libdigest-sha1-perl package is not in Ubuntu 12.04

Status changed to 'Confirmed' because the bug affects multiple users.

Thank you for reporting this to Ubuntu. This functionality is already provided by Digest::SHA which is included with perl. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594273 for more information. I suggest contacting Foswiki to update their packages. Please report any other issues you may find.

This is not an invalid bug. This change breaks every piece of software that calls for Digest::SHA1, and requires the authors to release a version of the software that calls for it by the name Digest::SHA. Furthermore, the new version of the software will no longer be compatible with older versions of Ubuntu in which the name needs to be Digest::SHA1. Developers will either need to release two separate versions of their software, or rewrite their programs to dynamically determine which name is present and load that one. It is not reasonable to break a large number of applications with no warning and for no strong reason.

Changing status back to confirmed, for the above reasons.

You can depend on libdigest-sha-perl if you need to support older releases (newer perl packages also Provide this package). It is also easy to change programs to use Digest::SHA instead of Digest::SHA1.

So I don't see a good reason to reintroduce the package.

I think you're not reading each other's post.

bcrowell said that, if you have a program whose code is using Digest::SHA1 and you cannot change this code, there is no way to fix the problem in Ubuntu 12.04. We all understood that Digest::SHA provides the same functions of Digest::SHA1, but this bug is not a matter of functionality, is a matter of API breakage.

In other words, having a code you CANNOT change and DOES USE Sigest::SHA1, libdigest-sha-perl doesn't work for you, because it only provides Digest::SHA.

This bug is not invalid IMHO.

If you have an in archive example of breakage, please file a bug and we'll SRU the fix.

This also affects MoveableType for the same reasons. It reports:

Can't locate Digest/SHA1.pm in @INC

Manual .deb installation from http://launchpadlibrarian.net/85191944/libdigest-sha1-perl_2.13-2build2_amd64.deb ( https://launchpad.net/ubuntu/precise/amd64/libdigest-sha1-perl/2.13-2build2 )

SpamAssassin is affected:

Jul 3 10:40:32.431 [16965] dbg: logger: adding facilities: all
Jul 3 10:40:32.431 [16965] dbg: logger: logging level is DBG
Jul 3 10:40:32.431 [16965] dbg: generic: SpamAssassin version 3.3.2
Jul 3 10:40:32.431 [16965] dbg: generic: Perl 5.014002, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin
Jul 3 10:40:32.431 [16965] dbg: config: timing enabled
Jul 3 10:40:32.432 [16965] dbg: config: score set 0 chosen.
Jul 3 10:40:32.438 [16965] dbg: dns: is Net::DNS::Resolver available? yes
Jul 3 10:40:32.438 [16965] dbg: dns: Net::DNS version: 0.66
Jul 3 10:40:32.438 [16965] dbg: generic: sa-update version svn917659
Jul 3 10:40:32.438 [16965] dbg: generic: using update directory: /var/lib/spamassassin/3.003002
Jul 3 10:40:32.504 [16965] dbg: diag: perl platform: 5.014002 linux
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: Digest::SHA, version 5.70
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: HTML::Parser, version 3.69
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: Net::DNS, version 0.66
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: NetAddr::IP, version 4.058
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: Time::HiRes, version 1.972101
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: Archive::Tar, version 1.76
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module installed: IO::Zlib, version 1.10
Jul 3 10:40:32.504 [16965] dbg: diag: [...] module not installed: Digest::SHA1 ('require' failed)
...

@TJ/Ralf:

As stated by @micag in comment #7, please file bug reports against these packages (movabletype-opensource and spamassassin) so they can get SRU fixes.

Apaches dbmmanage is affected:

# dbmmanage -s /var/apachedb/usersdbm add user1 passwd
dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
available from CPAN:

    http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz

Please install Digest::SHA1 and try again, or use a different crypt option:

Sebastian Gerlach <email address hidden> writes:

> Apaches dbmmanage is affected:
>
> # dbmmanage -s /var/apachedb/usersdbm add user1 passwd
> dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
> available from CPAN:
>
> http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
>
> Please install Digest::SHA1 and try again, or use a different crypt
> option:

Sebastian Gerlach <email address hidden> writes:
> Apaches dbmmanage is affected:
>
> # dbmmanage -s /var/apachedb/usersdbm add user1 passwd
> dbmmanage SHA1 passwords require the interface or the module Digest::SHA1
> available from CPAN:
>
> http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz
>
> Please install Digest::SHA1 and try again, or use a different crypt
> option:

I filed <http://bugs.debian.org/682401> for this issue.

Ansgar

It is also required for inetsim (unoffical deb package) available from http://www.inetsim.org/packages.html

MailScanner is also affected (as is any 3rd party perl script that has use Digest::SHA1; in it)

MailScanner recommend the installation of the debian package http://www.mailscanner.info/ubuntu.html
but that is no longer possible because it fails out on the missing dep.

Using the manual deb from Gabriel in #9 https://bugs.launchpad.net/ubuntu/+source/libdigest-sha1-perl/+bug/993648/comments/9 does solve the dependency problem.

It strikes me as absurd that Ubuntu maintainers might suggest Digest::SHA is a drop in replacement for Digest::SHA1 - it is not.
Are Ubuntu offering to do fix up all 3rd party code that uses Digest::$type"->new ? (which needs ::SHA1 and doesn't work in ::SHA). The common method would be Digest->new($type) but not all code out there uses that.

Oh and for others, you could always install it with CPAN - but this goes against the whole point of packages (since perl could update and you'll be left without Digest::SHA1)

This bug also breaks external registration in movabletype-opensource - making it impossible for anyone to log in from OpenID, Google, etc. I get the error message:

"Required module (Digest::SHA1) for OpenID commenter authentication is missing."

The solution in comment #9 will not work for me on my 32-bit system.

Ben Romer <email address hidden> writes:
> This bug also breaks external registration in movabletype-opensource -
> making it impossible for anyone to log in from OpenID, Google, etc. I
> get the error message:
>
> "Required module (Digest::SHA1) for OpenID commenter authentication is
> missing."
>
> The solution in comment #9 will not work for me on my 32-bit system.

movabletype-opensource not working is a bug in that package. I reported
it there[1] and also in Debian[2].

Ansgar

  [1] <https://bugs.launchpad.net/bugs/1083267>
  [2] <http://bugs.debian.org/694476>

If you'd like Ubuntu to take hold in the commercial world, you should consider backward compatibility. Issues like this make this distribution unsuitable for use in a commercial environment.

ddclient is affected to. There's been a bugreport a while ago: https://sourceforge.net/p/ddclient/bugs/58/

some legacy code will need Digest::SHA1, used cpanm to install
apt-get install cpanm
cpanm -i Digest::SHA1

……… and repeat on every perl upgrade, as cpan-installed perl packages are version-bound ………

Yeah, it is not that hard to replace Digest::SHA1 with Digest::SHA. In general. It is somewhat harder to do when there are quite a lot of scripts which need be fixed, repackaged, redistributed etc.

Just next little bit of useless extra work caused by someone's feeling of aestethics.