apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Colin Watson | ||
Quantal |
Fix Released
|
High
|
Colin Watson | ||
Raring |
Fix Released
|
High
|
Colin Watson |
Bug Description
[Impact] apt-ftparchive generates SHA256 checksums for .dsc files and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive, although only for .dsc files that contain Checksums-Sha512 (which is not yet the default).
[Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc with the Checksums-Sha512 field (you may need to generate one manually). Check that the filled-in checksum for the .dsc itself is correct.
[Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.
When apt-ftparchive is called upon to generate SHA512 checksums for a .dsc file that itself contains a Checksums-Sha512 field, the version in precise, quantal, and raring generate a SHA256 checksum instead and claim it's SHA512. This is due to this line which is obviously incorrect once you notice it:
SHA256Summation SHA512;
We need to fix this before Launchpad production is upgraded from lucid to precise.
Changed in apt (Ubuntu): | |
status: | New → Fix Released |
Changed in apt (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
milestone: | none → ubuntu-12.04.4 |
Changed in apt (Ubuntu Quantal): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in apt (Ubuntu Raring): | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
description: | updated |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Hello Colin, or anyone else affected,
Accepted apt into precise-proposed. The package will build now and be available at http:// launchpad. net/ubuntu/ +source/ apt/0.8. 16~exp12ubuntu1 0.15 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!