[CentOS] md5sum mismatch between CentOS 6.4 and 6.5 repository

Mon Dec 9 12:43:46 UTC 2013
Johnny Hughes <johnny at centos.org>

On 12/09/2013 06:21 AM, Johnny Hughes wrote:
> On 12/07/2013 09:07 AM, Mogens Kjaer wrote:
>> On 12/06/2013 12:49 PM, Lars Hecking wrote:
>>> Something got mixed up somewhere. The first one (md5 20bb...) is from the x86_64
>>>   branch, both 6.4 and 6.5, and the second one (md5 d37f...) is from the i386
>>>   branch, also 6.4 and 6.5.
>>>
>>> d37fe4404a7a5fdb27b29f9b5ed09c73  ./6.4/os/i386/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>>> 20bb02e6f3b7b71e09dcaff7f3b0ca02  ./6.4/os/x86_64/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>>> d37fe4404a7a5fdb27b29f9b5ed09c73  ./6.5/os/i386/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>>> 20bb02e6f3b7b71e09dcaff7f3b0ca02  ./6.5/os/x86_64/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> Hm, am I the only mirror maintainer that runs hardlinkpy on the tree
>> after each mirror?
>>
>> Why are there different md5sum's on these files?
>>
>> They are noarch rpms, so they should be identical in i386 and x86_64?
>>
>> I get the following:
>>
>> # md5sum `locate python-slip-dbus-0.2.20-1.el6_2.noarch.rpm`
>> d37fe4404a7a5fdb27b29f9b5ed09c73 
>> /var/ftp/pub/mirrors/centos/6.4/os/i386/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> 20bb02e6f3b7b71e09dcaff7f3b0ca02 
>> /var/ftp/pub/mirrors/centos/6.4/os/x86_64/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> d37fe4404a7a5fdb27b29f9b5ed09c73 
>> /var/ftp/pub/mirrors/centos/6.5/os/i386/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> d37fe4404a7a5fdb27b29f9b5ed09c73 
>> /var/ftp/pub/mirrors/centos/6.5/os/x86_64/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>>
>> and:
>> # ls -li `locate python-slip-dbus-0.2.20-1.el6_2.noarch.rpm`
>> 98845547 -rw-rw-r-- 3 mk 500 30844 Mar 26  2012 
>> /var/ftp/pub/mirrors/centos/6.4/os/i386/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> 98315857 -rw-rw-r-- 1 mk 500 30844 Mar 26  2012 
>> /var/ftp/pub/mirrors/centos/6.4/os/x86_64/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> 98845547 -rw-rw-r-- 3 mk 500 30844 Mar 26  2012 
>> /var/ftp/pub/mirrors/centos/6.5/os/i386/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>> 98845547 -rw-rw-r-- 3 mk 500 30844 Mar 26  2012 
>> /var/ftp/pub/mirrors/centos/6.5/os/x86_64/Packages/python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
>>
>> Mogens
>>
> They would not necessarily have the exact same md5sum just because they
> are noarch.  The way mock compiles RPMs, it would be built on each
> builder separately.  The possibility exists that something very minor
> can (and sometimes does) happen to make things not exact.  I will
> analyze these an tell you the difference in an upcoming e-mail.
>
> We have changed our policy and now we will use the same noarch file,
> from one of the arches, on both if it exist in the arches.  That policy
> did indeed cause a change in the MD5SUM as they were different before. 
> Again, I'll post in another e-mail what is different between the two,
> but this is as expected.
>
> It should not happen any more moving forward though, as we will only
> ever release ONE noarch file in future, regardless of it they built
> slightly differently from the builders.
>

OK, the only difference on these RPMs is the signature (it happened at a
different time, by one second).

If you look at "rpm -qpi" you will see one of them was signed at:

Signature   : RSA/SHA1, Mon 26 Mar 2012 08:36:33 AM CDT, Key ID
0946fca2c105b9de

the other:

Signature   : RSA/SHA1, Mon 26 Mar 2012 08:36:32 AM CDT, Key ID
0946fca2c105b9de

(they were 2 separate files, produced in two separate build trees, and
therefore have 2 separate signature times)

However, if you do this to each of the files to remove the signatures:

rpm --delsign python-slip-dbus-0.2.20-1.el6_2.noarch.rpm

then do an md5sum, you will see that underlying (and unsigned) rpms have
identical md5sums of:

[johnny at m4500n 6.5]$ md5sum python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
8cb0c87fd4942673c79c304d3c29aedb  python-slip-dbus-0.2.20-1.el6_2.noarch.rpm

[johnny at m4500n 6.5]$ cd ../6.4/

[johnny at m4500n 6.4]$ md5sum python-slip-dbus-0.2.20-1.el6_2.noarch.rpm
8cb0c87fd4942673c79c304d3c29aedb  python-slip-dbus-0.2.20-1.el6_2.noarch.rpm

