Hasn't anyone else come across the problem with a corrupted current thunderbird-24.5.0-1.fc19.i686.rpm package in the updates repository ?
https://bugzilla.redhat.com/show_bug.cgi?id=1093927
Big issue here is that it has a duff MD5 checksum but yum/rpm still tries to install it ...
On 06/05/14 03:26 AM, Terry Barnaby wrote:
Hasn't anyone else come across the problem with a corrupted current thunderbird-24.5.0-1.fc19.i686.rpm package in the updates repository ?
https://bugzilla.redhat.com/show_bug.cgi?id=1093927
Big issue here is that it has a duff MD5 checksum but yum/rpm still tries to install it ...
Several people reported this over the past few days. A new version is expected any day now. The koji build is fine. It's available here:
http://kojipkgs.fedoraproject.org//packages/thunderbird/24.5.0/1.fc19/i686/t...
On 06.05.2014 15:35, Franklin McCormick wrote:
On 06/05/14 03:26 AM, Terry Barnaby wrote:
Hasn't anyone else come across the problem with a corrupted current thunderbird-24.5.0-1.fc19.i686.rpm package in the updates repository ?
https://bugzilla.redhat.com/show_bug.cgi?id=1093927
Big issue here is that it has a duff MD5 checksum but yum/rpm still tries to install it ...
Several people reported this over the past few days. A new version is expected any day now. The koji build is fine. It's available here:
http://kojipkgs.fedoraproject.org//packages/thunderbird/24.5.0/1.fc19/i686/t...
/etc/yum.repos.d/fedora-koji.repo [fedora-koji] name=Fedora $releasever - $basearch - Koji baseurl=http://koji.fedoraproject.org/repos/f$releasever-build/latest/$basearch/ enabled=0 gpgcheck=0 skip_if_unavailable=1
# yum --enablerepo * clean all # yum [--disablerepo *] --enablerepo fedora-koji update thunderbird
poma
On 05/06/2014 12:26 AM, Terry Barnaby wrote:
Hasn't anyone else come across the problem with a corrupted current thunderbird-24.5.0-1.fc19.i686.rpm package in the updates repository ?
Yeah. It's an inconvenience, but as long as yumex handles the rest of the daily updates correctly, I'm not too worried.
On 05/06/2014 08:02 PM, Joe Zeff wrote:
On 05/06/2014 12:26 AM, Terry Barnaby wrote:
Hasn't anyone else come across the problem with a corrupted current thunderbird-24.5.0-1.fc19.i686.rpm package in the updates repository ?
Yeah. It's an inconvenience, but as long as yumex handles the rest of the daily updates correctly, I'm not too worried.
Its not really the inconvenience of the bad package that is an issue here, those things do happen.
It is the fact that the package is signed with an MD5 checksum to validate its contents. The MD5 signature showed the package was incorrect. But, yum tried to install it anyway. This seems to suggest that a packages contents can be modified after signing and still be installed without any errors notified ...
Shouldn't yum/rpm refuse to install if the MD5 checksum is wrong ?
On 06/05/14 04:37 PM, Joe Zeff wrote:
On 05/06/2014 12:49 PM, Terry Barnaby wrote:
Shouldn't yum/rpm refuse to install if the MD5 checksum is wrong ?
Yes, I'd think that it should. Open a Bugzilla.
One has been opened already.
On 06/05/14 05:40 PM, Frank McCormick wrote:
On 06/05/14 04:37 PM, Joe Zeff wrote:
On 05/06/2014 12:49 PM, Terry Barnaby wrote:
Shouldn't yum/rpm refuse to install if the MD5 checksum is wrong ?
Yes, I'd think that it should. Open a Bugzilla.
One has been opened already.
Just in case you want to see it.
https://fedorahosted.org/rel-eng/ticket/5898
On 05/06/2014 03:00 PM, Frank McCormick wrote:
On 06/05/14 05:40 PM, Frank McCormick wrote:
On 06/05/14 04:37 PM, Joe Zeff wrote:
On 05/06/2014 12:49 PM, Terry Barnaby wrote:
Shouldn't yum/rpm refuse to install if the MD5 checksum is wrong ?
Yes, I'd think that it should. Open a Bugzilla.
One has been opened already.
Just in case you want to see it.
That's good, as far as it goes, but it doesn't address the underlying problem that yum should refuse to install a package with a bad checksum. What's needed is a Bugzilla against yum for trying to install the package under these circumstances.
On 06/05/14 06:08 PM, Joe Zeff wrote:
On 05/06/2014 03:00 PM, Frank McCormick wrote:
On 06/05/14 05:40 PM, Frank McCormick wrote:
On 06/05/14 04:37 PM, Joe Zeff wrote:
On 05/06/2014 12:49 PM, Terry Barnaby wrote:
Shouldn't yum/rpm refuse to install if the MD5 checksum is wrong ?
Yes, I'd think that it should. Open a Bugzilla.
One has been opened already.
Just in case you want to see it.
That's good, as far as it goes, but it doesn't address the underlying problem that yum should refuse to install a package with a bad checksum. What's needed is a Bugzilla against yum for trying to install the package under these circumstances.
https://bugzilla.redhat.com/show_bug.cgi?id=1094846
On 05/06/2014 05:02 PM, Frank McCormick wrote:
On 06/05/14 06:08 PM, Joe Zeff wrote:
Thank you. Bugzilla was down when I received this, but I've checked it out and added myself to the CC list. If I were reporting it, I'd base it on the fact that the package fails the MD5 test, but without trying again to update Thunderbird, I don't have any documentation for it. If/when I do, I'll add a comment about it.
On 07.05.2014 03:23, Joe Zeff wrote:
On 05/06/2014 05:02 PM, Frank McCormick wrote:
On 06/05/14 06:08 PM, Joe Zeff wrote:
Thank you. Bugzilla was down when I received this, but I've checked it out and added myself to the CC list. If I were reporting it, I'd base it on the fact that the package fails the MD5 test, but without trying again to update Thunderbird, I don't have any documentation for it. If/when I do, I'll add a comment about it.
Looking for a rabbit without carrots. Did you all ever wondered if there is a such feature at all, and if it can be implemented in "Dan didn't find the Yellowdog Updater, Modified, again." :)
poma
-
Frank McCormick -
Joe Zeff -
poma -
Terry Barnaby