[Bug 856311] Re: apt-ftparchive CacheDB truncates SHA512 hashes

Ubuntu QA's Bug Bot bug-stats at murraytwins.com
Thu Sep 22 12:09:59 UTC 2011 

The attachment "apt.ftparchive-cachedb-sha512.patch" of this bug report
has been identified as being a patch.  The ubuntu-reviewers team has
been subscribed to the bug report so that they can review the patch.  In
the event that this is in fact not a patch you can resolve this
situation by removing the tag 'patch' from the bug report and editing
the attachment so that it is not flagged as a patch.  Additionally, if
you are member of the ubuntu-sponsors please also unsubscribe the team
from this bug report.

[This is an automated message performed by a Launchpad user owned by
Brian Murray.  Please contact him regarding any issues with the action
taken in this bug report.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/856311

Title:
  apt-ftparchive CacheDB truncates SHA512 hashes

Status in “apt” package in Ubuntu:
  New

Bug description:
  $ cat >apt.conf
  Dir {
          ArchiveDir ".";
          CacheDir ".";
  };

  BinDirectory "." {
          Packages "Packages";
          BinCacheDB "pkgcache.apt";
  };
  $ apt-get download hello
  Get:1 Downloading hello 2.7-1 [25.9 kB]
  Fetched 25.9 kB in 3s (6,601 B/s)
  $ apt-ftparchive generate apt.conf
   .: New 1,831 B 1 files 25.9 kB 0s
  Packages done, Starting contents.
  Done. 25.9 kB in 1 archives. Took 0s
  $ cat Packages
  Package: hello
  Priority: optional
  Section: devel
  Installed-Size: 100
  Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Original-Maintainer: Santiago Vila <sanvila at debian.org>
  Architecture: i386
  Version: 2.7-1
  Depends: libc6 (>= 2.4), dpkg (>= 1.15.4) | install-info
  Filename: ./hello_2.7-1_i386.deb
  Size: 25852
  MD5sum: 0aaf7ad02dd0ec873b37ed2e6ca8bbf1
  SHA1: 07d3b6cb9cd54dc04d10c40af8d3deacd673e671
  SHA256: 982294094b87d40387d5e36cf8b7c3873449d6f8f01e8c058fc75d92f50ba18b
  SHA512: a703d095e8ad346d8b610d20efc70dcc3bc4df0f9e7da5ad9cd21bd9ec583c501ad30d65c44024b7001b4c23690e594c81321ff34afe97e68769d03932567d8f
  Description: The classic greeting, and a good example
   The GNU hello program produces a familiar, friendly greeting.  It
   allows non-programmers to use a classic computer science tool which
   would otherwise be unavailable to them.
   .
   Seriously, though: this is an example of how to do a Debian package.
   It is the Debian version of the GNU Project's `hello world' program
   (which is itself an example for the GNU Project).
  Homepage: http://www.gnu.org/software/hello/

  $ apt-ftparchive generate apt.conf
   .: New 1,721 B 1 files 25.9 kB 0s
  Packages done, Starting contents.
  Done. 25.9 kB in 1 archives. Took 0s
  $ cat Packages
  Package: hello
  Priority: optional
  Section: devel
  Installed-Size: 100
  Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Original-Maintainer: Santiago Vila <sanvila at debian.org>
  Architecture: i386
  Version: 2.7-1
  Depends: libc6 (>= 2.4), dpkg (>= 1.15.4) | install-info
  Filename: ./hello_2.7-1_i386.deb
  Size: 25852
  MD5sum: 0aaf7ad02dd0ec873b37ed2e6ca8bbf1
  SHA1: 07d3b6cb9cd54dc04d10c40af8d3deacd673e671
  SHA256: 982294094b87d40387d5e36cf8b7c3873449d6f8f01e8c058fc75d92f50ba18b
  SHA512: a703d095e8ad346d8b610d20efc70dcc3bc4df0f9e7da5ad9cd21bd9ec583c50
  Description: The classic greeting, and a good example
   The GNU hello program produces a familiar, friendly greeting.  It
   allows non-programmers to use a classic computer science tool which
   would otherwise be unavailable to them.
   .
   Seriously, though: this is an example of how to do a Debian package.
   It is the Debian version of the GNU Project's `hello world' program
   (which is itself an example for the GNU Project).
  Homepage: http://www.gnu.org/software/hello/

  Notice that the second Packages file has the SHA512 hash truncated to
  the length of a SHA256 hash.  This is because the space allocated in
  bytes2hex() is only sufficient for a SHA256 hash.  Patch attached.

  (Discovered while writing new build-dependency installation code for
  xdeb.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/856311/+subscriptions

More information about the foundations-bugs mailing list