Also, the content of each RPM is identical at these values:

511a4571af6e42e130c43bfff2507863 
./usr/lib/python2.6/site-packages/slip.dbus-0.2.20-py2.6.egg-info
01bb823d18266732b2cb24d7ea1d693b 
./usr/lib/python2.6/site-packages/slip/dbus/__init__.pyc
77ec375c396560fc4dd8bf0160831cfa 
./usr/lib/python2.6/site-packages/slip/dbus/bus.pyo
426ba8cb64e3ce60a40042ce961faebc 
./usr/lib/python2.6/site-packages/slip/dbus/proxies.pyo
5d5bab55941cb57d18bddb09dc1993bb 
./usr/lib/python2.6/site-packages/slip/dbus/proxies.py
01bb823d18266732b2cb24d7ea1d693b 
./usr/lib/python2.6/site-packages/slip/dbus/__init__.pyo
89073c18b01d301eefd7169fc08360fa 
./usr/lib/python2.6/site-packages/slip/dbus/bus.py
dc7e59367bab048fc3bca4fc94e2f5fc 
./usr/lib/python2.6/site-packages/slip/dbus/mainloop.pyc
3010ee109154bb35be8458f1e0ab65e1 
./usr/lib/python2.6/site-packages/slip/dbus/polkit.pyo
2af7a635fd80074aa75a095310cbdf96 
./usr/lib/python2.6/site-packages/slip/dbus/polkit.pyc
77ec375c396560fc4dd8bf0160831cfa 
./usr/lib/python2.6/site-packages/slip/dbus/bus.pyc
dc7e59367bab048fc3bca4fc94e2f5fc 
./usr/lib/python2.6/site-packages/slip/dbus/mainloop.pyo
0e2cfc449f2307991ab1c5d1b0839e76 
./usr/lib/python2.6/site-packages/slip/dbus/mainloop.py
635409538835be2bad6e072df6fe50d8 
./usr/lib/python2.6/site-packages/slip/dbus/service.pyo
6d8e78bc35557e342eecce5e7a3b55f1 
./usr/lib/python2.6/site-packages/slip/dbus/polkit.py
3f0ed599e4b44a828d46651e192eaf48 
./usr/lib/python2.6/site-packages/slip/dbus/__init__.py
315ea359d43863330288b57460296bd8 
./usr/lib/python2.6/site-packages/slip/dbus/service.py
9a92a5c97b06379b0d27d40b5835189b 
./usr/lib/python2.6/site-packages/slip/dbus/constants.pyc
b38049b11f629bb18ec16a529c468c56 
./usr/lib/python2.6/site-packages/slip/dbus/constants.py
9a92a5c97b06379b0d27d40b5835189b 
./usr/lib/python2.6/site-packages/slip/dbus/constants.pyo
426ba8cb64e3ce60a40042ce961faebc 
./usr/lib/python2.6/site-packages/slip/dbus/proxies.pyc
635409538835be2bad6e072df6fe50d8 
./usr/lib/python2.6/site-packages/slip/dbus/service.pyc
3075a8ae134b28ac0cb602efac73817c 
./usr/share/doc/python-slip-dbus-0.2.20/README
031777f09db135ce66c192765c7b1897 
./usr/share/doc/python-slip-dbus-0.2.20/example/org.fedoraproject.slip.example.policy
5518ddb1e0ecc74aaae45e6c10497996 
./usr/share/doc/python-slip-dbus-0.2.20/example/org.fedoraproject.slip.example.mechanism.service
b16a87935336095bcbb01fb2ca8265e2 
./usr/share/doc/python-slip-dbus-0.2.20/example/README
8d2b740e128fe5efb7972bcf2cc1343d 
./usr/share/doc/python-slip-dbus-0.2.20/example/org.fedoraproject.slip.example.mechanism.conf
00c6cc4ff6554c633144f50860aebd83 
./usr/share/doc/python-slip-dbus-0.2.20/example/example-conf-client.py
f4a406243c67d9c357b2c7c1e16e5ec3 
./usr/share/doc/python-slip-dbus-0.2.20/example/Makefile
7f325e65d8a1eb59b8a09bdcb413d6b1 
./usr/share/doc/python-slip-dbus-0.2.20/example/example-conf-mechanism.py
d41d8cd98f00b204e9800998ecf8427e 
./usr/share/doc/python-slip-dbus-0.2.20/example/import_marker.py


Therefore the only difference is the signatures, and that difference is
the time being 1 second different in the rpm metadata ...

We will prevent these in the future because we now ONLY take one of the
2 noarch RPMs and put it in both trees (if applicable to both trees).

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20131209/e79ebb9f/attachment-0004.sig>