Lots of packages shipping with broken md5sums
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
consolekit (Ubuntu) |
Fix Released
|
Low
|
Martin Pitt | ||
Precise |
Fix Released
|
Low
|
Martin Pitt | ||
dpkg (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
gnome-media (Ubuntu) |
Fix Released
|
Low
|
Martin Pitt | ||
Precise |
Fix Released
|
Low
|
Martin Pitt | ||
libxt (Ubuntu) |
Fix Released
|
Medium
|
Martin Pitt | ||
Precise |
Fix Released
|
Medium
|
Martin Pitt |
Bug Description
This problem is easily noticeable on oneiric if you install the debsums package and run 'debsums -s'
On a server system with only very small set of packages installed, I see broken md5sums for these packages:
% sudo debsums -s
debsums: changed file /usr/share/
debsums: changed file /usr/share/
debsums: changed file /usr/share/
debsums: changed file /usr/share/
debsums: changed file /usr/share/
debsums: changed file /usr/share/
On a desktop system you'll see a *lot* more problems. See here for example: http://
Some of the wrong checksums are probably caused by including checksums for symlinked files from other packages into md5sums.
Example:
% ls -l /usr/share/
lrwxrwxrwx 1 root root 30 2011-10-14 21:45 /usr/share/
% aptitude download libxcb-render0
Get: 1 http://
Fetched 11.9 kB in 0s (146 kB/s)
% dpkg -x libxcb-
% dpkg -e libxcb-
% grep changelog.Debian.gz DEBIAN/md5sums
15276f194d3ca77
% md5sum usr/share/
md5sum: usr/share/
% ls -l usr/share/
lrwxrwxrwx 1 jk jk 30 2011-06-11 01:23 usr/share/
But there are also packages that actually have wrong md5sums for files included in the package.
Example:
% aptitude download perl-base
Get: 1 http://
Fetched 1,430 kB in 0s (2,440 kB/s)
% dpkg -x perl-base_
% dpkg -e perl-base_
% grep changelog.Debian.gz DEBIAN/md5sums
b060dab6fca4e84
% md5sum usr/share/
ec4b1914bcbe7a3
Both of this cases should be fixed.
Changed in gnome-media (Ubuntu Precise): | |
status: | Triaged → Fix Committed |
It's strange indeed, but it's not the fault of dpkg. dpkg is not generating the md5sums files. I guess the problem is related to pkgbinarymangler. IIRC it shortens the changelog.Debian.gz files, and optimizes .png file, and other operations like this.