[Bug 1871035] [NEW] .changes file cannot be updated with new checksums after signing .dsc

Mon, 06 Apr 2020 01:01:31 -0700 

Public bug reported:

When signing a .dsc file and updating the respective .changes file,
dpkg-sig replaces all sha1, sha256 checksums with md5 checksums. (This
means that it is not possible anymore to upload associated .deb packages
as, e.g., mini-dinstall cannot parse the resulting .changes file).

The above affects *all* versions of Debian, Ubuntu--but it only
manifests if the .changes file contains a reference to the associated
.dsc file (this is, e.g., the case when using pbuilder).

>From looking at the source code, apart from replacing sha1 checksums
with md5 counterparts, dpkg-sig is lacking sha256 checksum support in
the first place.


% #The above has been verified on xenial, bionic systems; only including fossa 
related data here:
% lsb_release -rd
Description:    Ubuntu Focal Fossa (development branch)
Release:        20.04
% apt-cache policy dpkg-sig
dpkg-sig:
  Installed: 0.13.1+nmu4
  Candidate: 0.13.1+nmu4
  Version table:
 *** 0.13.1+nmu4 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status
% apt-cache policy pbuilder
pbuilder:
  Installed: 0.230.4
  Candidate: 0.230.4
  Version table:
 *** 0.230.4 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status


* Expected behaviour: md5, sha1, sha256 checksums of .dsc file updated in 
.changes file after 
  signing.
* Actual result: all .dsc related entries in .changes file now contain the same 
md5 checksum.

** Affects: dpkg-sig (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: bionic disco eoan focal xenial

** Attachment added: "Log of a dpkg-sig run signing .changes showing the 
resulting wrong checksums"
   
https://bugs.launchpad.net/bugs/1871035/+attachment/5347535/+files/dpkg-sig.log

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1871035

Title:
  .changes file cannot be updated with new checksums after signing .dsc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg-sig/+bug/1871035/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to