On 2012-01-22 16:40, DenverD wrote:
> On 01/22/2012 04:06 PM, dwestf wrote:
> either i can’t read or i’m just too dense to understand but: what i read in
> your statement above is that all the lib4-4.7.4-19.4.1.x86_64.rpm files you
> have locally or can now download (no matter their date or their location)
> all have the same checksum…
Except the one downloaded from http://mirror.cst.temple.edu/, it has the
same name but incorrect checksum (see the aria2c download text several
posts back, Date: Sun, 22 Jan 2012 00:16:03 GMT).
What I find hard to believe is that it has the correct signature. If that
is true it is a big bug somewhere in the chain of events.
And it is true…
> cer@Telcontar:~/tmp/aa> sha256sum libqt4-4.7.4-19.4.1.x86_64.edu.rpm libqt4-4.7.4-19.4.1.x86_64.rpm
> c7a3129be10ea272359b1e9468eb0293c7b1569d59b6ca01931428c15933b44d libqt4-4.7.4-19.4.1.x86_64.edu.rpm
> 746850567a5f53353f0deebc44ae0b7ed04528570f0a1c87bfee68345e77298c libqt4-4.7.4-19.4.1.x86_64.rpm
> cer@Telcontar:~/tmp/aa> rpm --checksig libqt4-4.7.4-19.4.1.x86_64.edu.rpm libqt4-4.7.4-19.4.1.x86_64.rpm
> libqt4-4.7.4-19.4.1.x86_64.edu.rpm: rsa sha1 (md5) pgp md5 OK
> libqt4-4.7.4-19.4.1.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
> cer@Telcontar:~/tmp/aa>
> -rw-r--r-- 1 cer users 3648318 Dec 9 10:06 libqt4-4.7.4-19.4.1.x86_64.edu.rpm
> -rw-r--r-- 1 cer users 3648318 Jan 22 00:34 libqt4-4.7.4-19.4.1.x86_64.rpm
And in this case, it is understandable that this site does not update their
rpms because they have the same name (and release) as those upstream, there
is nothing to update. Unless they also check the file timestamp upstream.
The “…edu.rpm” above is donwloaded via wget (timestamp preserved) while
the other one is downloaded via aria2c, which puts a local timestamp.
Meaning I don’t have the real timestamp for it. Ok, I’ll download it again
from a different mirror (Spain) with wget. And…:
> -rw-r--r-- 1 cer users 3648318 Jan 22 00:34 libqt4-4.7.4-19.4.1.x86_64.aria2.rpm
> -rw-r--r-- 1 cer users 3648318 Dec 9 10:06 libqt4-4.7.4-19.4.1.x86_64.edu.rpm
> -rw-r--r-- 1 cer users 3648318 Dec 9 10:06 libqt4-4.7.4-19.4.1.x86_64.rpm
Same date, Dec 9.
But looking inside with mc the build dates are:
libqt4-4.7.4-19.4.1.x86_64.rpm
Signature : RSA/8, Fri Dec 9 10:06:20 2011, Key ID b88b2fd43dbdc284
Build Date: Tue Dec 6 15:07:42 2011
libqt4-4.7.4-19.4.1.x86_64.edu.rpm
Signature : RSA/8, Fri Dec 9 10:06:11 2011, Key ID b88b2fd43dbdc284
Build Date: Tue Dec 6 15:07:42 2011
Ie, the same! But they are different files with different checksums.
Dave, you can also create a bugzilla (Component Download Infrastructure).
This is probably read by more people. If you post the number here I can add
info to the report corroborating your findings.
But maybe nothing will be done till Monday or later.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)