Обсуждение: BUG #18304: Faulty proj93 RPM package in EL9 repo

Поиск
Список
Период
Сортировка

BUG #18304: Faulty proj93 RPM package in EL9 repo

От
PG Bug reporting form
Дата:
The following bug has been logged on the website:

Bug reference:      18304
Logged by:          Assen Totin
Email address:      assen.totin@gmail.com
PostgreSQL version: Unsupported/Unknown
Operating system:   RHEL-9
Description:

The package with filename proj93-9.3.0-1PGDG.rhel9.x86_64.rpm in the EL9
repo is faulty - it contains wrong checksums that prevent any operation on
the file (like metadata extraction):

[root@cgdclcm9 p]# rpm -qp --qf="%{modularitylabel}"
proj93-9.3.0-1PGDG.rhel9.x86_64.rpm
error: proj93-9.3.0-1PGDG.rhel9.x86_64.rpm: Header SHA256 digest: BAD
(Expected e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
!= fd96c44fc00d2537005936527104b7781b3f79efcd516752c0f4a5015d9e47ae)
error: proj93-9.3.0-1PGDG.rhel9.x86_64.rpm: Header SHA1 digest: BAD
(Expected da39a3ee5e6b4b0d3255bfef95601890afd80709 !=
966f4b9594664d2f91f33d0c54fc873eaf526d69)
error: proj93-9.3.0-1PGDG.rhel9.x86_64.rpm: not an rpm package (or package
manifest)

We keep a mirror of PostgreSQL and this breaks repo synchronisation. While
we can block certain unwanted packages based on their NEVRA, this mechanism
does not work here  because we cannot even extract the NEVRA form the faulty
package. Although you seem to have released a follow-up version 9.3.1 of the
package, this does not fix the issue - as long as the package with the bad
checksum is there, the repo sync will fail. To remedy the problem, please
consider one of the following:

- Remove the faulty 9.3.0 package from your repository, then rebuild repo's
metadata. This perhaps the easiest, since you already have 9.3.1 with proper
checksums.

- If you really want to keep 9.3.0 in the repo, rebuild its RPM with a
higher release number, then substitute the faulty RPM with this one and
rebuild the repo's metadata.

- The worst solution (but still possible) would be to rebuild the 9.3.0 RPM
with proper checksums, then rebuild repo's metadata.

Thank you in advance,


Re: BUG #18304: Faulty proj93 RPM package in EL9 repo

От
Devrim Gündüz
Дата:
Hi,

On Sat, 2024-01-20 at 11:55 +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
>
> Bug reference:      18304
> Logged by:          Assen Totin
> Email address:      assen.totin@gmail.com
> PostgreSQL version: Unsupported/Unknown
> Operating system:   RHEL-9
> Description:       
>
> The package with filename proj93-9.3.0-1PGDG.rhel9.x86_64.rpm in the
> EL9 repo is faulty - it contains wrong checksums that prevent any
> operation on the file (like metadata extraction):

<snip>
>
> We keep a mirror of PostgreSQL and this breaks repo synchronisation.
> While we can block certain unwanted packages based on their NEVRA,
> this mechanism does not work here  because we cannot even extract the
> NEVRA form the faulty package. Although you seem to have released a
> follow-up version 9.3.1 of the package, this does not fix the issue -
> as long as the package with the bad checksum is there, the repo sync
> will fail. To remedy the problem, please
> consider one of the following:
>
> - Remove the faulty 9.3.0 package from your repository, then rebuild
> repo's metadata. This perhaps the easiest, since you already have
> 9.3.1 with proper checksums.

Done, thanks for the report!

Regards,
--
Devrim Gündüz
Open Source Solution Architect, PostgreSQL Major Contributor
Twitter: @DevrimGunduz , @DevrimGunduzTR