synchro rundeck repository - sha1 issue
olwins opened this issue · comments
Note: Bug Reports not following this template may be closed without feedback.
Getting Help
Please use this issue template for reporting identified or suspected bugs only. For support on configuration or troubleshooting please see Getting Help for the appropriate channels.
Describe the bug
Hi, For security reason, we use a tools named "pulp", to synchronize external rpm/deb repository.
So that internal server, only connect to one internal node, to donwload all packages (redhat,ubuntu ,postgresql, etc ...)
We tried to do the same for the rundeck repository, but our synchronisation failed.
After analysing the issue, the sync failed because it find some sha1 checksum for the list of packages (md5 and sha1 are disabled in the tools for security reason)
Apparently in #8259 the repo switched to sha256
But it look like sha1 is still used internally.
(just wanted to indicate the issue, we installed manually the tools to avoid the problem)
It you download the file primary.xml.gz use for the rpm redhat repo :
wget https://packagecloud.io/pagerduty/rundeck/rpm_any/rpm_any/x86_64/repodata/424ae6b1614330e5b6862de4d52c1ef0dfaa81ac-primary.xml.gz
You can see that sha is still used instead of sha256for the file's checksum
Ex:
<package type="rpm">
<name>rundeck</name>
<arch>noarch</arch>
<version epoch="0" rel="1.8.GA" ver="2.0.0"/><package type="rpm">
<name>rundeck</name>
<arch>noarch</arch>
<version epoch="0" rel="1.8.GA" ver="2.0.0"/>
<checksum pkgid="YES" type="sha">e23bb3219d231fa553c1ed58157841e1b4e96e51</checksum>
My Rundeck detail
- Rundeck version: 5.2
- install type: rpm
- OS Name/version: redhat 9
- DB Type/version: postgres
To Reproduce
Verify that sha is used instead of sha256
Expected behavior
sha256 is used for the repo metadata
Ex based on another repository (postgres):
<checksum type="sha256" pkgid="YES">69744c5f5ce61f17d70d0cd9c54cba046dbdbf9478eb702a57392e253f871f21</checksum>
Screenshots
Desktop (please complete the following information):
Additional context