[CentOS-devel] kdebindings-3.5.4-6.el5.src.rpm seems to be wrong
mail-lists at karan.org
Tue Apr 21 23:46:49 UTC 2009
Hi Jeff, thanks for looking into this.
On 04/21/2009 11:14 PM, Jeff Johnson wrote:
>> 1) build some package
>> 2) use dd to truncate some of the payload.
>> 3) sign the package
>> 3) verify the signature.
> If this reproduces the issue, I can pretty easily send you a
> patch that compares before and after header+payload MD5 digest
> and warns/errors if the two values do not match while signing.
This is indeed a part of the situation. The signature was added to a
file that wasent complete at the time.
however, the problem does not end there. The file on the master server
was then refreshed with the complete srpm on the next rsync ( about 12
minutes later ) and resigned - but that package never made it down to
the mirror's, they continued to run with the partial srpm even though
they run a complete rsync every 15 minutes from the master.
Its getting a bit late now, but I will try and setup some tests for this
over the next few days and see exactly what caused rsync to ignore this
file inspite of timestamp and filesize being very different.
Karanbir Singh : http://www.karan.org/ : 2522219 at icq
More information about the CentOS-devel