Skip to content

refactor: Fix incorrect open-checksum in RPM repomd.xml#15

Merged
bketelsen merged 1 commit intomainfrom
yeti/improve-5c7a
Mar 27, 2026
Merged

refactor: Fix incorrect open-checksum in RPM repomd.xml#15
bketelsen merged 1 commit intomainfrom
yeti/improve-5c7a

Conversation

@frostyardyeti
Copy link
Copy Markdown

@frostyardyeti frostyardyeti bot commented Mar 27, 2026

In internal/generator/rpm/generator.go:353, the open-checksum field in repomd.xml is computed incorrectly. It calls utils.CalculateChecksum([]byte(primaryChecksum), "sha256"), which computes the SHA256 of the checksum string itself rather than of the uncompressed primaryXML data. The open-checksum should be the SHA256 of the uncompressed primary.xml content, which is what RPM clients (dnf/yum) expect for integrity verification.

Fix: Pass the uncompressed primaryXML bytes into generateRepomdXML() and compute the open-checksum from that data. In the caller at line 159, change the signature to also accept primaryXML []byte, and at line 353, change to utils.CalculateChecksum(primaryXML, "sha256").

Automated improvement by yeti improvement-identifier

@claude
fix: compute RPM repomd.xml open-checksum from uncompressed primary.xml
8022369 
The open-checksum was incorrectly computed as the SHA256 of the checksum
string itself rather than the uncompressed primary.xml content. RPM
clients (dnf/yum) expect the open-checksum to match the uncompressed
data for integrity verification.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bketelsen bketelsen merged commit c8892db into main Mar 27, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bketelsen bketelsen bketelsen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bketelsen @claude