[sles-beta] sha256sum apparmor-docs
markus.hubler at isc-ejpd.admin.ch
markus.hubler at isc-ejpd.admin.ch
Tue Nov 24 02:54:16 MST 2015
Hi folks
It seems as if a package has a different sha256sum with Sles12 and Sles 12 SP1. It is the same version has been packaged at the same date. However the signature date is different. Beside from this everything in these two packages is identical.
Signature : RSA/SHA256, Fri 04 Sep 2015 03:04:45 PM CEST, Key ID 70af9e8139db7c82
Signature : RSA/SHA256, Fri 04 Sep 2015 03:05:40 PM CEST, Key ID 70af9e8139db7c82
At the end I have two different checksums. This leads to an installation problem when doing a new installation with cobbler (from Suse Manager). The machine does not refer to the rpm from sp1 but to the rpm from the update section from sp0.
The expected checksum of file .... is ... but the current checksum is ...
This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
Use it anyway?
This message is shown for more than 10 packages...
# sha256sum /var/spacewalk/instsrv/sles12_1/suse/noarch/apparmor-docs-2.8.2-36.1.noarch.rpm
a727bebac6b8dd8fc18fd2df00782042b9612c5e31acbb3240d4b41373c44059 /var/spacewalk/instsrv/sles12_1/suse/noarch/apparmor-docs-2.8.2-36.1.noarch.rpm
# sha256sum /var/spacewalk/packages/NULL/df3/apparmor-docs/2.8.2-36.1/noarch/df366fb83e165d33866ae42a717658742069b5e3f5cba8629ddd52ddeabb434a/apparmor-docs-2.8.2-36.1.noarch.rpm
df366fb83e165d33866ae42a717658742069b5e3f5cba8629ddd52ddeabb434a /var/spacewalk/packages/NULL/df3/apparmor-docs/2.8.2-36.1/noarch/df366fb83e165d33866ae42a717658742069b5e3f5cba8629ddd52ddeabb434a/apparmor-docs-2.8.2-36.1.noarch.rpm
Now my question: Is there a good way to work around this problem. Or are there any needs to fix this?
Regards
Markus
More information about the sles-beta
mailing list