Re: upload of rebuilt packages to the repository
От | Philippe Kueck |
---|---|
Тема | Re: upload of rebuilt packages to the repository |
Дата | |
Msg-id | c93b8b9f-6641-1e2e-6b8c-9078cadb4625@quarantine.de обсуждение исходный текст |
Ответ на | upload of rebuilt packages to the repository (Philippe Kueck <a4obmfyynycqcgqmaylaqxi6dzew6gismu@quarantine.de>) |
Ответы |
Re: upload of rebuilt packages to the repository
(Devrim Gündüz <devrim@gunduz.org>)
|
Список | pgsql-pkg-yum |
Hi all, it happened again. Altered rpm packages were uploaded to the repository without bumping the version string. Why do you do this? Mirrors haven been shattered, breaking our own repositories and yum caches. If you need to add a gpg signature to your packages, increase the release number and delete the unsigned package. If you released a faulty/corrupt package, increase the release number and delete the previous package. If after uploading your package to the repository you find out your package is missing a bugfix, increase the release number. If you need to rebuild your package against a different library set, increase the release number. If you need to rebuild your package with different compiler flags, increase the release number. Even if hell freezes over, increase the release number. That's what I found so far: > 0_existing/osm2pgrouting_10-2.3.3-1.rhel7.x86_64.rpm > # osm2pgrouting_10-2.3.3-1.rhel7.x86_64 > built: Tue Dec 19 22:56:36 2017 > signature: (none) > md5: 3eeff0d2547711082c465880ba710cfc > size: 137028 > > 1_online/osm2pgrouting_10-2.3.3-1.rhel7.x86_64.rpm > # osm2pgrouting_10-2.3.3-1.rhel7.x86_64 > built: Tue Dec 19 22:56:36 2017 > signature: DSA/SHA1, Mon Jun 18 15:17:19 2018, Key ID 1f16d2e1442df0f8 > md5: cad0d9aedf3608e50f6cfb0221b3119b > size: 137028 > > 0_existing/osm2pgrouting_10-debuginfo-2.3.3-1.rhel7.x86_64.rpm > # osm2pgrouting_10-debuginfo-2.3.3-1.rhel7.x86_64 > built: Tue Dec 19 22:56:36 2017 > signature: (none) > md5: a410f47dab9a087c99decef93e282eb7 > size: 17680 > > 1_online/osm2pgrouting_10-debuginfo-2.3.3-1.rhel7.x86_64.rpm > # osm2pgrouting_10-debuginfo-2.3.3-1.rhel7.x86_64 > built: Tue Dec 19 22:56:36 2017 > signature: DSA/SHA1, Mon Jun 18 15:17:19 2018, Key ID 1f16d2e1442df0f8 > md5: 0d8467f42671e341fe2f7d17111dffc7 > size: 17680 > > 0_existing/pgadmin4-python-pbr-3.1.1-1.rhel7.noarch.rpm > # pgadmin4-python-pbr-3.1.1-1.rhel7.noarch > built: Wed Apr 11 02:44:54 2018 > signature: DSA/SHA1, Wed Apr 11 02:44:55 2018, Key ID 1f16d2e1442df0f8 > md5: bccdf4366e5cf371312741509024eef2 > size: 77368 > > 1_online/pgadmin4-python-pbr-3.1.1-1.rhel7.noarch.rpm > # pgadmin4-python-pbr-3.1.1-1.rhel7.noarch > built: Wed Apr 11 02:45:00 2018 > signature: DSA/SHA1, Wed Apr 11 02:45:01 2018, Key ID 1f16d2e1442df0f8 > md5: 4a75384dd952d7654f5c2597baf80234 > size: 77364 > > 0_existing/pgadmin4-python-simplejson-3.13.2-1.rhel7.x86_64.rpm > # pgadmin4-python-simplejson-3.13.2-1.rhel7.x86_64 > built: Wed Apr 11 02:49:44 2018 > signature: DSA/SHA1, Wed Apr 11 02:49:47 2018, Key ID 1f16d2e1442df0f8 > md5: 364341231594bc82aa203315d8fe8db6 > size: 188664 > > 1_online/pgadmin4-python-simplejson-3.13.2-1.rhel7.x86_64.rpm > # pgadmin4-python-simplejson-3.13.2-1.rhel7.x86_64 > built: Wed Apr 11 02:49:54 2018 > signature: DSA/SHA1, Wed Apr 11 02:49:56 2018, Key ID 1f16d2e1442df0f8 > md5: 517f5e3bcf2086be16e04e0b8a736ebd > size: 188664 > > 0_existing/pgadmin4-python-simplejson-debuginfo-3.13.2-1.rhel7.x86_64.rpm > # pgadmin4-python-simplejson-debuginfo-3.13.2-1.rhel7.x86_64 > built: Wed Apr 11 02:49:44 2018 > signature: DSA/SHA1, Wed Apr 11 02:49:47 2018, Key ID 1f16d2e1442df0f8 > md5: ec13ec30d9958ac87d8a0410019734b1 > size: 56512 > > 1_online/pgadmin4-python-simplejson-debuginfo-3.13.2-1.rhel7.x86_64.rpm > # pgadmin4-python-simplejson-debuginfo-3.13.2-1.rhel7.x86_64 > built: Wed Apr 11 02:49:54 2018 > signature: DSA/SHA1, Wed Apr 11 02:49:57 2018, Key ID 1f16d2e1442df0f8 > md5: 37e02e71c1b3231d7028c9fea8a56f24 > size: 56488 > > 0_existing/pgadmin4-python-sshtunnel-0.1.3-1.rhel7.noarch.rpm > # pgadmin4-python-sshtunnel-0.1.3-1.rhel7.noarch > built: Wed Jun 27 01:04:30 2018 > signature: DSA/SHA1, Wed Jun 27 01:04:30 2018, Key ID 1f16d2e1442df0f8 > md5: 27bd4760e4424a02d2d24f2d92a2d411 > size: 37460 > > 1_online/pgadmin4-python-sshtunnel-0.1.3-1.rhel7.noarch.rpm > # pgadmin4-python-sshtunnel-0.1.3-1.rhel7.noarch > built: Wed Jun 27 01:04:34 2018 > signature: DSA/SHA1, Wed Jun 27 01:04:34 2018, Key ID 1f16d2e1442df0f8 > md5: 645328bcb6a353ce832f940643625628 > size: 37456 Kind regards Philippe On 06.03.2018 13:36, Philippe Kueck wrote: > Hi all, > > > I've noticed that from time to time PostgreSQL pushes rebuilds of > already existing packages[1] – i.e. same %{name}, %{epoch}, %{version}, > %{release} and same filename but different content – into the yum > repository. > > Please don't to that. > > If the existing package is buggy or corrupt, just increase %{release} > and push the new package to the repo. > Otherwise yum and mirrors might not handle it correctly. With cached > metadata, yum will complain about checksum mismatches. Mirrors that are > using e.g. reposync will create a corrupted file if the former package > was smaller than the updated one by appending additional bytes to the > existing file. If the former package was larger than the updated one, > your the servers will respond with a "416 range not satisfiable". > > > Best, > > Philippe > > [1] for example amcheck_next10-1.3-1.rhel7.x86_64 on march 1st >
В списке pgsql-pkg-yum по дате отправления: