Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.0.15-galera
-
Fix Version/s: 5.5.41-galera
-
Component/s: Galera
-
Labels:
Description
We keep a downstream mirror of the package repository (specifically, the Galera variant of MariaDB 10.0 for CentOS 6 x86_64 and i686).
When updating last night, we downloaded the new 10.0.15 packages. What was troubling to us is that the galera-25.3.5-1.rhel6.x86_64.rpm package was modified. By this I mean that we previously had an identically named package with an md5 checksum of 9b9ac4f9e9f4f9fc0b0ec5435a6d2054 that since last night has the md5 checksum 3b85a02d1be91a4ac0708fc5cb71699c.
This raised some eyebrows. I hope you agree this goes against the reasonable expectation that when the package is altered, the version number (or at the very least the package release number) is increased.
After a quick investigation, it appears that the package contents are unaltered, but rpm tells us the previous package was signed at `Thu 16 Oct 2014 01:48:54 AM CEST`, where the new package was signed at `Mon 24 Nov 2014 04:06:28 PM CET`. Build time for both packages is identical at `Wed 25 Jun 2014 04:35:31 AM CEST`.
Our guess is that the CD process responsible for creating the repositories indiscriminately re-signs unaltered packages each time a repository build job is performed.
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Daniel Bartholomew Do you know why the checksum for galera package changed?
I agree, that should not happen. I'll investigate.
we've altered how repositories are generated so that signatures for files that are constant between MariaDB versions stay the same, closing issue
Nirbhay Choubey,
Could you please check whether it was a one-time thing, and if so, what was the reason for that, or is it a part of the process which in this case should be amended?