duplicate orig for "linux" package in hardy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Launchpad itself |
High
|
Julian Edwards |
Bug Description
Today, I encountered the following error from Soyuz when attempting to unembargo the Hardy linux package:
linux 2.6.24-28.80 in hardy (linux_
However, both the PPA and the archive contained the correct hash (e4aad2f8c44550
https:/
It seems the code doing the comparison was sensitive to database sort order, which may have changed during the recent postgresql upgrades.
It seems like this situation needs to be detected for the rest of the package database, and that the orig-hash-checker code probably needs to be updated to deal with this broken state more gracefully.
Related branches
- Julian Edwards (community): Approve on 2010-11-30
-
Diff: 61 lines (+29/-2)2 files modifiedlib/lp/archiveuploader/dscfile.py (+3/-2)
lib/lp/archiveuploader/tests/test_ppauploadprocessor.py (+26/-0)
Changed in soyuz: | |
status: | New → Confirmed |
William Grant (wgrant) wrote : | #1 |
Julian Edwards (julian-edwards) wrote : | #2 |
We don't expire old files until the series is obsolete.
Thanks for the analysis William.
Changed in soyuz: | |
status: | Confirmed → Triaged |
importance: | Undecided → High |
tags: | added: soyuz-core soyuz-security |
William Grant (wgrant) wrote : | #3 |
We don't normally, no. But these are broken, so why not do it manually and unbreak the DB?
Julian Edwards (julian-edwards) wrote : | #4 |
So looking at this a bit more, the assumption that "there is only one hash for a particular file in an archive" is correct - that should always be the case, so what Archive.
The problem is that there is a conflicting file *already in the archive*. How that got there is what I am most interested in now.
Kees, do you have any idea how we'd end up with two different linux_2.
lpmain_staging=> select distinct LibraryFileCont
where SourcePackagePu
and SourcePackageRe
and LibraryFileAlias.id = SourcePackageRe
and LibraryFileAlia
and LibraryFileCont
-------
b7b63f52551f9e
ccccdc4759fd78
(2 rows)
Changed in soyuz: | |
status: | Triaged → Incomplete |
Julian Edwards (julian-edwards) wrote : | #5 |
The md5s might be more useful since that's what's in the UI:
md5
-------
e4aad2f8c44550
f09806748f6809
Julian Edwards (julian-edwards) wrote : | #6 |
The one that you say is broken is this source:
https:/
Jamie Strandboge (jdstrand) wrote : | #7 |
This happened again today when trying to publish a security update for hardy-security. I tried both with our unembargo script and on cocoplum:
$ LPCONFIG=production /srv/launchpad.
...
2010-11-29 23:24:13 ERROR linux 2.6.24-28.81 in hardy (linux_
Confirm this transaction? [yes, no] no
This is preventing publication of an important kernel security update.
Jamie Strandboge (jdstrand) wrote : | #8 |
Ok, spm cowboyed a very temporary fix for me for the kernel publication (and quickly removed it). It would be nice if this could get resolved before the next kernel update.
William Grant (wgrant) wrote : | #9 |
http://
We can either fix the data or fix the hash check to only respect the latest hash for each filename.
Julian Edwards (julian-edwards) wrote : | #10 |
Jamie, any answer to my question in comment #4?
Julian Edwards (julian-edwards) wrote : Re: [Bug 663562] Re: duplicate orig for "linux" package in hardy | #11 |
On Tuesday 30 November 2010 10:02:59 you wrote:
> Jamie, any answer to my question in comment #4?
Ah wgrant just reminded me that we are accepting duplicate files after the old
file is deleted. That should not happen.
Changed in soyuz: | |
status: | Incomplete → Triaged |
tags: | added: soyuz-upload |
Jamie Strandboge (jdstrand) wrote : | #12 |
Julian,
I don't know how 2.6.24-5.9 got a different orig.tar.gz. That seems to have happened some time in the Hardy development cycle (ie, outside of any security team updates) since the release kernel for Hardy is 2.6.24-16.30 and iirc gutsy had 2.6.22. https:/
Julian Edwards (julian-edwards) wrote : | #13 |
Thanks Jamie. Don't worry about it for now, I'm landing a change that will
prevent anyone from doing it again.
Changed in soyuz: | |
status: | Triaged → In Progress |
assignee: | nobody → Julian Edwards (julian-edwards) |
milestone: | none → 10.12 |
Fixed in stable r12009 <http://
tags: | added: qa-needstesting |
Changed in soyuz: | |
status: | In Progress → Fix Committed |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in soyuz: | |
status: | Fix Committed → Fix Released |
The issue is that pub 277962's linux_2. 6.24.orig. tar.gz was somehow replaced with a different one. Archive. getFilesAndSha1 s assumes that there is only one hash for a particular file in an archive, and is sensitive to DB ordering when there are multiple.
The best fix is probably to identify and expire all the conflicting files, since none of them should be published any more.