About 6 months ago, I posted instructions about how to add rpm packages to your local Fedora repository. The recommendations I made there don’t apply to CentOS in specific circumstances.
So I wanted to add an rpm for the Rational Build Forge agent to my CentOS install tree. The machine that hosts my RHEL/CentOS/Fedora repositories is an old Fedora 10 machine. One of the reasons why I blog about this stuff is to keep notes, so when I forget how to do something, it is easy to go back and copy and paste the esoteric command I am looking for. So I looked up the old post on how to add packages to a repo and after copying in the Build Forge rpm, I ran the following command:
Then I edited my kickstart file to include the new package and tried to run the install. Immediately I got the following error:
The command createrepo looks over your rpms and creates a bunch of metadata for them that yum reads when deciding to do updates. This metadata is saved in a folder called repodata, and I thought that the resulting folder might’ve been at the wrong tree. So I kept rerunning the install with the repodata folder in different places, all the while watching the apache logs to make sure the installer was hitting the right places and not getting too many 404 errors. This didn’t seem to be going anywhere until eventually I found an interesting bug report here.
Apparently the createrepo command has changed at 0.9.7. The default checksum routine that it now uses is sha256, where before it just used sha. You will recall that the server I am using as a repository is a Fedora 10 machine. The CentOS/RHEL version of the installation engine (named anaconda) doesn’t understand sha256, only the older sha checksum routine. So when the CentOS version of anaconda hits a repodata folder generated by createrepo running on Fedora 10, it just sees it as garbage.
The workaround is to force createrepo to use the sha algorithm, like so:
If you had a CentOS/RHEL only environment, this obviously wouldn’t happen, so this problem is quite localized. And will almost definitely go away with RHEL6, because that version of anaconda will be able to understand sha256.