View Issue Details

IDProjectCategoryView StatusLast Update
0007671CentOS-7createrepopublic2014-10-06 17:17
Reporterice799 Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version7.0-1406 
Summary0007671: createrepo's rpm version parsing differs from librpm producing incorrect metadata
Descriptioncreaterepo has a bug in its python code for parsing version strings from RPMs. This bug was fixed, but the fix was lost during a major rewrite of the createrepo internals.

The commit sha 2269134f119ce13d6a9b725f94954d9dd629f427 in the createrepo git history contains the fix that should exist on master, but was instead lost.

You can find the librpm algorithm for computing version, release, and epoch in the function 'parseEVR' in rpmds.c in librpm (I am looking at the source for librpm-4.12.0.1, but this code is present in earlier versions).

The result is that the primary XML produced by createrepo (and used in the official CentOS7 repositories) lists different version and release strings for rpm provides than would be listed by librpm.

For example, the package plexus-cdc-1.0-0.20.a14.el7.noarch.rpm from CentOS7 has the following in its primary xml:

<rpm:entry epoch="0" flags="EQ" name="mvn(org.codehaus.plexus:plexus-cdc)" rel="14" ver="1.0-alpha"/>

But librpm generates: ver="1.0" and release "alpha-14"
TagsNo tags attached.
abrt_hash
URL

Activities

ice799

ice799

2014-10-05 20:47

reporter   ~0021058

Err, looks like I wrote that backward..


createrepo generates:

<rpm:entry name="mvn(org.codehaus.plexus:plexus-cdc)" flags="EQ" epoch="0" ver="1.0" rel="alpha-14"/>

but:

<rpm:entry name="mvn(org.codehaus.plexus:plexus-cdc)" flags="EQ" epoch="0" ver="1.0-alpha" rel="14"/>

is expected
toracat

toracat

2014-10-06 16:53

manager   ~0021062

RH bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1149531
ice799

ice799

2014-10-06 17:17

reporter   ~0021063

Yep, I filed the RH bug as well.

I forgot to mention: once this bug is fixed in createrepo, the official CentOS7 repositories should probably be generated as the official metadata is currently outputting incorrect version and release strings for several packages.

Issue History

Date Modified Username Field Change
2014-10-05 20:23 ice799 New Issue
2014-10-05 20:47 ice799 Note Added: 0021058
2014-10-06 10:37 kbsingh@karan.org Status new => acknowledged
2014-10-06 16:53 toracat Note Added: 0021062
2014-10-06 17:17 ice799 Note Added: 0021063