Yeah, valgrind is a bit noisy always because we are building the cache in memory before (1) writing it to the disk and the write includes unused regions and (2) we are hashing the entire thing before writing it, including the uninitialised bytes. So that means while we do have a few uninitialized bytes, it's actually safe.
This bug is fairly strange. Especially git vs packages. The only thing different when building via git is that hardening flags are not used. You could export those: DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags export CXXFLAGS LDFLAGS CPPFLAGS but I seriously doubt that's the problem (if git always worked instead of always failed, this might have made sense). If I had a user account on an affected machine, where If I had a user account on an affected machine (it needs to be reproducible by creating a fake root directory, and copying etc/apt and var/lib/apt to it, then I can use -o Dir=$PATH_TO_FAKE_ROOT instead of needing root), where I can build apt and have tools like valgrind, gdb; I could (try to) debug that myself. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
