Dealing with yum checksum errors

I support a couple of yum repositories, and use the yum repository build instructions documented in my previous post to create my repositories. When I tried to apply the latest CentOS 5.3 updates to one of my servers last week, I noticed that I was getting a number of “Error performing checksum” errors:

$ yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
Updates | 1.2 kB 00:00
primary.xml.gz | 376 kB 00:00
http://updates/repo/centos/5.3/updates/repodata/primary.xml.gz: [Errno -3] Error performing checksum
Trying other mirror.
primary.xml.gz | 376 kB 00:00
http://updates/repo/centos/5.3/updates/repodata/primary.xml.gz: [Errno -3] Error performing checksum
Trying other mirror.
Error: failure: repodata/primary.xml.gz from Updates: [Errno 256] No more mirrors to try.

After reading through the code in yumRepo.py, I noticed that the error listed above is usually generated when the checksum algorithm specified in the repomd.xml file isn’t supported. The createrepo utility uses the sha256 algorithm by default in Fedora 11 (I created my repositories on a Fedora 11 host), so I decided to create my repository using the sha1 algorithm instead:

$ createrepo -v -s sha1 /var/www/html/repo/centos/5.3/updates

Once I created the repository metadata using the sha1 algorithm, everything worked as expected:

$ yum clean all
Loaded plugins: fastestmirror
Cleaning up Everything
Cleaning up list of fastest mirrors

$ yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
Updates | 1.0 kB 00:00
primary.xml.gz | 367 kB 00:00
Updates 634/634
repo id repo name status
Updates Updates enabled : 634
repolist: 634

This debugging experience made me realize two things:

1. Having your package manager written in Python makes debugging super easy

2. Python 2.6 uses hashlib to perform checksums, and Python 2.4 uses the SHA module to perform checksums. The version of the SHA module that ships with CentOS 5.3 doesn’t support sha256, which is why we get the checksum error listed above.

I had a h00t debugging this issue, and am glad everything is working correctly now! Nice!

matty on November 26, 2009 | Filed Under Linux Debugging, Linux Package Management

2 Comments

Fouad  on March 22nd, 2010

Thanks
I really tried to make a local repo on RHEL5 and it didn’t work but after I did as you what said.

Emmett O'Grady  on April 16th, 2010

Thanks for this blog! Spent quite a bit of time looking before I found this! I was going from Fedora 12 (repository) to a RHEL 5.0 client. I looked into an existing RHEL 5.0 .repo file to see what it was using for the hash – sha ! I used your suggestion with sha and it was no longer an issue! Thanks!!

Leave a Comment