The fix is now in intrepid and I attach the diff for soyuz so that it
can be fixed there too. Let me know if I can help further in any way.
** Attachment added: "Fix for the problem"
http://launchpadlibrarian.net/16103562/hash-fix.diff
** Changed in: apt (Ubuntu)
Status: Fix Committed =
So will the Relase files ever contain correct SHA256 checksums for the
Packages.gz files?
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
It turned out that the python<->c++ glue code had issues with strings
with \0 in them, this is fixed now.
** Changed in: apt (Ubuntu)
Status: In Progress => Fix Committed
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug
Apt does its sha256 checks on the uncompressed Packages file and that is
correct in the Release file.
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
It turns out that it is not as easy as this:
$ dd if=/dev/urandom of=foo bs=1 count=270 ; python -c 'import apt_pkg; print
apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
270+0 records in
270+0 records out
270 bytes (270 B) copied, 0,00338191 s, 79,8 kB/s
002cba6fd9622137d286dcc428ed49f22
Testing the string use-case shows that it goes wrong on 253 bytes:
$ dd if=/dev/urandom of=foo bs=1 count=252 ; python -c 'import apt_pkg; print
apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
252+0 records in
252+0 records out
252 bytes (252 B) copied, 0,00294077 s, 85,7 kB/s
83c762165fb
Thanks for your bugreport.
The usage of sha256sum() with file objects is generally prefered, so
apt_pkg.sha256sum(open('Packages.gz')
should work.
However, there is a bug here somewhere because the string usage should
work as well. It does in my tests for small strings, it might be a
problem in
Wrong checksum during receive of
'http://archive.ubuntu.com/ubuntu/dists/gutsy/main/binary-i386/Packages.gz':
sha256 expected:
baa89858c7e545390273530ba63c61b94c2e09d38c28b0a0311bfa7bde396181, got:
af96b1f3119c4ce4b0c6183750279bf7cbdfe62581289f03ad360787e79f968b
There have been errors!
Same pro
** Changed in: soyuz
Target: 1.99 => None
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@li
** Changed in: apt (Ubuntu)
Sourcepackagename: None => apt
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubun
** Changed in: soyuz
Importance: Undecided => High
Assignee: (unassigned) => Celso Providelo (cprov)
Status: New => Confirmed
Target: None => 1.99
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notificat
All SHA256 after 'feisty' are wrong, we are using apt_pkg.sha256sum() to
generate them and it is broken (!)
{{{
>>> import apt_pkg
>>> apt_pkg.sha256sum(open('Packages.gz').read())
'baa89858c7e545390273530ba63c61b94c2e09d38c28b0a0311bfa7bde396181'
>>>
>>> from subprocess import call
>>> call(['sha
Thanks for the report. I'm poking at it myself now, and have forwarded
it to the Soyuz folks.
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
I tested this out to confirm Ryan's findings:
I downloaded http://archive.ubuntu.com/ubuntu/dists/hardy/Release and
http://archive.ubuntu.com/ubuntu/dists/hardy/main/binary-
amd64/Packages.gz
"md5sum Packages.gz" matches the md5sum data in the Release file.
"sha256sum Packages.gz" does NOT match.
** Changed in: ubuntu
Status: New => Confirmed
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bu
15 matches
Mail list logo
