apt-utils: APT::FTPArchive::Packages::SHA512 option does the wrong thing

Bug #1234691 reported by Colin Watson on 2013-10-03
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Debian)
Fix Released
Unknown
apt (Ubuntu)
Undecided
Unassigned
Precise
High
Colin Watson

Bug Description

SRU justification:

[Impact] Configuration of whether to generate SHA512 checksums for Packages files in apt-ftparchive doesn't work properly; setting APT::FTPArchive::Packages::SHA512 to false in fact disables SHA256 checksums.
[Test Case] Generate Packages files with APT::FTPArchive::Packages::SHA512 set to each of true and false, and make sure both work.
[Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.

Original report follows:

Imported from Debian bug http://bugs.debian.org/680252:

Package: apt-utils
Version: 0.9.7.1
Severity: normal

Dear Maintainer,

I see a typo in ftparchive/writer.cc line 321 :

   DoSHA1 = _config->FindB("APT::FTPArchive::Packages::SHA1",DoSHA1);
   DoSHA256 = _config->FindB("APT::FTPArchive::Packages::SHA256",DoSHA256);
   DoSHA256 = _config->FindB("APT::FTPArchive::Packages::SHA512",true);

Second Do should be DoSHA512 and should use DoSHA512 option defined line 68

   DoMD5 = _config->FindB("APT::FTPArchive::MD5",true);
   DoSHA1 = _config->FindB("APT::FTPArchive::SHA1",true);
   DoSHA256 = _config->FindB("APT::FTPArchive::SHA256",true);
   DoSHA512 = _config->FindB("APT::FTPArchive::SHA512",true);

Christian

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.4.4 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt-utils depends on:
ii libapt-inst1.5 0.9.7.1
ii libapt-pkg4.12 0.9.7.1
ii libc6 2.13-34
ii libdb5.1 5.1.29-5
ii libgcc1 1:4.7.1-3
ii libstdc++6 4.7.1-3

apt-utils recommends no packages.

Versions of packages apt-utils suggests:
ii xz-utils 5.1.1alpha+20120614-1

-- no debconf information

Colin Watson (cjwatson) wrote :

This was fixed in quantal (upstream git commit 8e5d47a3a4e735835498574a58e0a33de04a0377), but needs to be fixed in precise. We should get this done before Launchpad production is upgraded from lucid to precise.

Changed in apt (Ubuntu):
status: New → Fix Released
Changed in apt (Ubuntu Precise):
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
milestone: none → ubuntu-12.04.4
status: New → Triaged
Changed in apt (Debian):
importance: Undecided → Unknown
status: New → Fix Released

Hello Colin, or anyone else affected,

Accepted apt into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.15 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in apt (Ubuntu Precise):
status: Triaged → Fix Committed
tags: added: verification-needed
Colin Watson (cjwatson) on 2013-10-04
description: updated
Colin Watson (cjwatson) on 2013-10-04
description: updated
tags: added: verification-done
removed: verification-needed
Colin Watson (cjwatson) on 2013-10-04
summary: - apt-utils: Ignore APT::FTPArchive::Packages::SHA512 option
+ apt-utils: APT::FTPArchive::Packages::SHA512 option does the wrong thing
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 0.8.16~exp12ubuntu10.15

---------------
apt (0.8.16~exp12ubuntu10.15) precise; urgency=low

  [ David Kalnischkies ]
  * ftparchive/writer.cc:
    - handle the APT::FTPArchive::Packages::SHA512 option correctly instead
      of overriding SHA256, thanks Christian Marillat! (Closes: #680252,
      LP: #1234691)

  [ Colin Watson ]
  * Fix apt-ftparchive's generation of SHA512 checksums for Sources,
    previously incorrectly generated as SHA256 (LP: #1234705).
 -- Colin Watson <email address hidden> Thu, 03 Oct 2013 14:19:02 +0100

Changed in apt (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.