It turns out that it is not as easy as this: $ dd if=/dev/urandom of=foo bs=1 count=270 ; python -c 'import apt_pkg; print apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo 270+0 records in 270+0 records out 270 bytes (270 B) copied, 0,00338191 s, 79,8 kB/s 002cba6fd9622137d286dcc428ed49f225d36d3b44b503db9ac816bf5b2a090e 002cba6fd9622137d286dcc428ed49f225d36d3b44b503db9ac816bf5b2a090e foo
So the content seems to be the key here. And indeed: $ dd if=/dev/urandom of=foo bs=1k count=270 ; uuencode foo foo > foo2; python -c 'import apt_pkg; print apt_pkg.sha256sum(open("foo2").read())' ; sha256sum foo2 270+0 records in 270+0 records out 276480 bytes (276 kB) copied, 0,133452 s, 2,1 MB/s ffcb3d53079b45720f3037d01b6adcda78c1df6a41963049d900d910c6e9d7a0 ffcb3d53079b45720f3037d01b6adcda78c1df6a41963049d900d910c6e9d7a0 foo2 is fine as are the uncompressed sha256 Package files (this is why it went unnoticed for so long). -- Hardy release files contain invalid SHA256 signatures. https://bugs.launchpad.net/bugs/243630 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs