Ubuntu
apt package

apt: Misleadingly reports Hash Sum mismatch if package is missing stronger hashes

Bug #1804343 reported by Dan Kegel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

I'm using reprepro to maintain a local repository. It doesn't compute SHA512 hashes.
This worked fine until today, when I got this error:

buildbot@workstation:~/src/python-modules-deps/old$ apt download python-swagger-spec-validator
Get:1 http://buildbot.example.com/dev-bionic/apt bionic/main amd64 python-swagger-spec-validator all 2.1.0-1 [14.8 kB]
Err:1 http://buildbot.example.com/dev-bionic/apt bionic/main amd64 python-swagger-spec-validator all 2.1.0-1
  Hash Sum mismatch
  Hashes of expected file:
   - SHA256:e5a36ff20cca22441dc0fe1a10566db98af9aee9e09c503179e29ccb33aac4ad
   - SHA1:3cd17f1b617277ad213f09e0f274d2ec740d44f0 [weak]
   - MD5Sum:3f310d6189ba23fb277145088d8e976e [weak]
   - Filesize:14812 [weak]
   - SHA512:7ad6456fe96bffe28bdb976c04a82b5ebb9b5b7c14f749c9b339147c124128692cbf4aa3d1d41cffb3079406c6e057bf90fdf2bade3f9ec22d1695f63b270f68
  Hashes of received file:
   - SHA512:edb96fd9989eb39d7d0984928a49fa8f8dbc23667585d30532751c730c8877298a7e55e99ed9f3ccb6923fe23eddffa5a8b205e3067624b7ef7317390026d08e
   - SHA256:e5a36ff20cca22441dc0fe1a10566db98af9aee9e09c503179e29ccb33aac4ad
   - SHA1:3cd17f1b617277ad213f09e0f274d2ec740d44f0 [weak]
   - MD5Sum:3f310d6189ba23fb277145088d8e976e [weak]
   - Filesize:14812 [weak]
  Last modification reported: Tue, 18 Sep 2018 19:28:25 +0000
Fetched 14.8 kB in 0s (1,002 kB/s)
W: Sources disagree on hashes for supposely identical version '2.1.0-1' of 'python-swagger-spec-validator:amd64'.
E: Failed to fetch http://buildbot.example.com/dev-bionic/apt/pool/main/s/swagger-spec-validator/python-swagger-spec-validator_2.1.0-1_all.deb Hash Sum mismatch

The downloaded file was correct. The 'expected' SHA512 sum appears to have been randomly generated.

Vaguely resembles upstream bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827758

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: apt 1.6.6
ProcVersionSignature: Ubuntu 4.15.0-38.41-generic 4.15.18
Uname: Linux 4.15.0-38-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Nov 20 17:06:06 2018
SourcePackage: apt
UpgradeStatus: Upgraded to bionic on 2018-04-30 (204 days ago)

Revision history for this message
Dan Kegel (dank) wrote :
Revision history for this message
Julian Andres Klode (juliank) wrote :

I think the key is:

W: Sources disagree on hashes for supposely identical version '2.1.0-1' of 'python-swagger-spec-validator:amd64'.

That is, you have two sources for that version and they disagree.

Changed in apt (Ubuntu):
status: New → Incomplete
Revision history for this message
Dan Kegel (dank) wrote :

correct, apt-cache policy did show two sources. I wasn't paying attention.

Invalid.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for apt (Ubuntu) because there has been no activity for 60 days.]

Changed in apt (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.