On Thu, Aug 03, 2017 at 04:11:23PM -0700, Nicholas Dreyer wrote:
>Package: cdimage.debian.org
>Severity: grave
>Justification: renders package unusable
>
>Dear Maintainer,
>
>*** Reporter, please consider answering these questions, where appropriate ***
>
> * What led up to the situation?
>Tried to upgrade to 9.1.0 from basic 9.0.0 instalation using the 9.1.0 update
>DVD
>
> * What exactly did you do (or not do) that was effective (or
> ineffective)?
>Built iso image, then burnt it to a DVD using jigdo information from here:
>
> http://cdimage.debian.org/debian-cd/current/i386/jigdo-dvd/debian-update-9.1.0-i386-DVD-1.jigdo
>Ran "apt-cdrom add /dev/cdrom" on the DVD
>Ran "apt-get update"
>Ran "apt-get upgrade"
>
> * What was the outcome of this action?
>/etc/apt/sources.list got new source line:
>deb cdrom:[Debian GNU/Linux 9.1.0 Update DVD 20170722: i386 DVD 1]/ stretch
>contrib main non-free
>
>Package instalation for every file selected for upgrade failed with message
>such as
>Err:0 cdrom://[Debian GNU/Linux 9.1.0 Update DVD 20170722: i386 DVD 1]
>stretch/main i386 base-files i386 9.9+deb9u1
> Insufficient information available to perform this download securely
> Hashes of expected file:
> - MD5Sum:47bf7b3f66c3f43f733724ec07ad4a26 [weak]
> - Filesize:67180 [weak]
Hi Nicholas,
Apologies - you've found a real bug here. I need to update the
update-cd script to use better hashes than just md5sum for the update
images. This setup has worked for a very long time, but newer versions
of apt won't accept it any more. Looking into a fix now...
--
Steve McIntyre, Cambridge, UK. st...@einval.com
< sladen> I actually stayed in a hotel and arrived to find a post-it
note stuck to the mini-bar saying "Paul: This fridge and
fittings are the correct way around and do not need altering"
