Обсуждение: BUG #17918: Checksum failed while sync repos for a package
The following bug has been logged on the website: Bug reference: 17918 Logged by: Sureshkumar G Email address: suresh.kumar@d4t4solutions.com PostgreSQL version: 12.0 Operating system: CentOS7 Description: We're using Foreman satellite server and we tried to sync posgresql 12 repo from https://download.postgresql.org/ and facing failed checksum error for below package Package: pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm Error: "A file located at the url http://download.postgresql.org/pub/repos/yum/12/redhat/rhel-7.0-x86_64/pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm failed validation due to checksum." We're validated checksum and looks it both're different. sha256sum pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm cd752ab10807898f4451c2a9cbf9782f6ed91273b0d62fb0d8746dcfee067bb9 pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm </package> <package pkgid="899efe5f0c404d870c7fd8900b66bb72c54548c0cd5152a60b09d5133514d559" name="pg_auto_failover_12-llvmjit" arch="x86_64"> Can you please look on it and also let me know if any security risk being there if we skip checksum for this package?
Hi, Thanks for the report. It looks like a rsync issue, but please don't skip checksums until I confirm (which will happen until later tonight( Regards, Devrim On Wed, 2023-05-03 at 11:43 +0000, PG Bug reporting form wrote: > The following bug has been logged on the website: > > Bug reference: 17918 > Logged by: Sureshkumar G > Email address: suresh.kumar@d4t4solutions.com > PostgreSQL version: 12.0 > Operating system: CentOS7 > Description: > > We're using Foreman satellite server and we tried to sync posgresql 12 > repo > from https://download.postgresql.org/ and facing failed checksum error > for > below package > > Package: pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > > Error: > "A file located at the url > http://download.postgresql.org/pub/repos/yum/12/redhat/rhel-7.0-x86_64/pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > failed validation due to checksum." > > We're validated checksum and looks it both're different. > > sha256sum pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > cd752ab10807898f4451c2a9cbf9782f6ed91273b0d62fb0d8746dcfee067bb9 > pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > > </package> > <package > pkgid="899efe5f0c404d870c7fd8900b66bb72c54548c0cd5152a60b09d5133514d55 > 9" > name="pg_auto_failover_12-llvmjit" arch="x86_64"> > > Can you please look on it and also let me know if any security risk > being > there if we skip checksum for this package? > -- Devrim Gündüz Open Source Solution Architect, PostgreSQL Major Contributor Twitter: @DevrimGunduz , @DevrimGunduzTR
Hi, On Wed, 2023-05-03 at 11:43 +0000, PG Bug reporting form wrote: > The following bug has been logged on the website: > > Bug reference: 17918 > Logged by: Sureshkumar G > Email address: suresh.kumar@d4t4solutions.com > PostgreSQL version: 12.0 > Operating system: CentOS7 > Description: > > We're using Foreman satellite server and we tried to sync posgresql 12 > repo > from https://download.postgresql.org/ and facing failed checksum error > for > below package > > Package: pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > > Error: > "A file located at the url > http://download.postgresql.org/pub/repos/yum/12/redhat/rhel-7.0-x86_64/pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > failed validation due to checksum." > > We're validated checksum and looks it both're different. > > sha256sum pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > cd752ab10807898f4451c2a9cbf9782f6ed91273b0d62fb0d8746dcfee067bb9 > pg_auto_failover_12-llvmjit-1.6.3-1.rhel7.x86_64.rpm > > </package> > <package > pkgid="899efe5f0c404d870c7fd8900b66bb72c54548c0cd5152a60b09d5133514d55 > 9" > name="pg_auto_failover_12-llvmjit" arch="x86_64"> > > Can you please look on it and also let me know if any security risk > being > there if we skip checksum for this package? > I can confirm that this is caused by signing unsigned packages last week, but rsync failing to update main server(s). So this is *not* a security issue. However, as a precaution, I removed problematic packages from the repository. They were too old anyway. I did not want to push updated checksums for the same packages. Please let me know if this solves your problem. Again, thanks for the report. Regards, -- Devrim Gündüz Open Source Solution Architect, PostgreSQL Major Contributor Twitter: @DevrimGunduz , @DevrimGunduzTR