Ubuntu
apt package

  1. Bug #243630
  2. Comment #6

Comment 6 for bug 243630

Revision history for this message
Michael Vogt (mvo) wrote : Re: Hardy release files contain invalid SHA256 signatures.

Testing the string use-case shows that it goes wrong on 253 bytes:

$ dd if=/dev/urandom of=foo bs=1 count=252 ; python -c 'import apt_pkg; print apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
252+0 records in
252+0 records out
252 bytes (252 B) copied, 0,00294077 s, 85,7 kB/s
83c762165fbec99d6fd590ed2d3b291d40bfa8525c97b391d2cfb661c27e25fa
83c762165fbec99d6fd590ed2d3b291d40bfa8525c97b391d2cfb661c27e25fa foo

$ dd if=/dev/urandom of=foo bs=1 count=252 ; python -c 'import apt_pkg; print apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
253+0 records in
253+0 records out
253 bytes (253 B) copied, 0,00317775 s, 79,6 kB/s
976fc1a77523e602fd1fe36d13771d83bae61f8e5d5279ca97b158664ff8b8c8
d68a24e86b8037437a20a592a717c40c163127f4942b511b102f0b11e449794c foo