Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Package: apt Version: 0.9.7.9+deb7u3 Severity: important Dear Maintainer, I seems something is wrong with the new apt update and sum checks: root@xxx:~# apt-get update Get:1 file: local/ Release.gpg [287 B] Hit http://security.debian.org wheezy/updates Release.gpg Get:2 file: local/ Release [1,471 B] Hit http://security.debian.org wheezy/updates Release Hit http://ftp.debian.org wheezy Release.gpg Ign file: local/ Translation-en_US Ign file: local/ Translation-en Hit http://security.debian.org wheezy/updates/main Sources Hit http://security.debian.org wheezy/updates/contrib Sources Hit http://ftp.debian.org wheezy Release Hit http://security.debian.org wheezy/updates/main amd64 Packages Hit http://security.debian.org wheezy/updates/contrib amd64 Packages Hit http://ftp.debian.org wheezy/main Sources Hit http://security.debian.org wheezy/updates/contrib Translation-en Hit http://security.debian.org wheezy/updates/main Translation-en Hit http://ftp.debian.org wheezy/contrib Sources Hit http://ftp.debian.org wheezy/main amd64 Packages Hit http://ftp.debian.org wheezy/contrib amd64 Packages Hit http://ftp.debian.org wheezy/contrib Translation-en Hit http://ftp.debian.org wheezy/main Translation-en W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. root@xxx:~# cat /usr/src/debian-repository/local/Release Origin: root Label: root Suite: local Codename: local Date: Wed, 17 Sep 2014 15:53:51 UTC Architectures: all i386 MD5Sum: 8e878e4ff6933df115026949de317553 75827 Packages 4539db44508cb66e34b59516519e1516 16753 Packages.gz b54ee5c8994ad13c8e538bad87fcb334 15236 Packages.bz2 b823c7a2ec075192b82dd8b30917bb545114 Sources 9ac6e47c74527fde317c72fd9e7f67df1511 Sources.gz d5ecdab0fc193a0b6d3f0bb4f2ce587a1599 Sources.bz2 SHA1: b7d698856537d0d48cc0adfa91e2b7c3c3de21a9 75827 Packages 08660371326be41b9109c1fec749f29c9472a071 16753 Packages.gz c6c48bcf903f931e48010ef698e400021870014c 15236 Packages.bz2 c53c66bca6443739352767c6b48dc1a60e4c506b5114 Sources eb7aff7b0da1e2f884bad478cbcf0cd9158024221511 Sources.gz eabaaa0ae948e10e4bc8a116ac4673137f17783f1599 Sources.bz2 SHA256: 25ce372e36b9e923562e57f14af9bfccb89d8876eff61e74679b1376966f81b2 75827 Packages cbedb4a366c27d8dfc6f840c58a788d170f1aed8591436de466604b9aca25fc8 16753 Packages.gz 4504e5e72afa28586425046185f21d0f0afacc9f05827fe0befafcc1c6506c4d 15236 Packages.bz2 046c1502172ffaa972e0ccfa5b5f30bdb33960b5fab76814f2c73973e020e721 5114 Sources 41bf248d8c2ce060e61529f6f130a588a1032b0ea813879565b799a75b5aff1a 1511 Sources.gz 690a70a052f38de0608fe3dde97d59a9448748b9b61c2f3af9fe9e966b04bdc0 1599 Sources.bz2 root@xxx:~# md5sum /usr/src/debian-repository/local/{Packages,Packages.gz,Packages.bz2,Sources,Sources.gz,Sources.bz2} 8e878e4ff6933df115026949de317553 /usr/src/debian-repository/local/Packages 4539db44508cb66e34b59516519e1516 /usr/src/debian-repository/local/Packages.gz b54ee5c8994ad13c8e538bad87fcb334 /usr/src/debian-repository/local/Packages.bz2 b823c7a2ec075192b82dd8b30917bb54 /usr/src/debian-repository/local/Sources 9ac6e47c74527fde317c72fd9e7f67df /usr/src/debian-repository/local/Sources.gz d5ecdab0fc193a0b6d3f0bb4f2ce587a /usr/src/debian-repository/local/Sources.bz2 root@xxx:~# sha1sum /usr/src/debian-repository/local/{Packages,Packages.gz,Packages.bz2,Sources,Sources.gz,Sources.bz2} b7d698856537d0d48cc0adfa91e2b7c3c3de21a9 /usr/src/debian-repository/local/Packages 08660371326be41b9109c1fec749f29c9472a071 /usr/src/debian-repository/local/Packages.gz c6c48bcf903f931e48010ef698e400021870014c /usr/src/debian-repository/local/Packages.bz2 c53c66bca6443739352767c6b48dc1a60e4c506b /usr/src/debian-repository/local/Sources eb7aff7b0da1e2f884bad478cbcf0cd915802422 /usr/src/debian-repository/local/Sources.gz eabaaa0ae948e10e4bc8a116ac4673137f17783f /usr/src/debian-repository/local/Sources.bz2 root@xxx:~# sha256sum /usr/src/debian-repository/local/{Packages,Packages.gz,Packages.bz2,Sources,Sources.gz,Sources.bz2} 25ce372e36b9e923562e57f14af9bfccb89d8876eff61e74679b1376966f81b2 /usr/src/debian-repository/local/Packages cbedb4a366c27d8dfc6f840c58a788d170f1aed8591436de466604b9aca25fc8 /usr/src/debian-repository/local/Packages.gz 4504e5e72afa28586425046185f21d0f0afacc9f05827fe0befafcc1c6506c4d /usr/src/debian-repository/local/Packages.bz2 046c1502172ffaa972e0ccfa5b5f30bdb33960b5fab76814f2c73973e020e721 /usr/src/debian-repository/local/Sources
Bug#762079: apt: Hash Sum mismatch while sum checks since security update
On Thu, Sep 18, 2014 at 10:26:41AM +0200, b...@debian.org wrote: Package: apt Version: 0.9.7.9+deb7u3 Severity: important Thanks for your bugreport. [..] W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. [..] Interestingly, right after building the local packages, my autobuild script issue a 'apt-get update' that completes successfully. But when I issue another 'apt-get update' even one second later I get the above behavior. Regenerating the packages produced the same behavior. But everything checks! What's wrong? There is a regression in the recent security update that causes file:/// uris that are on a different partition (or nfs) than the apt lists dir to misbehave. The fix is commited as http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=debian/wheezyid=3fa61cd604da1a4d744cebf3fbb747bf7c80bf91 and we will upload fixed packages shortly. If you could test the fix that would be much appreciated. Sorry for the trouble, Michael Cheers! Sylvain -- Package-specific info: -- apt-config dump -- APT ; APT::Architecture amd64; APT::Build-Essential ; APT::Build-Essential:: build-essential; APT::Install-Recommends 1; APT::Install-Suggests 0; APT::Authentication ; APT::Authentication::TrustCDROM true; APT::NeverAutoRemove ; APT::NeverAutoRemove:: ^firmware-linux.*; APT::NeverAutoRemove:: ^linux-firmware$; APT::NeverAutoRemove:: ^linux-image.*; APT::NeverAutoRemove:: ^kfreebsd-image.*; APT::NeverAutoRemove:: ^linux-restricted-modules.*; APT::NeverAutoRemove:: ^linux-ubuntu-modules-.*; APT::NeverAutoRemove:: ^gnumach$; APT::NeverAutoRemove:: ^gnumach-image.*; APT::Never-MarkAuto-Sections ; APT::Never-MarkAuto-Sections:: metapackages; APT::Never-MarkAuto-Sections:: restricted/metapackages; APT::Never-MarkAuto-Sections:: universe/metapackages; APT::Never-MarkAuto-Sections:: multiverse/metapackages; APT::Never-MarkAuto-Sections:: oldlibs; APT::Never-MarkAuto-Sections:: restricted/oldlibs; APT::Never-MarkAuto-Sections:: universe/oldlibs; APT::Never-MarkAuto-Sections:: multiverse/oldlibs; APT::Periodic ; APT::Periodic::Update-Package-Lists 1; APT::Periodic::Download-Upgradeable-Packages 0; APT::Periodic::AutocleanInterval 0; APT::Update ; APT::Update::Post-Invoke ; APT::Update::Post-Invoke:: touch /var/lib/apt/periodic/update-success-stamp 2/dev/null || true; APT::Archives ; APT::Archives::MaxAge 30; APT::Archives::MinAge 2; APT::Archives::MaxSize 500; APT::Architectures ; APT::Architectures:: amd64; APT::Compressor ; APT::Compressor::. ; APT::Compressor::.::Name .; APT::Compressor::.::Extension ; APT::Compressor::.::Binary ; APT::Compressor::.::Cost 1; APT::Compressor::gzip ; APT::Compressor::gzip::Name gzip; APT::Compressor::gzip::Extension .gz; APT::Compressor::gzip::Binary gzip; APT::Compressor::gzip::Cost 2; APT::Compressor::gzip::CompressArg ; APT::Compressor::gzip::CompressArg:: -9n; APT::Compressor::gzip::UncompressArg ; APT::Compressor::gzip::UncompressArg:: -d; APT::Compressor::bzip2 ; APT::Compressor::bzip2::Name bzip2; APT::Compressor::bzip2::Extension .bz2; APT::Compressor::bzip2::Binary bzip2; APT::Compressor::bzip2::Cost 3; APT::Compressor::bzip2::CompressArg ; APT::Compressor::bzip2::CompressArg:: -9; APT::Compressor::bzip2::UncompressArg ; APT::Compressor::bzip2::UncompressArg:: -d; APT::Compressor::xz ; APT::Compressor::xz::Name xz; APT::Compressor::xz::Extension .xz; APT::Compressor::xz::Binary xz; APT::Compressor::xz::Cost 4; APT::Compressor::xz::CompressArg ; APT::Compressor::xz::CompressArg:: -6; APT::Compressor::xz::UncompressArg ; APT::Compressor::xz::UncompressArg:: -d; APT::Compressor::lzma ; APT::Compressor::lzma::Name lzma; APT::Compressor::lzma::Extension .lzma; APT::Compressor::lzma::Binary xz; APT::Compressor::lzma::Cost 5; APT::Compressor::lzma::CompressArg ; APT::Compressor::lzma::CompressArg:: --format=lzma; APT::Compressor::lzma::CompressArg:: -9; APT::Compressor::lzma::UncompressArg ; APT::Compressor::lzma::UncompressArg:: --format=lzma; APT::Compressor::lzma::UncompressArg:: -d; APT::CompressorName ; APT::CompressorExtension .; APT::CompressorBinary ; APT::CompressorCost 100; APT::CompressorCompressArg ; APT::CompressorCompressArg:: -9; APT::CompressorUncompressArg ; APT::CompressorUncompressArg:: -d; Dir /; Dir::State var/lib/apt/; Dir::State::lists lists/; Dir::State::cdroms cdroms.list; Dir::State::mirrors mirrors/; Dir::State::extended_states extended_states; Dir::State::status /var/lib/dpkg/status; Dir::Cache var/cache/apt/; Dir::Cache::archives archives/; Dir::Cache::srcpkgcache srcpkgcache.bin; Dir::Cache::pkgcache pkgcache.bin; Dir::Etc etc/apt/; Dir::Etc::sourcelist sources.list; Dir::Etc::sourceparts sources.list.d; Dir::Etc::vendorlist vendors.list; Dir::Etc::vendorparts
Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Hi Michael, On Thu, Sep 18, 2014 at 11:25:40AM +0200, Michael Vogt wrote: On Thu, Sep 18, 2014 at 10:26:41AM +0200, b...@debian.org wrote: Package: apt Version: 0.9.7.9+deb7u3 Severity: important Thanks for your bugreport. [..] W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. [..] Interestingly, right after building the local packages, my autobuild script issue a 'apt-get update' that completes successfully. But when I issue another 'apt-get update' even one second later I get the above behavior. Regenerating the packages produced the same behavior. But everything checks! What's wrong? There is a regression in the recent security update that causes file:/// uris that are on a different partition (or nfs) than the apt lists dir to misbehave. The fix is commited as http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=debian/wheezyid=3fa61cd604da1a4d744cebf3fbb747bf7c80bf91 and we will upload fixed packages shortly. If you could test the fix that would be much appreciated. Sorry for the trouble, Thanks for the fast answer. The repository is indeed located on an NFS share. I confirm that recompiling from the debian/wheezy branch fixes the issue. Cheers! Sylvain -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org