Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Package: apt
Version: 0.9.7.9+deb7u3
Severity: important
Dear Maintainer,
I seems something is wrong with the new apt update and sum checks:
root@xxx:~# apt-get update
Get:1 file: local/ Release.gpg [287 B]
Hit http://security.debian.org wheezy/updates Release.gpg
Get:2 file: local/ Release [1,471 B]
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.debian.org wheezy Release.gpg
Ign file: local/ Translation-en_US
Ign file: local/ Translation-en
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/contrib Sources
Hit http://ftp.debian.org wheezy Release
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://ftp.debian.org wheezy/main Sources
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://ftp.debian.org wheezy/contrib Sources
Hit http://ftp.debian.org wheezy/main amd64 Packages
Hit http://ftp.debian.org wheezy/contrib amd64 Packages
Hit http://ftp.debian.org wheezy/contrib Translation-en
Hit http://ftp.debian.org wheezy/main Translation-en
W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum
mismatch
E: Some index files failed to download. They have been ignored, or old ones
used instead.
root@xxx:~# cat /usr/src/debian-repository/local/Release
Origin: root
Label: root
Suite: local
Codename: local
Date: Wed, 17 Sep 2014 15:53:51 UTC
Architectures: all i386
MD5Sum:
8e878e4ff6933df115026949de317553 75827 Packages
4539db44508cb66e34b59516519e1516 16753 Packages.gz
b54ee5c8994ad13c8e538bad87fcb334 15236 Packages.bz2
b823c7a2ec075192b82dd8b30917bb545114 Sources
9ac6e47c74527fde317c72fd9e7f67df1511 Sources.gz
d5ecdab0fc193a0b6d3f0bb4f2ce587a1599 Sources.bz2
SHA1:
b7d698856537d0d48cc0adfa91e2b7c3c3de21a9 75827 Packages
08660371326be41b9109c1fec749f29c9472a071 16753 Packages.gz
c6c48bcf903f931e48010ef698e400021870014c 15236 Packages.bz2
c53c66bca6443739352767c6b48dc1a60e4c506b5114 Sources
eb7aff7b0da1e2f884bad478cbcf0cd9158024221511 Sources.gz
eabaaa0ae948e10e4bc8a116ac4673137f17783f1599 Sources.bz2
SHA256:
25ce372e36b9e923562e57f14af9bfccb89d8876eff61e74679b1376966f81b2
75827 Packages
cbedb4a366c27d8dfc6f840c58a788d170f1aed8591436de466604b9aca25fc8
16753 Packages.gz
4504e5e72afa28586425046185f21d0f0afacc9f05827fe0befafcc1c6506c4d
15236 Packages.bz2
046c1502172ffaa972e0ccfa5b5f30bdb33960b5fab76814f2c73973e020e721
5114 Sources
41bf248d8c2ce060e61529f6f130a588a1032b0ea813879565b799a75b5aff1a
1511 Sources.gz
690a70a052f38de0608fe3dde97d59a9448748b9b61c2f3af9fe9e966b04bdc0
1599 Sources.bz2
root@xxx:~# md5sum
/usr/src/debian-repository/local/{Packages,Packages.gz,Packages.bz2,Sources,Sources.gz,Sources.bz2}
8e878e4ff6933df115026949de317553 /usr/src/debian-repository/local/Packages
4539db44508cb66e34b59516519e1516 /usr/src/debian-repository/local/Packages.gz
b54ee5c8994ad13c8e538bad87fcb334 /usr/src/debian-repository/local/Packages.bz2
b823c7a2ec075192b82dd8b30917bb54 /usr/src/debian-repository/local/Sources
9ac6e47c74527fde317c72fd9e7f67df /usr/src/debian-repository/local/Sources.gz
d5ecdab0fc193a0b6d3f0bb4f2ce587a /usr/src/debian-repository/local/Sources.bz2
root@xxx:~# sha1sum
/usr/src/debian-repository/local/{Packages,Packages.gz,Packages.bz2,Sources,Sources.gz,Sources.bz2}
b7d698856537d0d48cc0adfa91e2b7c3c3de21a9
/usr/src/debian-repository/local/Packages
08660371326be41b9109c1fec749f29c9472a071
/usr/src/debian-repository/local/Packages.gz
c6c48bcf903f931e48010ef698e400021870014c
/usr/src/debian-repository/local/Packages.bz2
c53c66bca6443739352767c6b48dc1a60e4c506b
/usr/src/debian-repository/local/Sources
eb7aff7b0da1e2f884bad478cbcf0cd915802422
/usr/src/debian-repository/local/Sources.gz
eabaaa0ae948e10e4bc8a116ac4673137f17783f
/usr/src/debian-repository/local/Sources.bz2
root@xxx:~# sha256sum
/usr/src/debian-repository/local/{Packages,Packages.gz,Packages.bz2,Sources,Sources.gz,Sources.bz2}
25ce372e36b9e923562e57f14af9bfccb89d8876eff61e74679b1376966f81b2
/usr/src/debian-repository/local/Packages
cbedb4a366c27d8dfc6f840c58a788d170f1aed8591436de466604b9aca25fc8
/usr/src/debian-repository/local/Packages.gz
4504e5e72afa28586425046185f21d0f0afacc9f05827fe0befafcc1c6506c4d
/usr/src/debian-repository/local/Packages.bz2
046c1502172ffaa972e0ccfa5b5f30bdb33960b5fab76814f2c73973e020e721
/usr/src/debian-repository/local/Sources
Bug#762079: apt: Hash Sum mismatch while sum checks since security update
On Thu, Sep 18, 2014 at 10:26:41AM +0200, b...@debian.org wrote: Package: apt Version: 0.9.7.9+deb7u3 Severity: important Thanks for your bugreport. [..] W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. [..] Interestingly, right after building the local packages, my autobuild script issue a 'apt-get update' that completes successfully. But when I issue another 'apt-get update' even one second later I get the above behavior. Regenerating the packages produced the same behavior. But everything checks! What's wrong? There is a regression in the recent security update that causes file:/// uris that are on a different partition (or nfs) than the apt lists dir to misbehave. The fix is commited as http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=debian/wheezyid=3fa61cd604da1a4d744cebf3fbb747bf7c80bf91 and we will upload fixed packages shortly. If you could test the fix that would be much appreciated. Sorry for the trouble, Michael Cheers! Sylvain -- Package-specific info: -- apt-config dump -- APT ; APT::Architecture amd64; APT::Build-Essential ; APT::Build-Essential:: build-essential; APT::Install-Recommends 1; APT::Install-Suggests 0; APT::Authentication ; APT::Authentication::TrustCDROM true; APT::NeverAutoRemove ; APT::NeverAutoRemove:: ^firmware-linux.*; APT::NeverAutoRemove:: ^linux-firmware$; APT::NeverAutoRemove:: ^linux-image.*; APT::NeverAutoRemove:: ^kfreebsd-image.*; APT::NeverAutoRemove:: ^linux-restricted-modules.*; APT::NeverAutoRemove:: ^linux-ubuntu-modules-.*; APT::NeverAutoRemove:: ^gnumach$; APT::NeverAutoRemove:: ^gnumach-image.*; APT::Never-MarkAuto-Sections ; APT::Never-MarkAuto-Sections:: metapackages; APT::Never-MarkAuto-Sections:: restricted/metapackages; APT::Never-MarkAuto-Sections:: universe/metapackages; APT::Never-MarkAuto-Sections:: multiverse/metapackages; APT::Never-MarkAuto-Sections:: oldlibs; APT::Never-MarkAuto-Sections:: restricted/oldlibs; APT::Never-MarkAuto-Sections:: universe/oldlibs; APT::Never-MarkAuto-Sections:: multiverse/oldlibs; APT::Periodic ; APT::Periodic::Update-Package-Lists 1; APT::Periodic::Download-Upgradeable-Packages 0; APT::Periodic::AutocleanInterval 0; APT::Update ; APT::Update::Post-Invoke ; APT::Update::Post-Invoke:: touch /var/lib/apt/periodic/update-success-stamp 2/dev/null || true; APT::Archives ; APT::Archives::MaxAge 30; APT::Archives::MinAge 2; APT::Archives::MaxSize 500; APT::Architectures ; APT::Architectures:: amd64; APT::Compressor ; APT::Compressor::. ; APT::Compressor::.::Name .; APT::Compressor::.::Extension ; APT::Compressor::.::Binary ; APT::Compressor::.::Cost 1; APT::Compressor::gzip ; APT::Compressor::gzip::Name gzip; APT::Compressor::gzip::Extension .gz; APT::Compressor::gzip::Binary gzip; APT::Compressor::gzip::Cost 2; APT::Compressor::gzip::CompressArg ; APT::Compressor::gzip::CompressArg:: -9n; APT::Compressor::gzip::UncompressArg ; APT::Compressor::gzip::UncompressArg:: -d; APT::Compressor::bzip2 ; APT::Compressor::bzip2::Name bzip2; APT::Compressor::bzip2::Extension .bz2; APT::Compressor::bzip2::Binary bzip2; APT::Compressor::bzip2::Cost 3; APT::Compressor::bzip2::CompressArg ; APT::Compressor::bzip2::CompressArg:: -9; APT::Compressor::bzip2::UncompressArg ; APT::Compressor::bzip2::UncompressArg:: -d; APT::Compressor::xz ; APT::Compressor::xz::Name xz; APT::Compressor::xz::Extension .xz; APT::Compressor::xz::Binary xz; APT::Compressor::xz::Cost 4; APT::Compressor::xz::CompressArg ; APT::Compressor::xz::CompressArg:: -6; APT::Compressor::xz::UncompressArg ; APT::Compressor::xz::UncompressArg:: -d; APT::Compressor::lzma ; APT::Compressor::lzma::Name lzma; APT::Compressor::lzma::Extension .lzma; APT::Compressor::lzma::Binary xz; APT::Compressor::lzma::Cost 5; APT::Compressor::lzma::CompressArg ; APT::Compressor::lzma::CompressArg:: --format=lzma; APT::Compressor::lzma::CompressArg:: -9; APT::Compressor::lzma::UncompressArg ; APT::Compressor::lzma::UncompressArg:: --format=lzma; APT::Compressor::lzma::UncompressArg:: -d; APT::CompressorName ; APT::CompressorExtension .; APT::CompressorBinary ; APT::CompressorCost 100; APT::CompressorCompressArg ; APT::CompressorCompressArg:: -9; APT::CompressorUncompressArg ; APT::CompressorUncompressArg:: -d; Dir /; Dir::State var/lib/apt/; Dir::State::lists lists/; Dir::State::cdroms cdroms.list; Dir::State::mirrors mirrors/; Dir::State::extended_states extended_states; Dir::State::status /var/lib/dpkg/status; Dir::Cache var/cache/apt/; Dir::Cache::archives archives/; Dir::Cache::srcpkgcache srcpkgcache.bin; Dir::Cache::pkgcache pkgcache.bin; Dir::Etc etc/apt/; Dir::Etc::sourcelist sources.list; Dir::Etc::sourceparts sources.list.d; Dir::Etc::vendorlist vendors.list; Dir::Etc::vendorparts
Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Hi Michael, On Thu, Sep 18, 2014 at 11:25:40AM +0200, Michael Vogt wrote: On Thu, Sep 18, 2014 at 10:26:41AM +0200, b...@debian.org wrote: Package: apt Version: 0.9.7.9+deb7u3 Severity: important Thanks for your bugreport. [..] W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. [..] Interestingly, right after building the local packages, my autobuild script issue a 'apt-get update' that completes successfully. But when I issue another 'apt-get update' even one second later I get the above behavior. Regenerating the packages produced the same behavior. But everything checks! What's wrong? There is a regression in the recent security update that causes file:/// uris that are on a different partition (or nfs) than the apt lists dir to misbehave. The fix is commited as http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=debian/wheezyid=3fa61cd604da1a4d744cebf3fbb747bf7c80bf91 and we will upload fixed packages shortly. If you could test the fix that would be much appreciated. Sorry for the trouble, Thanks for the fast answer. The repository is indeed located on an NFS share. I confirm that recompiling from the debian/wheezy branch fixes the issue. Cheers! Sylvain -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
