Debian Bug report logs - #423835
debian-cd: Incorrect md5sum for Packages.gz files in Release file

version graph

Package: debian-cd; Maintainer for debian-cd is Debian CD Group <debian-cd@lists.debian.org>; Source for debian-cd is src:debian-cd.

Reported by: Frans Pop <elendil@planet.nl>

Date: Mon, 14 May 2007 13:03:01 UTC

Severity: serious

Tags: patch

Found in version debian-cd/3.0.2

Fixed in version debian-cd/3.0.3

Done: Steve McIntyre <93sam@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian CD Group <debian-cd@lists.debian.org>:
Bug#423835; Package debian-cd. Full text and rfc822 format available.

Acknowledgement sent to Frans Pop <elendil@planet.nl>:
New Bug report received and forwarded. Copy sent to Debian CD Group <debian-cd@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Frans Pop <elendil@planet.nl>
To: BTS submit <submit@bugs.debian.org>
Subject: debian-cd: Incorrect md5sum for Packages.gz files in Release file
Date: Mon, 14 May 2007 14:57:49 +0200
[Message part 1 (text/plain, inline)]
Package: debian-cd
Version: 3.0.2
Severity: serious
Tags: patch

I'm classifying this as serious as this makes the Release file invalid and 
thus breaks the CD image. I found this bug because debootstrap threw an 
error during an installation that Packages.gz was invalid. The install 
did continue, probably because Packages was valid, but the red error 
screen is still extremely disturbing.
I maybe worth fixing this for Etch as well.

The problem is in the function md5_files_for_release in 
tools/make_disc_trees.pl where it recompresses the Packages file, 
overwriting an existing Packages.gz file. This function is called with a 
list of files from a 'find'. These files are processed one-by-one, but 
apparently the order is not fixed. 

If the order of the files is Packages-Packages.gz, then all is well: first 
Packages is gzipped again and next the md5sum for the new Packages.gz is 
determined.
If the order of the files is Packages.gz-Packages, then first the md5sum 
for Packages.gz is determined but after that it gets overwritten by the 
recompression of Packages (with even a much higher compression rate), 
which explains the discrepancy of the md5sum and file size between the 
Packages.gz file and its listing in the Release file.

That the order is reversed is shown by how they appear in the Release 
file: in my case the .gz file is listed above the regular one.

The attached patch fixes the issue by splitting out the recompression into 
a separate function.

Cheers,
FJP

[make_disc_trees.diff (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Tags added: pending Request was from Steve McIntyre <steve@einval.com> to control@bugs.debian.org. (Sun, 26 Aug 2007 15:27:05 GMT) Full text and rfc822 format available.

Reply sent to Steve McIntyre <93sam@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Frans Pop <elendil@planet.nl>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 423835-close@bugs.debian.org (full text, mbox):

From: Steve McIntyre <93sam@debian.org>
To: 423835-close@bugs.debian.org
Subject: Bug#423835: fixed in debian-cd 3.0.3
Date: Sat, 01 Sep 2007 23:17:02 +0000
Source: debian-cd
Source-Version: 3.0.3

We believe that the bug you reported is fixed in the latest version of
debian-cd, which is due to be installed in the Debian FTP archive:

