On 02.07.2015 02:24 AM, Harris, Peter A wrote:
> [PAH-TEST-134-62-62]
> x2go-release-epel>  ls
> 3622fd378b433fadfe2447d160f0503c8e55fb6508403c2f5812332055ea7021-other.sqlite      cachecookie
> 3b4d858dc9502dd70495a7478354dda38d1b5920981e1e763b6b3d4cc479b215-filelists.sqlite  packages
> 3e2ca432eee448392bed25e4ace4fc5cc5bd7c9c03ba52235a6350e3c0fe6d3d-primary.sqlite    repomd.xml

What happens if you open that with sqlite3 and use the SELECT query I've provided earlier?

SELECT * FROM `packages` WHERE name='libXcompshad3';


I've that's indeed also giving back libXcompshad3 output (description and other metadata)... I'm lost.


> [PAH-TEST-134-62-62]
> x2go-release-epel>  sha512sum 3e2ca432eee448392bed25e4ace4fc5cc5bd7c9c03ba52235a6350e3c0fe6d3d-primary.sqlite 
> f499aed1fe3fb84e786e7bccceb663dbadf11191ba6dc6d612a260ec34764f52f74d126fdefb05d49d8df34e44f1150f8bbc40254eef7d27fcbbf8c574fe0b57  3e2ca432eee448392bed25e4ace4fc5cc5bd7c9c03ba52235a6350e3c0fe6d3d-primary.sqlite

My checksums match yours. Crap. There goes this theory.


> And the install still fails as before.
> 
> Next I used yumdownloader to download x2goserver and all its dependencies (except libXcompshad3 which it cannot see).  I then used sha512sum to compare those files with the ones that came down through rsync.  Since the rsync is not tunneled it may be no different than http download as far as any firewall is concerned, if indeed they are doing any virus checking.  I have had no problems with RedHat or Epel.  Anyway, the sums for all but perl-Capture-Tiny were the same.  Has that changed since June 30 22:30 UTC?

I think so, some extra packages were not signed at all. I did that manually as described in my wall of text eMail. As adding a signature naturally changes an RPM, there's nothing to worry about.

This said, I will have to re-sign all packages because the current method isn't... consistent (using two different keys for packages and repo data.)



Mihai