Debian Bug report logs - #838441
apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Pablo Di Noto <pdinoto@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Date: Wed, 21 Sep 2016 08:28:21 +0000

Package: apt
Version: 1.3~rc4
Severity: important

Dear Maintainer,

When doing a apt-get update under a Debian 9 system, I repeatedly get:

Reading package lists... Done
E: Failed to fetch copy:/var/lib/apt/lists/partial/http.debian
.net_debian_dists_stretch_main_dep11_icons-64x64.tar.gz  Hash Sum mismatch
   Hashes of expected file:
    - Checksum-FileSize:7626752 [weak]
    - SHA256:b7dd6cc0630334321ff822cf2fc69df1263d81548e808c46f7a77af66f54c19e
    - SHA1:f90289555ba000250b4f3b06c2d4fa70eae4da72 [weak]
    - MD5Sum:bf3fd40405388c5da311c791f93dfa9e [weak]
   Hashes of received file:
    - SHA256:34032bc756f67b5257c6a16fe9fb1ec14a9ee72890c7739b6b257fba11e90112
    - SHA1:686718a66a3d2e583580a574b324ba7d03be5a0c [weak]
    - MD5Sum:c35c6eed0e0dfd9830b431f245eb1c5a [weak]
    - Checksum-FileSize:6054390 [weak]
   Last modification reported: Tue, 20 Sep 2016 20:56:45 +0000
   Release file created at: Wed, 21 Sep 2016 03:35:08 +0000
E: Some index files failed to download. They have been ignored, or old ones
used instead.

This is happening since 10-20 days ago.

Tried some common recipes for "Hash mismatch", like switching mirrors, adding
Acquire::http::Pipeline-Depth 0;
Acquire::http::No-Cache true;
Acquire::BrokenProxy    true;
to /etc/apt/apt.conf.d/99fixbadproxy with no change.

Trying to debug what is happening, I pulled the file giving hash mismatch
error:

> user@debian-8x:~$ wget
http://debian.salud.gob.sv/debian/dists/stretch/main/dep11/icons-64x64.tar.gz
> --2016-09-21 04:14:58--
http://debian.salud.gob.sv/debian/dists/stretch/main/dep11/icons-64x64.tar.gz
> Resolving debian.salud.gob.sv (debian.salud.gob.sv)... 190.86.223.16
> Connecting to debian.salud.gob.sv (debian.salud.gob.sv)|190.86.223.16|:80...
connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 6054390 (5.8M) [application/x-gzip]
> Saving to: ‘icons-64x64.tar.gz’
>
> icons-64x64.tar.gz       100%[====================================>]   5.77M
216KB/s   in 68s    s
>
> 2016-09-21 04:16:08 (87.0 KB/s) - ‘icons-64x64.tar.gz’ saved
[6054390/6054390]
>
> user@debian-8x:~$ ls -l
> total 5956
> (...)
> -rw-r--r-- 1 user user 6054390 Sep 20 17:56 icons-64x64.tar.gz
> (...)
> user@debian-8x:~$ md5sum icons-64x64.tar.gz
> c35c6eed0e0dfd9830b431f245eb1c5a  icons-64x64.tar.gz
> user@debian-8x:~$ sha1sum icons-64x64.tar.gz
> 686718a66a3d2e583580a574b324ba7d03be5a0c  icons-64x64.tar.gz
> user@debian-8x:~$ sha256sum icons-64x64.tar.gz
> 34032bc756f67b5257c6a16fe9fb1ec14a9ee72890c7739b6b257fba11e90112  icons-
64x64.tar.gz

...which matches the "Hashes of received file:" part of the error.

I see the file arrived ok, and gunzip does not complain when decompressing,
> user@debian-8x:~$ gunzip icons-64x64.tar.gz
> user@debian-8x:~$ md5sum icons-64x64.tar
> bf3fd40405388c5da311c791f93dfa9e  icons-64x64.tar
> user@debian-8x:~$ sha1sum icons-64x64.tar
> f90289555ba000250b4f3b06c2d4fa70eae4da72  icons-64x64.tar
> user@debian-8x:~$ sha256sum icons-64x64.tar
> b7dd6cc0630334321ff822cf2fc69df1263d81548e808c46f7a77af66f54c19e  icons-
64x64.tar

and even the hashes match on the uncompressed file hashes on the error report.

