[pca] how to verify md5(from CHECKSUMS file) of patches downloaded
Michele Vecchiato
michele.vecchiato at gmail.com
Mon Dec 20 18:49:56 CET 2010
Il giorno gio, 16/12/2010 alle 09.52 +0100, Martin Paul ha scritto:
> A (low) level of protection against corruption is that PCA checks whether unzip
> can extract the file successfully. No idea against how much corruption this
> protects, but it's better than nothing.
Ok! Thanks for the clarification
>
> > Now where am I wrong? Because i don't understand that there are over
> > 2130 patches in my cache pca-proxy server, of 145 can not find the MD5
> > file checksums, and 10 have a different MD5 (patch corrupted) from that
> > contained in the file CHECKSUMS.
>
> I have run the same test. Of 4387 patch zip files on my proxy 161 are missing in
> the CHECKSUMS file and 1662 (!) have a different checksum.
>
> The reaons (or at least one reason) for differing checksums is that Sun/Oracle
> sometimes changes a patch zip file's contents after first publishing, like
> updating README files. As far as I know any functional change would trigger a
> new revision.
>
I too had a suspicion ... Question for Oracle/Sun: Why not update the
file CHECKSUMS when it changes to patches? Would sweep away all
doubt ...
> An example:
>
> > 127127-11.zip MD5 form CHECKSUMS file: c2bf6c07976f113148a0f75a762f2140
> > from verify: a1ce22de9e3fe544d7cffc2de4070a0c
>
> On my proxy this file has d232b08f4cee8f0507bf720edacc1016 and is from "Apr 25
> 2008". A fresh download of the file from Oracle is from "Aug 20 2009".
> Comparing the contents I see that LEGAL_LICENSE.TXT and README.127127-11 are
> different.
>
> Now why the checksum in the CHECKSUM doesn't match the file currently available
> on Oracle's server - no idea.
Don(O'Malley) and Mike(Brown) are listening ... Please can you give us
an answer or an explanation...
>
> IMHO, Oracle should include the MD5 checksums into patchdiag.xref. Then it would
> be easy for a tool like PCA to verify the checksum after download. It could also
> check whether an already existing ZIP file matches the checksum in the xref file
> and force a download if not, to ensure that you always get the most recent copy.
>
It would be ideal if Oracle/Sun could add a field to file patchdiag.xref
with the checksums patch... We would have solved the problem ... I
understand that the file "patchdiag.xref" is updated more frequently
than file "CHECKSUMS"
> I'm pretty sure that Oracle won't listen, though.
Why should not listen to us ;-)
In the end we customers pay a support contract to download patches ...
They should give me the chance to see if I download the patches (with
PCA or otherwise) are corrupt or not ...
In addition, the "CHECKSUMS" and "patchdiag.xref" are also used by
employees Oracle/Sun and partners for content in the EIS-DVD (into
"/sun/patch/etc/" directory of any first EIS-DVDs)
> And I'm definitely not keen to
> add a comparable feature to PCA based on the current contents of the CHECKSUMS
> file. I would end up having to verify manually all those discrepancies to see
> what's wrong.
>
> Martin.
Thanks Martin for the quick response and the availability and infinite
patience to devote to this project. I take this opportunity to get you
the best wishes for a Merry Christmas and happy new year.
Michele Vecchiato
--
Blog: http://michelevecchiato.wordpress.com
More information about the pca
mailing list