It turns out that it is not as easy as this:
$ dd if=/dev/urandom of=foo bs=1 count=270 ; python -c 'import apt_pkg; print
apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
270+0 records in
270+0 records out
270 bytes (270 B) copied, 0,00338191 s, 79,8 kB/s
002cba6fd9622137d286dcc428ed49f225d36d3b44b503db9ac816bf5b2a090e
002cba6fd9622137d286dcc428ed49f225d36d3b44b503db9ac816bf5b2a090e foo
So the content seems to be the key here. And indeed:
$ dd if=/dev/urandom of=foo bs=1k count=270 ; uuencode foo foo > foo2; python
-c 'import apt_pkg; print apt_pkg.sha256sum(open("foo2").read())' ; sha256sum
foo2
270+0 records in
270+0 records out
276480 bytes (276 kB) copied, 0,133452 s, 2,1 MB/s
ffcb3d53079b45720f3037d01b6adcda78c1df6a41963049d900d910c6e9d7a0
ffcb3d53079b45720f3037d01b6adcda78c1df6a41963049d900d910c6e9d7a0 foo2
is fine as are the uncompressed sha256 Package files (this is why it
went unnoticed for so long).
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
