[Bug 741979] New: Online update fails because of invalid checksums
https://bugzilla.novell.com/show_bug.cgi?id=741979 https://bugzilla.novell.com/show_bug.cgi?id=741979#c0 Summary: Online update fails because of invalid checksums Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: All OS/Version: All Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: herbert@women-at-work.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0 I use as local mirror of http://ftp3.gwdg.de/pub/opensuse/update/12.1/ to install updates. Yast complains about invalid checksums of many of the packages and refuses to install them. It looks like some packages were signed two times and the gwdg.de mirror holds the older files. Reproducible: Always Steps to Reproduce: Only as an example one of the files. wget http://download.opensuse.org/update/12.1/x86_64/krb5-1.9.1-24.3.1.x86_64.rpm wget http://ftp.gwdg.de/pub/opensuse/update/12.1/x86_64/krb5-1.9.1-24.3.1.x86_64.... md5sum -b krb5-1.9.1-24.3.1.x86_64.rpm* rpm -qpi * | grep Key Actual Results: # md5sum -b krb5-1.9.1-24.3.1.x86_64.rpm* c6723fb6d475115ca85215b9a03f062b *krb5-1.9.1-24.3.1.x86_64.rpm 6e1cf511119dc24c80bebe93186721d6 *krb5-1.9.1-24.3.1.x86_64.rpm.1 # rpm -qpi * | grep -i key Signature : RSA/SHA256, Do 08 Dez 2011 17:39:28 CET, Key ID b88b2fd43dbdc284 Signature : RSA/SHA256, Do 08 Dez 2011 17:39:25 CET, Key ID b88b2fd43dbdc284 Expected Results: Two identical files and not two different signing time stamps. A regular online update from download.opensuse.org is also failing because for dolphin-4.7.2-4.4.1.x86_64.rpm, the checksum is 903b3243f0e3012e5dc9dd01c26b6f618fcb808d65394df97e6724002ce70e4e, but Yast expects 4a73848e62be00c5a04fdfbdeaebe7e7decdb125173de754a65675a6af284d25.
From the Yast log file I can see that the dolphin package was downloaded in several parts from uni-kl.de, hs-esslingen.de, uni-hd.de uni-ulm.de and uni-wuerzburg.de. All of these mirrors have the file with the 903b... checksum.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c
Jochen Katz
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c2
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c3
Mark Gray
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c4
Adrian Schröter
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c5
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c6
--- Comment #6 from Herbert Meier
From the signing date the file on gwdg.de is the good/new one!
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c7
--- Comment #7 from Eberhard Mönkeberg
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c8
--- Comment #8 from Herbert Meier
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c9
--- Comment #9 from Eberhard Mönkeberg
https://bugzilla.novell.com/show_bug.cgi?id=741979
https://bugzilla.novell.com/show_bug.cgi?id=741979#c
Ruediger Oertel
participants (1)
-
bugzilla_noreply@novell.com