Seth Vidal wrote:
On Mon, 29 Jun 2009, Miroslav Suchý wrote:
So back to your questions:
Yes I have systems which cannot read both types of checksums from
single repo.
And I cannot use "createrepo -s sha", because we do not use createrepo
at all (since we can not). And second - we would like to use sha256 if
possible since it is now proffered way in Fedora.
1. you most certain can (and should) use createrepo - or at least its
libs.
Nope. It is slow for us. Spacewalk store metadata to db and generating
repodata from db is much much faster then reading from rpm files on disk.
An library? Maybe modifyrepo.py can be usefull for us. Other probably
not (judging from quick look). Not mentioning that repomd code is now in
java in Spacewalk.
Spacewalk and rhn having its own repodata generating tool has
always been incorrect in my opinion. It duplicates effort needlessly and
it means spacewalk (and rhn) always lag behind createrepo badly.
I disagree. Spacewalk focus on something different then createrepo.
2. and why isn't -s sha seen as the 'backwards compatible' checksum type
and sha256 as the forward going checksum type?
Probability of collision in SHA1 in attack has been reduced to 2^52. So
we would like to move to SHA256 and following Fedora. If we would like
to be 'backwards compatible', yeah - we can use sha1 or md5. But we
would like to have sha256 to follow Fedora. It is the same as if you ask
if Fedora can stay on SHA1 to be 'backwards compatible'.
Benefit for yum...? Well it comes down to question - are more
checksums allowed in repomd.xml? If yes - then yum just pickup last
checksum now instead of preferred, if no - then yum should warn about
wrong format. I think the first is correct behavior.
BTW - Do you know where is definition of repodata files (repomd.xml,
primary.xml...)? I could not find DTD file, nor any other
documentation of the format.
So, my problem is there is no explicit provision for the data in
repomd.xml to have multiple checksums. Therefore, if we start doing this
we run the risk of breaking any of the non-yum depsolvers.
Which non-yum depsolvers?
And this brings me back to my question - do we have documentation of the
format of these files? if the structure will be well documented then we
should not care about other programs (including Spacewalk). Program
either comply with documentation or not.
But only documentation I find is yum code itself.
--
Miroslav Suchy
Red Hat Satellite Engineering
_______________________________________________
Yum mailing list
Yum@xxxxxxxxxxxxxxxxx
http://lists.baseurl.org/mailman/listinfo/yum
