Dealing with yum checksum errors

I support a couple of yum repositories, and use the yum repository build instructions documented in my previous post to create my repositories. When I tried to apply the latest CentOS 5.3 updates to one of my servers last week, I noticed that I was getting a number of “Error performing checksum” errors:

$ yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
Updates | 1.2 kB 00:00
primary.xml.gz | 376 kB 00:00
http://updates/repo/centos/5.3/updates/repodata/primary.xml.gz: [Errno -3] Error performing checksum
Trying other mirror.
primary.xml.gz | 376 kB 00:00
http://updates/repo/centos/5.3/updates/repodata/primary.xml.gz: [Errno -3] Error performing checksum
Trying other mirror.
Error: failure: repodata/primary.xml.gz from Updates: [Errno 256] No more mirrors to try.

After reading through the code in yumRepo.py, I noticed that the error listed above is usually generated when the checksum algorithm specified in the repomd.xml file isn’t supported. The createrepo utility uses the sha256 algorithm by default in Fedora 11 (I created my repositories on a Fedora 11 host), so I decided to create my repository using the sha1 algorithm instead:

$ createrepo -v -s sha1 /var/www/html/repo/centos/5.3/updates

Once I created the repository metadata using the sha1 algorithm, everything worked as expected:

$ yum clean all
Loaded plugins: fastestmirror
Cleaning up Everything
Cleaning up list of fastest mirrors

$ yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
Updates | 1.0 kB 00:00
primary.xml.gz | 367 kB 00:00
Updates 634/634
repo id repo name status
Updates Updates enabled : 634
repolist: 634

This debugging experience made me realize two things:

1. Having your package manager written in Python makes debugging super easy

2. Python 2.6 uses hashlib to perform checksums, and Python 2.4 uses the SHA module to perform checksums. The version of the SHA module that ships with CentOS 5.3 doesn’t support sha256, which is why we get the checksum error listed above.

I had a h00t debugging this issue, and am glad everything is working correctly now! Nice!

10 thoughts on “Dealing with yum checksum errors”

  1. Thanks
    I really tried to make a local repo on RHEL5 and it didn’t work but after I did as you what said.

  2. Thanks for this blog! Spent quite a bit of time looking before I found this! I was going from Fedora 12 (repository) to a RHEL 5.0 client. I looked into an existing RHEL 5.0 .repo file to see what it was using for the hash – sha ! I used your suggestion with sha and it was no longer an issue! Thanks!!

  3. Hi, please, forgive me for my bad english.

    How do you set up your client repos ? I’m trying to setup a repositories server (FC13 + centos 5.5), but if I put $releasever in client repos file, the version is 5 not 5.5.

    Do you specify manually the version of centos installed on the client ?

    Thanks in advance for your help, and this topic is very good because I have exactly the same problem. I’ve just excuted the createrepo with sha1 :)

  4. Dude, you rock!

    I was having this exact problem, but I couldn’t find anything wrong with the web server, the gzipped files, the GPG signature etc.

    Turns out our local YUM box was recently upgraded from RHEL 5 to 6, and now createrepo defaults to using “sha256”, which the old RH/CentOS 5.x clients don’t seem to grok.

    Only thing, the createrepo man page said that you have to use “-s sha”, not “-s sha1”.

    Once again, thanks!

  5. So I have upgraded the yum repository box to Fedora 14 and I cannot get it to work again!!! My previos post didn’t work either. So I ‘cat /usr/bin/createrepo’ and see that it executes /usr/share/createrepo/genpkgmetadata.py -v -s “sha1” . and it works! P.S. I was sitting in the directory which contains the rpms.

  6. This is teh best way I foound to resolve this problem also With Red Hat Enterprise Linux. Thanks a lot

Leave a Reply

Your email address will not be published. Required fields are marked *