d40caa134221fbde32c33f8fbf3c</checksum> "sha1sum jenkins-1.469-1.1.noarch.rpm": 26ae66214c61b6aff6134862a48a8335a2db9364
          Hide
          ohtake_tomohiro OHTAKE Tomohiro added a comment -

          Fixed in 1.470

          http://jenkins-ci.org/changelog

          What's new in 1.470 (2012/06/13)

          • Problem in syncing mirrors with native packages. Re-releasing the same bits as 1.469 as 1.470.
          Show
          ohtake_tomohiro OHTAKE Tomohiro added a comment - Fixed in 1.470 http://jenkins-ci.org/changelog What's new in 1.470 (2012/06/13) Problem in syncing mirrors with native packages. Re-releasing the same bits as 1.469 as 1.470.
          Hide
          bpaul billy paul added a comment -

          On all packages >= 1.469, I'm still seeing this issue. If I try a lower version (i.e. 1.460), it works fine. I think there is something still out of whack with the checksum generation.

          Show
          bpaul billy paul added a comment - On all packages >= 1.469, I'm still seeing this issue. If I try a lower version (i.e. 1.460), it works fine. I think there is something still out of whack with the checksum generation.
          Hide
          vgirnet Vladimir Girnet added a comment -

          I've just updated to 1.475-1.1 using default Jenkins repository (baseurl=http://pkg.jenkins-ci.org/redhat/) without any issues.
          You may try to do a "yum clean all" before checking for updates.

          So, I think Jenkins repository is ok.

          Show
          vgirnet Vladimir Girnet added a comment - I've just updated to 1.475-1.1 using default Jenkins repository (baseurl= http://pkg.jenkins-ci.org/redhat/ ) without any issues. You may try to do a "yum clean all" before checking for updates. So, I think Jenkins repository is ok.
          Hide
          bpaul billy paul added a comment -

          Hey Vladmir. The problem appears to be with one specific mirror...

          http://ftp-chi.osuosl.org/pub/jenkins/redhat/jenkins-1.475-1.1.noarch.rpm

          I'm using Artifactory as a yum proxy. When I wget from my Artifactory server, it's redirected to the above URL. wget sits at 99% for an extended period of time, then tries again. The second request gets a 206 (Partial Content). The download completes, but I think the fact that it's taking two requests does something to the bits that causes it to have a slightly different checksum. Would you mind trying that specific mirror and see if you have any issues with the checksums being different?

          Show
          bpaul billy paul added a comment - Hey Vladmir. The problem appears to be with one specific mirror... http://ftp-chi.osuosl.org/pub/jenkins/redhat/jenkins-1.475-1.1.noarch.rpm I'm using Artifactory as a yum proxy. When I wget from my Artifactory server, it's redirected to the above URL. wget sits at 99% for an extended period of time, then tries again. The second request gets a 206 (Partial Content). The download completes, but I think the fact that it's taking two requests does something to the bits that causes it to have a slightly different checksum. Would you mind trying that specific mirror and see if you have any issues with the checksums being different?
          Hide
          evernat evernat added a comment -

          @billy paul
          Is it still an issue?

          Show
          evernat evernat added a comment - @billy paul Is it still an issue?
          Hide
          vgirnet Vladimir Girnet added a comment -

          This have not happen anymore in the last 2 years, I think everything is fine.

          Show
          vgirnet Vladimir Girnet added a comment - This have not happen anymore in the last 2 years, I think everything is fine.
          Hide
          danielbeck Daniel Beck added a comment -

          While we recently had a new checksum issue due to packaging re-run, this 5 year old issue is truly obsolete by now. Anything else should be filed as new issue.

          Show
          danielbeck Daniel Beck added a comment - While we recently had a new checksum issue due to packaging re-run, this 5 year old issue is truly obsolete by now. Anything else should be filed as new issue.

            People

            • Assignee:
              abayer Andrew Bayer
              Reporter:
              vgirnet Vladimir Girnet
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: