[Errno -1] Package does not match intended download

Issues related to applications and software problems
Post Reply
logg sar
Posts: 15
Joined: 2016/05/04 14:26:41

[Errno -1] Package does not match intended download

Post by logg sar » 2021/06/25 12:49:43

Hi there

I cant install any package from my very own repo. I have to set up kind of a CentOS7-Mirror-Repo enriched by own packages.
For security and other reasons the client should be only allowed to install exclusiveley and secure from this repo.

The .repo looks like this (the important part)

Code: Select all

gpgcheck=1
repo_gpgcheck=1
gpgkey=http://$repourl/keys/rpm-signing-pubkey.asc
sslverify=1
So I setup a repo-mirror, added the own rpms and - also as "law" I resigned all packages with the company pgp-key.
Also I resigned the repomd.xml and created new repomd.xml.asc

The rpm-signing-pubkey.asc is stored in /keys
I can download this via curl.

Local installing via yum localinstall is working.

But
Downloading packages:
wget-1.14-15.el7_4.1.x86_64.rp FAILED
http://repo.local/install/x86_64/wget-1 ... x86_64.rpm: [Errno -1] Package does not match intended download. Suggestion: run yum --enablerepo=local clean metadata
Trying other mirror.
Error downloading packages:
wget-1.14-15.el7_4.1.x86_64: [Errno 256] No more mirrors to try.
This fails with the [Errno -1] Package does not match intended download

I've tried the hints I found
Disabling mirrorlist
cleaning yum
cleaning yum cache

Nothing works.


The downloaded file is ok

Code: Select all

rpm -vK nano-2.3.1-10.el7.x86_64.rpm 
nano-2.3.1-10.el7.x86_64.rpm:
    Header V3 RSA/SHA256 Signature, key ID c9623a40: NOKEY
    Header SHA1 digest: OK (b4a8577b1e26738e571f0796bf4c1ddb726382dd)
    V3 RSA/SHA256 Signature, key ID c9623a40: NOKEY
    MD5 digest: OK (97166c500e0f4c362859247540985b69)

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: [Errno -1] Package does not match intended download

Post by jlehtone » 2021/06/25 16:45:48

logg sar wrote:
2021/06/25 12:49:43
I cant install any package from my very own repo. I have to set up kind of a CentOS7-Mirror-Repo enriched by own packages.
I don't sign, so can't help with that, but have to ask:
Why "enrich"? Why not have more than one repo, including separate repo for your own packages?

After all, even CentOS has multiple core repos (base, updates, extras, ...). Not just one.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [Errno -1] Package does not match intended download

Post by TrevorH » 2021/06/25 17:00:48

I have to set up kind of a CentOS7-Mirror-Repo enriched by own packages.
Your life will be much easier if you set up two repos, one as an exact mirror of the CentOS repos and the other to contain your own packages. For the CentOS mirror (unmodified) you can just rsync a copy of the CentOS supplied repos and that's all you need to do to it. Then you maintain your own repo - perhaps also setting priority=1 to make it an equal candidate to the CentOS sipplued base/updates - and use createrepo on that.

Changing the key alters the package files and then you will need to rebuild all the metadata with createrepo. If you don't then you get the message you started with. It's changing the key that means it doesn't match the intended download as the checksum differs from what's expected.

Maintaining an exact mirror is easy since you don't have to change anything. Setting up your own repo is easy because you get to control the entire process from creating the packages, through signing them and then running createrepo to create the metadata. It's also quick since you most likely don't have 10,000+ packages to build the metadata for.

You will need to mirror both base and updates repos or you will be missing essential security updates. The CentOS base repo is only changed at point release time and since 7.9 is the last point release for CentOS 7, those packages will never change now. The updates repo is the one that will get updated packages from now on.

This is what I have that runs once a day to keep our internal '7' mirror up to date. It excludes a bunch of stuff that we do not use for space reasons, if you require those packages, just amend the excludes.

Code: Select all

#!/bin/bash

CURRREL="7.9.2009"

if [ -f /var/lock/subsys/rsync_update7 ]; then
    echo "Updates via rsync already running."
    exit 0
fi

if [ -d /var/www/html/centos/$CURRREL ] ; then
    touch /var/lock/subsys/rsync_update7
    rsync  -avSHP --delete --exclude "*/i386" --exclude "*/i686" --exclude "dotnet" --exclude "nfv" --exclude "rt" --exclude "storage" --exclude "virt" --exclude "isos" --exclude '*/x86_64/drpms' --exclude "cloud" --exclude "paas" --exclude "atomic" --exclude "sclo" mirrors.kernel.org::centos/$CURRREL/ /var/www/html/centos/$CURRREL/ >> /var/log/repo7mirror.log 2>&1
    /bin/rm -f /var/lock/subsys/rsync_update7
else
    echo "Target directory /var/www/html/centos/$CURRREL not present."
fi
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply