package: src:debian-edu-install severity: important x-debbugs-cc: Peter Dreuw <peter.dr...@credativ.de>, Dominik George <n...@naturalnet.de>
Hi, please see inline for some questions to this bug report… +first of all, let me say I'm surprised noone else noticed this before. Can someone reproduce this issue? Also: this issue can only be seen for wheezy but not for squeeze? On Wed, Aug 24, 2016 at 09:30:22AM +0200, Peter Dreuw wrote: > Dear Skolelinux community, > > we attempted to upgrade a Skolelinx server from Squeeze to Wheezy (and > planned to progress to Jessie later on, of course) and run into the > following issue. As an example, I'd like to pick the "slbackup" package: > > > md5sum says: > > ~> md5sum slbackup_0.0.12-5~edu70+1_all.deb > *7e72a33d83d3185abe66278c1b01b67e* slbackup_0.0.12-5~edu70+1_all.deb > > but > http://ftp.skolelinux.org/skolelinux/dists/wheezy/local/binary-amd64/Packages > states > > MD5sum: *83d3185abe66278c1b01b67e98d69f57* > SHA1: a23c8598901c18fa16dc18128e6b668ef2de7f61 > SHA256: 4dc74d5da14c7b8d5bcc55fcfc40660991255d074142d9f0b2461e3200000000 > > Only the SHA512 value matches the one we calculated locally, MD5, SHA1 > and SHA256 are screwed. this *really* puzzles me, either all hashes should match or none… > There is an indication that there might be somewhere something broken > with string manipulation as e.g. the MD5 sums we got match a substring > of the one given on the project web page. This gets more obvious if > written like this: > > 7e72a33d *83d3185abe66278c1b01b67e* > > ........ *83d3185abe66278c1b01b67e* 98d69f57 > > > I picked a few more Skolelinux Wheezy packages and all of them showed > the same issue with the hashes. I suspect that there is a bug in the > packaging tool chain the project team might not be aware of. > > Without a working upstream repository, an upgrade won't be possible. I guess you could still continue upgrading and go to jessie (via upgrading to wheezy) - jessie doesnt use ftp.skolelinux.org anymore and instead *only* uses packages from ftp.debian.org… > Some questions arise for me: > > * Is that issue already known? > * if so, are there any solutions proposed? > * is this the right place to ask and if not, who else should I ask? > > Thank you all in advance > and best regards > > Peter Dreuw -- cheers, Holger
signature.asc
Description: Digital signature