debian-cd_3.0.3.dsc
  to pool/main/d/debian-cd/debian-cd_3.0.3.dsc
debian-cd_3.0.3.tar.gz
  to pool/main/d/debian-cd/debian-cd_3.0.3.tar.gz
debian-cd_3.0.3_all.deb
  to pool/main/d/debian-cd/debian-cd_3.0.3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 423835@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre <93sam@debian.org> (supplier of updated debian-cd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 01 Sep 2007 23:58:42 +0100
Source: debian-cd
Binary: debian-cd
Architecture: source all
Version: 3.0.3
Distribution: unstable
Urgency: low
Maintainer: Debian CD Group <debian-cd@lists.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Description: 
 debian-cd  - Tools for building (Official) Debian CD set
Closes: 418195 423463 423835 425600 437497
Changes: 
 debian-cd (3.0.3) unstable; urgency=low
 .
   [ Steve McIntyre ]
   * In start_new_disc, cope with $DEBVERSION containing spaces.
   * Only put the release notes and installation guide on disc#1.
   * In list2cds, don't add udebs in the final COMPLETE run -
     they're no use there.
   * Add some munging on the Release files if we're not building
     for "testing". Used in the etch release, and I'll back it out shortly.
   * Copied etch files to lenny ready for the new testing work.
 .
   [ Frans Pop ]
   * Clean up: remove files for potato and woody releases.
 .
   [ Steve McIntyre ]
   * Removed m68k from the list of arches in generate_di+k_list and
     generate_di_list to reduce warnings.
   * Updated comments in update-cd; potato was a while ago!
   * It seems the changes for 3.0.0 completely broke extranonfree
     support. Re-add it.
 .
   [ Frans Pop ]
   * Dann Frazier has taken over from Jeff Bailey for daily IA64 D-I builds.
   * General update the template for the README file; explain the difference
     between small and full images better. Closes: #418195.
 .
   [ Steve McIntyre ]
   * Re-added DEBOOTSTRAP_DIR definition in the Makefile
   * Don't hack with the Release file unless EARLY_BUILD_HACK=1.
     Closes: #423463
 .
   [ Joey Hess ]
   * Remove pcmcia-cs-udeb from udeb_include; we don't need this udeb with
     modern kernels. (We didn't need it for etch either actually.)
 .
   [ Steve McIntyre ]
   * Fix for multi-arch CDs including source - the extranonfree update
     broke the source output
 .
   [ Frans Pop ]
   * Include both dhcp-client-udeb and dhcp3-client udeb while we're
     transitioning in the installer.
   * Exclude live-installer, simple-cdd, pwgen and nbd udebs as they are
     currently not used in Debian Installer.
   * Remove support for sparc32 as it is no longer supported for Lenny.
 .
   [ Steve McIntyre ]
   * Update unstable-map: in the Makefile - use lenny rather than etch
 .
   [ Petter Reinholdtsen ]
   * Update tools/grab_md5 to use the same variable name (SUITE->CODENAME)
     as the rest of the code, to reduce confusion.
 .
   [ Joey Hess ]
   * Drop old with26 cruft for lenny.
   * Update lenny's isolinux.bin to the one from syslinux 3.51-1
   * Parse isolinux.cfg case-insensatively.
   * Merge boot-i386 and boot-amd64 into boot-x86.
 .
   [ Otavio Salvador ]
   * Fix extranonfree support to be backward compatible with previous
     behaviour (default to false)
   * Create dpkg status file before calling APT
 .
   [ Steve McIntyre ]
   * Fix boot-x86 shell syntax so it runs
   * Further logic fixing in boot-x86: amd64 should now work
   * Temporary fixup for daily lenny sparc builds - use older image locations
     if new ones not available.
   * Remove Build-Dep-Indep on sysutils. Closes: #437497
   * In build.sh, use $DI_CODENAME for installer task files rather than
     $CODENAME - allows for sid builds more easily etc.
   * Recompress the Packages files separately just before generating
     Release files. Closes: #423835, thanks to fjp for the patch.
   * Check if required base packages might also be supplied by a local
     repository too, not just the main distribution. Closes: #425600
   * Merge update-cd changes across from the version in etch.
Files: 
 daac0d046074e750355b1c09478bc7f3 710 admin extra debian-cd_3.0.3.dsc
 05bbf4d1b26e7fabfceeff78793e4668 934775 admin extra debian-cd_3.0.3.tar.gz
 3c40ab3f277e7b27ff4b16a70ca1d002 929546 admin extra debian-cd_3.0.3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG2fBnfDt5cIjHwfcRAutEAJ9hPzoc0KbUY3uN9rb5y/EG5Fx5gACfd1ix
pAI9ubePTdgeI7T1U2B7+SM=
=/Oba
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 08:02:30 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 08:06:20 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.