Comment 11 for bug 136634

1. A statement explaining the impact

Setting up a mirror with debmirror doesn't work.
Updating a mirror with debmirror causes the whole mirror to be deleted.

This causes major disruptions to users, especially those working on Ubuntu derivatives.
The fix has been identified in Debian (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435656) and implemented in the package libcompress-zlib-perl 2.005-2, corrected further in version 2.005-3.

2. How the bug has been addressed

The bug is address in hardy by version 2.007-1 which contains the Debian fix applied upstream (since version 2.006-1).
This bug can be fixed by including the patch 02_restore-gzreadline-record-separator-behaviour.patch from the Debian package version 2.005-3
The same patch has been applied upstream since version 2.006-1, see http://search.cpan.org/src/PMQS/Compress-Zlib-2.007/lib/Compress/Zlib.pm lines 183-188.

3. Patch

A patch for gutsy-proposed is attached

4. Instructions to reproduce

The following command:

debmirror -m --passive --host=archive.ubuntulinux.org --root=ubuntu/ --method=ftp --progress --dist=gutsy --section=multiverse --arch=i386 ubuntu/ --ignore-release-gpg

Produces this output:

Mirroring to ubuntu/ from ftp://<email address hidden>/ubuntu//
Arches: i386
Dists: gutsy
Sections: multiverse
Including source.
Passive mode on.
Checking md5sums.
Will clean up AFTER mirroring.
Pdiff mode: use.
Attempting to get lock, this might take 2 minutes before it fails.
Get Release files.
[0%] Getting: dists/gutsy/Release #
[0%] Getting: dists/gutsy/Release.gpg #
Get Packages and Sources files and other miscellany.
dists/gutsy/multiverse/binary-i386/Packages.gz needs fetch
[ 4%] Getting: dists/gutsy/multiverse/binary-i386/Packages.gz ###
dists/gutsy/multiverse/binary-i386/Release needs fetch
[ 75%] Getting: dists/gutsy/multiverse/binary-i386/Release #
dists/gutsy/multiverse/source/Sources.gz needs fetch
[ 75%] Getting: dists/gutsy/multiverse/source/Sources.gz #
dists/gutsy/multiverse/source/Release needs fetch
[100%] Getting: dists/gutsy/multiverse/source/Release #
Parse Packages and Sources files and add to the file list everything therein.
Download all files that we need to get (2 MiB).
Downloaded 2 MiB in 11s at 135.97 kiB/s
Everything OK. Moving meta files.
Cleanup mirror.
All done.

And no packages are installed:

cesare@norsetto:~/libcompress-zlib-perl$ ll ubuntu/dists/gutsy/multiverse/binary-i386
total 1080
-rw-r--r-- 2 cesare cesare 717447 2007-10-31 16:19 Packages
-rw-r--r-- 2 cesare cesare 158201 2007-10-31 16:19 Packages.bz2
-rw-r--r-- 2 cesare cesare 205699 2007-10-18 13:20 Packages.gz
-rw-r--r-- 2 cesare cesare 99 2007-10-18 13:27 Release

After installing the corrected version of libcompress-zlib-perl:

cesare@norsetto:~/libcompress-zlib-perl$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  xserver-xorg-video-ati
The following packages will be upgraded:
  libcompress-zlib-perl
1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0B/34.6kB of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue [Y/n]?
WARNING: The following packages cannot be authenticated!
  libcompress-zlib-perl
Install these packages without verification [y/N]? y
(Reading database ... 93896 files and directories currently installed.)
Preparing to replace libcompress-zlib-perl 2.005-1 (using .../libcompress-zlib-perl_2.005-1ubuntu0.1_amd64.deb) ...
Unpacking replacement libcompress-zlib-perl ...

The same command sets up the mirror correctly.

5. A discussion of the regression potential

libcompress-zlib-perl is a widely used library (rdepends on 40 packages, amongst which several other libraries).
Since the fix has already been tested in Debian (since August 2007) and included upstream I believe that the potential for a regression is however small.
Since I installed this fix, I did not see any visible impact on checkgmail and spamassassin, both depending on this library.