Now, I pull http://debian.salud.gob.sv/debian/dists/stretch/Release to check
if I am receiving corrupted Release by a transparent proxy or something like
that.
Checking its contents I see
> user@debian-8x:~$ grep -n 'main/dep11/icons-64x64.tar' Release
> 393: bf3fd40405388c5da311c791f93dfa9e  7626752 main/dep11/icons-64x64.tar
> 394: c35c6eed0e0dfd9830b431f245eb1c5a  6054390 main/dep11/icons-64x64.tar.gz
> 1278: f90289555ba000250b4f3b06c2d4fa70eae4da72  7626752 main/dep11/icons-
64x64.tar
> 1279: 686718a66a3d2e583580a574b324ba7d03be5a0c  6054390 main/dep11/icons-
64x64.tar.gz
> 2163: b7dd6cc0630334321ff822cf2fc69df1263d81548e808c46f7a77af66f54c19e
7626752 main/dep11/icons-64x64.tar
> 2164: 34032bc756f67b5257c6a16fe9fb1ec14a9ee72890c7739b6b257fba11e90112
6054390 main/dep11/icons-64x64.tar.gz

So every hash matches, both compressed and uncompressed file.

Reviewing the error message from apt-get, I see it that the error is correctly
listing the "Hashes of received file" (the .tar.gz), but expecting the hashes
the
uncompressed file (.tar):





-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^linux-headers-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^linux-image-extra-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^linux-signed-image-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^kfreebsd-image-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^gnumach-image-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^.*-modules-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^.*-kernel-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::NeverAutoRemove:: "^linux-tools-3\.18\.17-4\.pvops\.qubes\.x86_64$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-image";
APT::VersionedKernelPackages:: "linux-headers";
APT::VersionedKernelPackages:: "linux-image-extra";
APT::VersionedKernelPackages:: "linux-signed-image";
APT::VersionedKernelPackages:: "kfreebsd-image";
APT::VersionedKernelPackages:: "kfreebsd-headers";
APT::VersionedKernelPackages:: "gnumach-image";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::VersionedKernelPackages:: "linux-backports-modules-.*";
APT::VersionedKernelPackages:: "linux-tools";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "contrib/metapackages";
APT::Never-MarkAuto-Sections:: "non-free/metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Move-Autobit-Sections:: "contrib/oldlibs";
APT::Move-Autobit-Sections:: "non-free/oldlibs";
APT::Move-Autobit-Sections:: "restricted/oldlibs";
APT::Move-Autobit-Sections:: "universe/oldlibs";
APT::Move-Autobit-Sections:: "multiverse/oldlibs";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
APT::Update::Post-Invoke-Success:: "if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh-cache > /dev/null; fi";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";
APT::Compressor::lz4::Extension ".lz4";
APT::Compressor::lz4::Binary "false";
APT::Compressor::lz4::Cost "50";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "100";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-6n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "200";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "bzip2";
APT::Compressor::bzip2::Cost "300";
APT::Compressor::bzip2::CompressArg "";
APT::Compressor::bzip2::CompressArg:: "-6";
APT::Compressor::bzip2::UncompressArg "";
APT::Compressor::bzip2::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "400";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-6";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::planners "";
Dir::Bin::planners:: "/usr/lib/apt/planners";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::gzip "/bin/gzip";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Bin::lz4 "/usr/bin/lz4";
Dir::Bin::lzma "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Log::Planner "eipp.log.xz";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Dir::Ignore-Files-Silently:: "\.distUpgrade$";
Acquire "";
Acquire::AllowInsecureRepositories "0";
Acquire::AllowWeakRepositories "0";
Acquire::AllowDowngradeToInsecureRepositories "0";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom/";
Acquire::IndexTargets "";
Acquire::IndexTargets::deb "";
Acquire::IndexTargets::deb::Packages "";
Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages";
Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages";
Acquire::IndexTargets::deb::Packages::ShortDescription "Packages";
Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages";
Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages";
Acquire::IndexTargets::deb::Packages::Optional "0";
Acquire::IndexTargets::deb::Translations "";
Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::DEP-11 "";
Acquire::IndexTargets::deb::DEP-11::MetaKey "$(COMPONENT)/dep11/Components-$(NATIVE_ARCHITECTURE).yml";
Acquire::IndexTargets::deb::DEP-11::ShortDescription "Components-$(NATIVE_ARCHITECTURE)";
Acquire::IndexTargets::deb::DEP-11::Description "$(RELEASE)/$(COMPONENT) $(NATIVE_ARCHITECTURE) DEP-11 Metadata";
Acquire::IndexTargets::deb::DEP-11::KeepCompressed "true";
Acquire::IndexTargets::deb::DEP-11::KeepCompressedAs "gz";
Acquire::IndexTargets::deb::DEP-11-icons "";
Acquire::IndexTargets::deb::DEP-11-icons::MetaKey "$(COMPONENT)/dep11/icons-64x64.tar";
Acquire::IndexTargets::deb::DEP-11-icons::ShortDescription "icons-64x64";
Acquire::IndexTargets::deb::DEP-11-icons::Description "$(RELEASE)/$(COMPONENT) DEP-11 64x64 Icons";
Acquire::IndexTargets::deb::DEP-11-icons::KeepCompressed "true";
Acquire::IndexTargets::deb::DEP-11-icons::KeepCompressedAs "gz";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi "";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::MetaKey "$(COMPONENT)/dep11/icons-128x128.tar";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::ShortDescription "icons-128x128";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::Description "$(RELEASE)/$(COMPONENT) DEP-11 128x128 Icons";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::KeepCompressed "true";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::KeepCompressedAs "gz";
Acquire::IndexTargets::deb::DEP-11-icons-hidpi::DefaultEnabled "false";
Acquire::IndexTargets::deb-src "";
Acquire::IndexTargets::deb-src::Sources "";
Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources";
Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources";
Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources";
Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources";
Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources";
Acquire::IndexTargets::deb-src::Sources::Optional "0";
Acquire::Changelogs "";
Acquire::Changelogs::URI "";
Acquire::Changelogs::URI::Origin "";
Acquire::Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";
Acquire::Changelogs::URI::Origin::Tanglu "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog";
Acquire::Changelogs::URI::Origin::Ubuntu "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog";
Acquire::Changelogs::URI::Origin::Ultimedia "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt";
Acquire::Changelogs::AlwaysOnline "";
Acquire::Changelogs::AlwaysOnline::Origin "";
Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1";
Acquire::http "";
Acquire::http::Proxy "http://10.137.255.254:8082/";
Acquire::http::Pipeline-Depth "0";
Acquire::http::No-Cache "true";
Acquire::BrokenProxy "true";
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
Acquire::CompressionTypes "";
Acquire::CompressionTypes::xz "xz";
Acquire::CompressionTypes::bz2 "bzip2";
Acquire::CompressionTypes::lzma "lzma";
Acquire::CompressionTypes::gz "gzip";
Acquire::CompressionTypes::lz4 "lz4";
DPkg "";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "/usr/lib/qubes/upgrades-status-notify || true";
DPkg::Post-Invoke:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20";
Binary "apt-config";
Binary::apt "";
Binary::apt::APT "";
Binary::apt::APT::Color "1";
Binary::apt::APT::Cache "";
Binary::apt::APT::Cache::Show "";
Binary::apt::APT::Cache::Show::Version "2";
Binary::apt::APT::Cache::AllVersions "0";
Binary::apt::APT::Cache::ShowVirtuals "1";
Binary::apt::APT::Cache::Search "";
Binary::apt::APT::Cache::Search::Version "2";
Binary::apt::APT::Cache::ShowDependencyType "1";
Binary::apt::APT::Cache::ShowVersion "1";
Binary::apt::APT::Get "";
Binary::apt::APT::Get::Upgrade-Allow-New "1";
Binary::apt::APT::Cmd "";
Binary::apt::APT::Cmd::Show-Update-Stats "1";
Binary::apt::APT::Keep-Downloaded-Packages "0";
Binary::apt::DPkg "";
Binary::apt::DPkg::Progress-Fancy "1";
Binary::apt-get "";
Binary::apt-get::Acquire "";
Binary::apt-get::Acquire::AllowInsecureRepositories "1";
CommandLine "";
CommandLine::AsString "apt-config dump";

-- (no /etc/apt/preferences present) --


-- (no /etc/apt/preferences.d/* present) --


-- /etc/apt/sources.list --

deb http://http.debian.net/debian stretch main contrib non-free
#deb-src http://http.debian.net/debian main/stretch main contrib non-free

deb http://security.debian.org stretch/updates main contrib non-free
#deb-src http://security.debian.org stretch/updates main contrib non-free


-- /etc/apt/sources.list.d/epson-printing.list --

deb http://http.debian.net/debian jessie main contrib non-free


-- /etc/apt/sources.list.d/google-chrome.list --

### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main

-- /etc/apt/sources.list.d/pinta-maintainers-pinta-daily-xenial.list --

deb http://ppa.launchpad.net/pinta-maintainers/pinta-daily/ubuntu xenial main

-- /etc/apt/sources.list.d/qubes-r3.list --

# Main qubes updates repository
deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch main

# Qubes updates candidates repository
#deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-testing main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch-testing main

# Qubes security updates testing repository
#deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-securitytesting main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch-securitytesting main

# Qubes experimental/unstable repository
#deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-unstable main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch-unstable main

-- /etc/apt/sources.list.d/webupd8team-atom-jessie.list --

deb http://ppa.launchpad.net/webupd8team/atom/ubuntu xenial main
# deb-src http://ppa.launchpad.net/webupd8team/atom/ubuntu vivid main

-- /etc/apt/sources.list.d/wine.list --

deb http://httpredir.debian.org/debian stretch main

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.14-11.pvops.qubes.x86_64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  adduser                 3.115
ii  debian-archive-keyring  2014.3
ii  gpgv                    1.4.20-6
ii  init-system-helpers     1.44
ii  libapt-pkg5.0           1.3~rc4
ii  libc6                   2.23-5
ii  libgcc1                 1:6.1.1-11
ii  libstdc++6              6.1.1-11

Versions of packages apt recommends:
ii  gnupg   1.4.20-6
ii  gnupg2  2.1.11-7

Versions of packages apt suggests:
pn  apt-doc         <none>
ii  aptitude        0.8.3-1
ii  dpkg-dev        1.18.10
pn  powermgmt-base  <none>
ii  python-apt      1.1.0~beta5

-- no debconf information

Message #10 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Markus Wanner <markus@bluegap.ch>

To: Pablo Di Noto <pdinoto@gmail.com>

Cc: 838441@bugs.debian.org

Subject: Bug#838441: apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Date: Sun, 13 Nov 2016 20:15:57 +0100

[Message part 1 (text/plain, inline)]

Hello Pablo,

I run into the same issue when proxying my apt through apt-cacher-ng.
Not without any proxy in between.

It seems you're using a proxy, too:

> Acquire::http::Proxy "http://10.137.255.254:8082/";

Out of curiosity and hopefully narrowing down the issue: What kind of
proxy is this on your side?

Kind Regards

Markus Wanner

[signature.asc (application/pgp-signature, attachment)]

Message #15 received at 838441@bugs.debian.org (full text, mbox, reply):

From: David Kalnischkies <david@kalnischkies.de>

To: Markus Wanner <markus@bluegap.ch>, 838441@bugs.debian.org

Cc: Pablo Di Noto <pdinoto@gmail.com>

Subject: Re: Bug#838441: apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Date: Sun, 13 Nov 2016 21:45:24 +0100

[Message part 1 (text/plain, inline)]

(mhh, I wonder why I missed the initial report…)

On Sun, Nov 13, 2016 at 08:15:57PM +0100, Markus Wanner wrote:
> > Acquire::http::Proxy "http://10.137.255.254:8082/";
> 
> Out of curiosity and hopefully narrowing down the issue: What kind of
> proxy is this on your side?

Another good point would be running apt with:
-o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1

That has a bunch of output, so perhaps add: 2>&1 | tee filename.log

And is "repeatedly" meant to refer to "reproducible all the time" or
"happens often, but no obvious pattern"?

Interesting is the failure in copy ("E: Failed to fetch copy:") as that
is supposed to "just" move files around without (un)compression – and we
have passed the stage proxies could interfere as the download itself
verified (or not, maybe it IMS hits in some way and copy is supposed to
verify it – there are various ways such a not-modified state can be
reached and proxies are notoriously bad with it…).

btw: It is best to run apt with the least amount of config usually. The
mentioned config options are rather special case and especially the
"Acquire::BrokenProxy" one doesn't even exist… (I looked once, it seems
to have existed ~10 years ago for one year in no stable release and the
name was very bad for what it actually did…). Rule of thumb: If you
don't know what you are doing, use neither – unfortunately it seems the
people commonly answering questions on q&a-sites tend to be in the very
vocal "no idea, but I get points for posting stuff anyhow" group.


Best regards

David Kalnischkies

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Pablo Di Noto <pdinoto@gmail.com>

To: Markus Wanner <markus@bluegap.ch>

Cc: 838441@bugs.debian.org, David Kalnischkies <david@kalnischkies.de>

Subject: Re: Bug#838441: apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Date: Sun, 13 Nov 2016 20:46:37 -0300

[Message part 1 (text/plain, inline)]

(cc: David Kalnischkies as this may answer his question too)

Hello Pablo,
>
> I run into the same issue when proxying my apt through apt-cacher-ng.
> Not without any proxy in between.
>
> It seems you're using a proxy, too:
>
> > Acquire::http::Proxy "http://10.137.255.254:8082/";
>
> Out of curiosity and hopefully narrowing down the issue: What kind of
> proxy is this on your side?
>

You are right, there is a proxy and I failed to mention it. D'oh!

This report comes from a Qubes OS "Debian 8 template", which runs on a
xen-based VM, and is just a regular Debian with some additional packages
that allow the VMs based on this template to play nice on a Qubes OS system
(allowing copy&paste between machines, handle block device sharing, etc).

They way Qubes OS works in terms of networking is that "application VMs"
connect to internet through a "firewall VM", which has a WAN interface (the
insecure one) connected to a "network VM". At the end, from the point of
view of the VM I am reporting the issue from, it is like getting to the
Internet through a Linux-based firewall and then a home router.

Qubes templates have a tinyproxy-based proxy that allows the update of the
machines regardless of the firewall settings. Hence, they have the
Acquire::http::Proxy "http://10.137.255.254:8082/" statement on their apt
config files. This proxy config seems quite generic:

User tinyproxy
> Group tinyproxy
> Port 8082
> Timeout 60
> DefaultErrorFile "/usr/share/tinyproxy/default.html"
> #StatHost "tinyproxy.stats"
> StatFile "/usr/share/tinyproxy/stats.html"
> Syslog On
> LogLevel Notice
> PidFile "/var/run/tinyproxy-updates/tinyproxy.pid"
> MaxClients 50
> MinSpareServers 2
> MaxSpareServers 10
> StartServers 2
> MaxRequestsPerChild 0
> DisableViaHeader Yes
> Allow 127.0.0.1
> Allow 10.137.0.0/16
> ConnectPort 443


I will monitor syslog when performing the apt-get update and see if I can
catch any special event.
So far, the same issue happens on my newer template, which is Debian
9-based, and is happening almost 50% of the time when the apt-lists are no
longer valid. When it happens, repeating the 'apt-get update' command
succeeds.

Thanks for pointing out this "small" detail.
Regards,
///Pablo

[Message part 2 (text/html, inline)]

Message #25 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Pablo Di Noto <pdinoto@gmail.com>

To: David Kalnischkies <david@kalnischkies.de>, Markus Wanner <markus@bluegap.ch>, 838441@bugs.debian.org, Pablo Di Noto <pdinoto@gmail.com>

Subject: Re: Bug#838441: apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Date: Sun, 13 Nov 2016 20:53:11 -0300

[Message part 1 (text/plain, inline)]

> (mhh, I wonder why I missed the initial report…)
>

Not familiar with Debian bug system, so perhaps I did not follow the proper
procedure?


>
> On Sun, Nov 13, 2016 at 08:15:57PM +0100, Markus Wanner wrote:
> > > Acquire::http::Proxy "http://10.137.255.254:8082/";
> >
> > Out of curiosity and hopefully narrowing down the issue: What kind of
> > proxy is this on your side?
>
> Another good point would be running apt with:
> -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
>

Will try this during the week, once the downloaded files get expired.


> And is "repeatedly" meant to refer to "reproducible all the time" or
> "happens often, but no obvious pattern"?
>

The pattern I was able to detect is that:
- It always happen on files related to dep11 and icons, which are quite big.
- Happens 50% of the time
- Happens on debian 8 and debian 9 (will collect same set of logs on the
newer template)


> Interesting is the failure in copy ("E: Failed to fetch copy:") as that
> is supposed to "just" move files around without (un)compression – and we
> have passed the stage proxies could interfere as the download itself
> verified (or not, maybe it IMS hits in some way and copy is supposed to
> verify it – there are various ways such a not-modified state can be
> reached and proxies are notoriously bad with it…).
>
> btw: It is best to run apt with the least amount of config usually. The
> mentioned config options are rather special case and especially the
> "Acquire::BrokenProxy" one doesn't even exist… (I looked once, it seems
> to have existed ~10 years ago for one year in no stable release and the
> name was very bad for what it actually did…). Rule of thumb: If you
> don't know what you are doing, use neither – unfortunately it seems the
> people commonly answering questions on q&a-sites tend to be in the very
> vocal "no idea, but I get points for posting stuff anyhow" group.
>

Now that I realize the proxy is a suspect, I will clone the template and
perform the same update with and without the proxy. That should provide
some clues. Same goes for the "bare minimum" apt-config file.

>
Thanks for the suggestions,
///Pablo

[Message part 2 (text/html, inline)]

Message #30 received at 838441@bugs.debian.org (full text, mbox, reply):

From: 1 <dmedinah@unemi.edu.ec>

Subject: Advertencia de la cuenta final

Date: Wed, 23 Nov 2016 07:44:35 -0500 (ECT)

[Message part 1 (text/plain, inline)]

le hemos enviado varios correos electrónicos para actualizar su cuenta de correo electrónico, y te hemos ignorado. por favor, vamos a cerrar esta cuenta de usuario si no verifica dentro de las 24 horas
Abra el Administrador del sitio siguiente para actualizado su cuenta de correo electrónico ahora.  http://www.c0rreo-admin.com/

[Message part 2 (text/html, inline)]

Message #35 received at 838441@bugs.debian.org (full text, mbox, reply):

From: 1 <ipenaherrerav1@unemi.edu.ec>

Subject: Advertencia de la cuenta final

Date: Wed, 23 Nov 2016 10:55:46 -0500 (ECT)

[Message part 1 (text/plain, inline)]

-- 
le hemos enviado varios correos electrónicos para actualizar su cuenta de correo electrónico, y te hemos ignorado. por favor, vamos a cerrar esta cuenta de usuario si no verifica dentro de las 24 horas
Abra el Administrador del sitio siguiente para actualizado su cuenta de correo electrónico ahora.  http://www.c0rreo-admin.com/

[Message part 2 (text/html, inline)]

Message #40 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Guillaume Betous <guillaume.betous@gmail.com>

To: 838441@bugs.debian.org

Subject: Any update ?

Date: Sun, 15 Jan 2017 09:57:44 +0100

[Message part 1 (text/plain, inline)]

Hi, any update on this issue ? I'm still facing it since months now.

Is there any workaround waiting for a fix ?

Thanks !

gUI

-- 
Pour la santé de votre ordinateur, préférez les logiciels libres.
Lire son mail : http://www.mozilla-europe.org/fr/products/thunderbird/
Browser le web : http://www.mozilla-europe.org/fr/products/firefox/
Suite bureautique : http://www.libreoffice.org/download/

[Message part 2 (text/html, inline)]

Message #45 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Julian Andres Klode <jak@debian.org>

To: Guillaume Betous <guillaume.betous@gmail.com>, 838441@bugs.debian.org

Subject: Re: Bug#838441: Any update ?

Date: Sun, 15 Jan 2017 10:56:03 +0100

Control: severity -1 normal

On Sun, Jan 15, 2017 at 09:57:44AM +0100, Guillaume Betous wrote:
> Hi, any update on this issue ? I'm still facing it since months now.

First of all: Write a useful email with some context, this one is about

 apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

And no, there is no update on this. I certainly run proxies a lot
of the time and I have not seen this issue once. This really is a tiny
corner case somewhere.


> Is there any workaround waiting for a fix ?

Given that appstream is probably useless if that does not work for you,
why not just uninstall it?


-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
                  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

Message #52 received at 838441@bugs.debian.org (full text, mbox, reply):

From: 1 <bgallardo@insn.gob.pe>

To: undisclosed-recipients:;

Subject: Cuenta de advertencia final

Date: Thu, 19 Jan 2017 11:40:42 -0500 (PET)

[Message part 1 (text/plain, inline)]

Le hemos enviado una carta para actualizar su cuenta de correo electrónico, por favor, la falta de actualización de su cuenta en un plazo de 24 horas dará lugar a la cancelación de la cuenta.Haga clic aquí    Para actualizar su cuenta ahora.administrador del sistema

[Message part 2 (text/html, inline)]

Message #57 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Julian Andres Klode <jak@debian.org>

To: Guillaume Betous <guillaume.betous@gmail.com>, 838441@bugs.debian.org

Subject: Re: Bug#838441: Any update ?

Date: Wed, 25 Jan 2017 02:59:35 +0100

[Message part 1 (text/plain, inline)]

On Sun, Jan 15, 2017 at 10:56:03AM +0100, Julian Andres Klode wrote:
> Control: severity -1 normal
> 
> On Sun, Jan 15, 2017 at 09:57:44AM +0100, Guillaume Betous wrote:
> > Hi, any update on this issue ? I'm still facing it since months now.
> 
> First of all: Write a useful email with some context, this one is about
> 
>  apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file
> 
> And no, there is no update on this. I certainly run proxies a lot
> of the time and I have not seen this issue once. This really is a tiny
> corner case somewhere.

Reproducer attached. Extract and run
  APT_CONFIG=rootdir/apt.conf apt update
in the directory you extracted it to.

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
                  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

[rootdir.tar.gz (application/gzip, attachment)]

Message #60 received at 838441-submitter@bugs.debian.org (full text, mbox, reply):

From: Julian Andres Klode <jak@debian.org>

To: 838441-submitter@bugs.debian.org

Subject: Bug#838441 in apt marked as pending

Date: Sat, 28 Jan 2017 13:07:12 +0000

Control: tag 838441 pending

Hello,

Bug #838441 in apt reported by you has been fixed in the Git repository. You can
see the commit message below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/apt/apt.git/diff/?id=7b78e8b

(this message was generated automatically based on the git commit message)
---
commit 7b78e8bef1fc9de22d826db1db9df25f97d3710c
Author: Julian Andres Klode <jak@debian.org>
Date:   Wed Jan 25 03:38:59 2017 +0100

    Only merge acquire items with the same meta key
    
    Since the introduction of by-hash, two differently named
    files might have the same real URL. In our case, the files
    icons-64x64.tar.gz and icons-128x128.tar.gz of empty tarballs.
    
    APT would try to merge them and end with weird errors because
    it completed the first download and enters the second stage for
    decompressing and verifying. After that it would queue a new item
    to copy the original file to the location, but that copy item would
    be in the wrong stage, causing it to use the hashes for the
    decompressed item.
    
    Closes: #838441

Message #67 received at 838441@bugs.debian.org (full text, mbox, reply):

From: Pablo Di Noto <pdinoto@gmail.com>

To: 838441@bugs.debian.org, Pablo Di Noto <pdinoto@gmail.com>, Julian Andres Klode <jak@debian.org>

Subject: Re: Bug#838441: apt-get update fails with "Hash Sum mismatch", mixes hashes between tar.gz and tar file

Date: Sat, 28 Jan 2017 21:05:58 -0300

[Message part 1 (text/plain, inline)]

Hello,

I am not familiar about the release process, so I do not know how could I
grab a fixed apt and install it to confirm this fixes my original issue.

I went without updating these VMs quite for some time (vacations!), but now
can re-test if that helps.

Thanks for checking and providing a fix for the issue.
Regards,
///Pablo

2016-11-13 20:53 GMT-03:00 Pablo Di Noto <pdinoto@gmail.com>:

>
> (mhh, I wonder why I missed the initial report…)
>>
>
> Not familiar with Debian bug system, so perhaps I did not follow the
> proper procedure?
>
>
>>
>> On Sun, Nov 13, 2016 at 08:15:57PM +0100, Markus Wanner wrote:
>> > > Acquire::http::Proxy "http://10.137.255.254:8082/";
>> >
>> > Out of curiosity and hopefully narrowing down the issue: What kind of
>> > proxy is this on your side?
>>
>> Another good point would be running apt with:
>> -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::http=1
>>
>
> Will try this during the week, once the downloaded files get expired.
>
>
>> And is "repeatedly" meant to refer to "reproducible all the time" or
>> "happens often, but no obvious pattern"?
>>
>
> The pattern I was able to detect is that:
> - It always happen on files related to dep11 and icons, which are quite
> big.
> - Happens 50% of the time
> - Happens on debian 8 and debian 9 (will collect same set of logs on the
> newer template)
>
>
>> Interesting is the failure in copy ("E: Failed to fetch copy:") as that
>> is supposed to "just" move files around without (un)compression – and we
>> have passed the stage proxies could interfere as the download itself
>> verified (or not, maybe it IMS hits in some way and copy is supposed to
>> verify it – there are various ways such a not-modified state can be
>> reached and proxies are notoriously bad with it…).
>>
>> btw: It is best to run apt with the least amount of config usually. The
>> mentioned config options are rather special case and especially the
>> "Acquire::BrokenProxy" one doesn't even exist… (I looked once, it seems
>> to have existed ~10 years ago for one year in no stable release and the
>> name was very bad for what it actually did…). Rule of thumb: If you
>> don't know what you are doing, use neither – unfortunately it seems the
>> people commonly answering questions on q&a-sites tend to be in the very
>> vocal "no idea, but I get points for posting stuff anyhow" group.
>>
>
> Now that I realize the proxy is a suspect, I will clone the template and
> perform the same update with and without the proxy. That should provide
> some clues. Same goes for the "bare minimum" apt-config file.
>
>>
> Thanks for the suggestions,
> ///Pablo
>

[Message part 2 (text/html, inline)]

Message #74 received at 838441-close@bugs.debian.org (full text, mbox, reply):

From: Julian Andres Klode <jak@debian.org>

To: 838441-close@bugs.debian.org

Subject: Bug#838441: fixed in apt 1.4~rc1

Date: Mon, 06 Feb 2017 15:03:31 +0000

Source: apt
Source-Version: 1.4~rc1

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 838441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 06 Feb 2017 14:41:23 +0100
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.4~rc1
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 838441 846476 848721 850759 852460 853761 853762
Changes:
 apt (1.4~rc1) unstable; urgency=medium
 .
   [ David Kalnischkies ]
   * don't show update stats if cache generation is disabled
   * don't lock dpkg in 'apt-get clean'
   * don't lock dpkg in update commands
   * avoid validate/delete/load race in cache generation
   * fix 'install --no-download' mode
   * remove 'old' FAILED files in the next acquire call (Closes: 846476)
   * stop rred from leaking debug messages on recovered errors (Closes: #850759)
   * make the moo reproducible.
     Thanks to Chris Lamb for initial patch and guru meditation (Closes: #848721)
   * update release mappings in documentation
   * avoid malloc if option whitelist is disabled (default)
 .
   [ Julian Andres Klode ]
   * basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
   * test suite: Do not exit 0 in trap for QUIT
   * Only merge acquire items with the same meta key (Closes: #838441)
 .
   [ Zhou Mo ]
   * po: update Simplified Chinese program translation
 .
   [ Jean-Pierre Giraud ]
   * French manpages translation update (Closes: 852460)
 .
   [ victory ]
   * Japanese manpages & program translation update
 .
   [ Frans Spiesschaert ]
   * Dutch program translation update (Closes: #853761)
   * Dutch manpage translation update (Closes: #853762)
Checksums-Sha1:
 f2a6fa3a43768b12eabd30ee602342bd5a4de564 2557 apt_1.4~rc1.dsc
 efb98c1f28db703ca0c40aa0dcefb852d83c739e 2074296 apt_1.4~rc1.tar.xz
 e4415fae0fb9d95148eb1c5f375f980dfef1a221 6739 apt_1.4~rc1_source.buildinfo
Checksums-Sha256:
 44439d7539c6a8129d35db3e74acadd1939e862fccbc226d6aac222b1d84b2a2 2557 apt_1.4~rc1.dsc
 81d3ea631510b1be7dccc1e0b111ae848f5ad956bc4ee88a2a8025c7c11869d5 2074296 apt_1.4~rc1.tar.xz
 e508137139b44f0220b1adb19454d33ed9ad0413b4fc0968c65c8d579b90c6f0 6739 apt_1.4~rc1_source.buildinfo
Files:
 25cbf49babe77eef36e9baa01ad287e8 2557 admin important apt_1.4~rc1.dsc
 57fb2eda30b0749dcf2ecbbac25aa0a7 2074296 admin important apt_1.4~rc1.tar.xz
 c85d869ace06bf0b0d962ca42731b9cd 6739 admin important apt_1.4~rc1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAliYfTQPHGpha0BkZWJp
YW4ub3JnAAoJENc8OeVlgLOGbG8P/0NwgmB49Wz9UoFvuShPMP9s6cWxFvViV3ns
TcoIhuCmQhvg7EKYlTyktGgf/E64LAbPsQd7gd68cI6Jy2anZNpQN3S/y8mUOvjr
/3Ne650uwlFm7e9iBnaOs+fnpuRJSk4b5WK8usGv7lmz98c4Nlxzn7AqwGMjTid9
/XuMTRaq8bKeNVZLZUKis8HueGzvAH1Pm5Uh6RCIRIp+YfNAt1KX6rP+skkmN2zT
0g0yU0j1JC0XRVNrojpXZiPvI9YPYjGW3NpnKdkCSZdwemfn2a57NldWs4YnBmL+
VqtoNiXUo1jMRMvEpEVGSE9+g3V366hkKrIgkJOdqHkVNCspyoCKb2LMA7Z7c+GU
y13aI+AOIEYsp95rckouTEHDyUK03tdxhYasYPotuJCNRQGdQZkO4jTo2PJwwtiM
u2jZVziZH4nTtEKJOVDgiGvJbcV4HWAz6dwVI0figMJJJnHng4kaOCOqnlnEVM88
x9XZc4CRCUtrvehzi/6kdu3Dk7tgNglIun8w7p7nQsnB9P0KCawkfBYdxF9UlW21
Ccr376ua3yqx7R+hft+bsHoMweEM791DvONXG7HyXLEPItYTxbKKMxh0POw8ARB/
N78oNtfGiR2tocce74iG/vivWL1xSvy3N8QWAX+tFwYRfA3XcM2A8Jxg5jxIeWwQ
b4FbnLr8
=rvG0
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.