(TL note: nareshov's diary)

rpmbuild behaviour: CentOS5 vs. CentOS6

with 2 comments

Those of you who’ve tried building RPMs for c5 on a c6 machine might’ve faced the symptoms described in

The cause seems to involve a couple of things: 1. c6 having adopted a stronger file digest algorithm (sha256 as opposed to md5 in c5) and 2. compressing the payload with xz (as opposed to nothing in c5).

This is easily remedied by passing relevant options to `rpmbuild’ and `createrepo’.

If you’re using fpm in your CI, you can now append the following to your fpm command invocation:

--rpm-rpmbuild-define '_source_filedigest_algorithm md5' \
--rpm-rpmbuild-define '_binary_filedigest_algorithm md5' \
--rpm-rpmbuild-define '_source_payload nil' \
--rpm-rpmbuild-define '_binary_payload nil' \

And invoke createrepo as `createrepo -d -s sha1 –update /path/to/rpms/for/c5′

UPDATE (2012-04-23):

fpm now supports quick shortcuts to the above:

% fpm --help
--rpm-digest sha512|md5|sha384|sha256|sha1 (rpm only) Select a digest
algorithm. md5 works on the most platforms. (default: "md5")
--rpm-compression xz|gzip|bzip2 (rpm only) Select a compression method.
gzip works on the most platforms. (default: "gzip")

Written by Naresh

December 22, 2011 at 12:24 pm

Posted in Software

2 Responses

Subscribe to comments with RSS.

  1. Hi Nareshov,

    You can also resolve this on the centos-5 client side by installing the python-hashutils package from epel or rpmforge, which makes the sha256 checksum libs available to the older yum.

    The yum error message is really misleading. It should say it can’t calculate an sha256 checksum, not that the checksum is invalid.



    May 8, 2012 at 8:24 am

  2. Reblogged this on iJuned.


    December 12, 2014 at 8:40 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: