BUG #18304: Faulty proj93 RPM package in EL9 repo

From: PG Bug reporting form <noreply(at)postgresql(dot)org>
To: pgsql-bugs(at)lists(dot)postgresql(dot)org
Cc: assen(dot)totin(at)gmail(dot)com
Subject: BUG #18304: Faulty proj93 RPM package in EL9 repo
Date: 2024-01-20 11:55:17
Message-ID: 18304-d71f7da4c6823b53@postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

The following bug has been logged on the website:

Bug reference: 18304
Logged by: Assen Totin
Email address: assen(dot)totin(at)gmail(dot)com
PostgreSQL version: Unsupported/Unknown
Operating system: RHEL-9
Description:

The package with filename proj93-9.3.0-1PGDG.rhel9.x86_64.rpm in the EL9
repo is faulty - it contains wrong checksums that prevent any operation on
the file (like metadata extraction):

[root(at)cgdclcm9 p]# rpm -qp --qf="%{modularitylabel}"
proj93-9.3.0-1PGDG.rhel9.x86_64.rpm
error: proj93-9.3.0-1PGDG.rhel9.x86_64.rpm: Header SHA256 digest: BAD
(Expected e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
!= fd96c44fc00d2537005936527104b7781b3f79efcd516752c0f4a5015d9e47ae)
error: proj93-9.3.0-1PGDG.rhel9.x86_64.rpm: Header SHA1 digest: BAD
(Expected da39a3ee5e6b4b0d3255bfef95601890afd80709 !=
966f4b9594664d2f91f33d0c54fc873eaf526d69)
error: proj93-9.3.0-1PGDG.rhel9.x86_64.rpm: not an rpm package (or package
manifest)

We keep a mirror of PostgreSQL and this breaks repo synchronisation. While
we can block certain unwanted packages based on their NEVRA, this mechanism
does not work here because we cannot even extract the NEVRA form the faulty
package. Although you seem to have released a follow-up version 9.3.1 of the
package, this does not fix the issue - as long as the package with the bad
checksum is there, the repo sync will fail. To remedy the problem, please
consider one of the following:

- Remove the faulty 9.3.0 package from your repository, then rebuild repo's
metadata. This perhaps the easiest, since you already have 9.3.1 with proper
checksums.

- If you really want to keep 9.3.0 in the repo, rebuild its RPM with a
higher release number, then substitute the faulty RPM with this one and
rebuild the repo's metadata.

- The worst solution (but still possible) would be to rebuild the 9.3.0 RPM
with proper checksums, then rebuild repo's metadata.

Thank you in advance,

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Devrim Gündüz 2024-01-21 00:14:32 Re: BUG #18304: Faulty proj93 RPM package in EL9 repo
Previous Message Peter Eisentraut 2024-01-20 08:05:24 Re: Fwd: bug in polish translation