Package: debmirror
Version: 1:2.16
Severity: normal
Tags: upstream patch
Dear Maintainer,
When I use debmirror to download i18n, files checksums are not checked.
I believe if the checksums for i18n files are available, it should be
verified.
Not failing when upstream has broken i18n files lead to such issues when
running `apt-get update`:
W: Failed to fetch http://some.custom.mirror/.../main/i18n/Translation-en
Hash Sum mismatch
Thank you!
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages debmirror depends on:
ii bzip2 1.0.6-7+b3
pn libdigest-md5-perl <none>
ii liblockfile-simple-perl 0.208-1
ii libnet-inet6glue-perl 0.603-1
ii libwww-perl 6.08-1
ii perl [libdigest-sha-perl] 5.20.2-3
ii perl-modules [libnet-perl] 5.20.2-3
ii rsync 3.1.1-3
Versions of packages debmirror recommends:
ii ed 1.10-2
ii gpgv 1.4.18-7
ii patch 2.7.5-1
Versions of packages debmirror suggests:
ii gnupg 1.4.18-7
-- no debconf information
Index: debmirror/debmirror
===================================================================
--- debmirror-2.15ubuntu1.orig/debmirror 2013-11-20 01:46:16.000000000 +0000
+++ debmirror-2.15ubuntu1/debmirror 2015-08-30 08:13:44.468167045 +0000
@@ -2420,6 +2420,9 @@
foreach my $file (sort keys %i18n_get) {
if (! check_i18n("$tempdir/$file", $i18n_get{$file}{size}, $i18n_get{$file}{sha1})) {
remote_get("$file");
+ if (! check_file(filename => "$tempdir/$file", size => $i18n_get{$file}{size}, SHA1 => $i18n_get{$file}{sha1})) {
+ die "Checksum incorrect for upstream file: $file";
+ }
if ($debmarshal) {
link_translation_into_snapshot($file,
$i18n_get{$file}{dist},
