apt: Misleadingly reports Hash Sum mismatch if package is missing stronger hashes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I'm using reprepro to maintain a local repository. It doesn't compute SHA512 hashes.
This worked fine until today, when I got this error:
buildbot@
Get:1 http://
Err:1 http://
Hash Sum mismatch
Hashes of expected file:
- SHA256:
- SHA1:3cd17f1b61
- MD5Sum:
- Filesize:14812 [weak]
- SHA512:
Hashes of received file:
- SHA512:
- SHA256:
- SHA1:3cd17f1b61
- MD5Sum:
- Filesize:14812 [weak]
Last modification reported: Tue, 18 Sep 2018 19:28:25 +0000
Fetched 14.8 kB in 0s (1,002 kB/s)
W: Sources disagree on hashes for supposely identical version '2.1.0-1' of 'python-
E: Failed to fetch http://
The downloaded file was correct. The 'expected' SHA512 sum appears to have been randomly generated.
Vaguely resembles upstream bug https:/
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: apt 1.6.6
ProcVersionSign
Uname: Linux 4.15.0-38-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Tue Nov 20 17:06:06 2018
SourcePackage: apt
UpgradeStatus: Upgraded to bionic on 2018-04-30 (204 days ago)
I think the key is:
W: Sources disagree on hashes for supposely identical version '2.1.0-1' of 'python- swagger- spec-validator: amd64'.
That is, you have two sources for that version and they disagree.