apt-zip MD5 check breaks with apt SHA256 checks
Bug #203994 reported by
Rich Rudnick
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apt-zip (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: apt-zip
Since apt-get --print-uris now returns SHA256 rather than MD5 checksums, the generated package fetch script will fail. This bug has been fixed upstream in apt-file 0.18, http://
This bug appears in hardy (0.17) and gutsy (0.15), not checked in prior releases.
Using --no-md5 is a temporary work around, but does prevent verifying the download.
Revision history for this message
| Mario Splivalo (mariosplivalo) wrote | #1 |
Revision history for this message
| Matteo Croce (teknoraver) wrote | #2 |
| Changed in apt-zip: | |
| status: | New → Confirmed |
Revision history for this message
| Matteo Croce (teknoraver) wrote | #3 |
Revision history for this message
| James E. LaBarre (jamesl-bestweb) wrote | #4 |
Revision history for this message
| Mario Splivalo (mariosplivalo) wrote | #5 |
To post a comment you must log in.
One could change fetch script generated by apt-zip to use 'sha256sum' instead of 'md5sum' to check for the checksum. Here is the changed check() function inside the fetch script:
check(){
[ ! -r "$1" ] && return 1
[ "`type sha256sum`" ] &&
if [ "`sha256sum $1 | cut -d' ' -f1`" = "`echo $2 | cut -d':' -f2`" ]
then return 0
else err $1 "wrong MD5"; return 1
fi
[ "`type gzip`" ] &&
if ar p $1 data.tar.gz | gzip -t
then return 0
else err $1 "wrong contents"; return 1
fi
return $3
}
I have used this to fetch the .debs for the two boxes while doing 7.10 -> 8.04 upgrade.