$ dd if=/dev/urandom of=foo bs=1 count=270 ; python -c 'import apt_pkg; print apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
270+0 records in
270+0 records out
270 bytes (270 B) copied, 0,00338191 s, 79,8 kB/s
002cba6fd9622137d286dcc428ed49f225d36d3b44b503db9ac816bf5b2a090e
002cba6fd9622137d286dcc428ed49f225d36d3b44b503db9ac816bf5b2a090e foo
So the content seems to be the key here. And indeed:
$ dd if=/dev/urandom of=foo bs=1k count=270 ; uuencode foo foo > foo2; python -c 'import apt_pkg; print apt_pkg.sha256sum(open("foo2").read())' ; sha256sum foo2
270+0 records in
270+0 records out
276480 bytes (276 kB) copied, 0,133452 s, 2,1 MB/s
ffcb3d53079b45720f3037d01b6adcda78c1df6a41963049d900d910c6e9d7a0
ffcb3d53079b45720f3037d01b6adcda78c1df6a41963049d900d910c6e9d7a0 foo2
is fine as are the uncompressed sha256 Package files (this is why it went unnoticed for so long).
It turns out that it is not as easy as this:
$ dd if=/dev/urandom of=foo bs=1 count=270 ; python -c 'import apt_pkg; print apt_pkg. sha256sum( open("foo" ).read( ))' ; sha256sum foo 7d286dcc428ed49 f225d36d3b44b50 3db9ac816bf5b2a 090e 7d286dcc428ed49 f225d36d3b44b50 3db9ac816bf5b2a 090e foo
270+0 records in
270+0 records out
270 bytes (270 B) copied, 0,00338191 s, 79,8 kB/s
002cba6fd962213
002cba6fd962213
So the content seems to be the key here. And indeed: sha256sum( open("foo2" ).read( ))' ; sha256sum foo2 20f3037d01b6adc da78c1df6a41963 049d900d910c6e9 d7a0 20f3037d01b6adc da78c1df6a41963 049d900d910c6e9 d7a0 foo2
$ dd if=/dev/urandom of=foo bs=1k count=270 ; uuencode foo foo > foo2; python -c 'import apt_pkg; print apt_pkg.
270+0 records in
270+0 records out
276480 bytes (276 kB) copied, 0,133452 s, 2,1 MB/s
ffcb3d53079b457
ffcb3d53079b457
is fine as are the uncompressed sha256 Package files (this is why it went unnoticed for so long).