[Bug 1098738] Re: apt-get source only checks md5 hashes in Sources files
Daniel Hartwig
mandyke at gmail.com
Thu Jan 31 02:30:47 UTC 2013
Integration test.
# pkg-sha256-bad has a bad SHA sum, but good MD5 sum. If apt is
# checking the best available hash (as it should), this will trigger
# a hash mismatch.
-- before patch:
Test for hash ok of apt-get source -d pkg-md5-ok … PASS
Test for hash ok of apt-get source -d pkg-sha256-ok … PASS
Test for hash mismatch of apt-get source -d pkg-sha256-bad … FAIL
-- after patch:
Test for hash ok of apt-get source -d pkg-md5-ok … PASS
Test for hash ok of apt-get source -d pkg-sha256-ok … PASS
Test for hash mismatch of apt-get source -d pkg-sha256-bad … PASS
** Attachment added: "test-debsrc-hashes"
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098738/+attachment/3508325/+files/test-debsrc-hashes
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1098738
Title:
apt-get source only checks md5 hashes in Sources files
Status in “apt” package in Ubuntu:
In Progress
Bug description:
'apt-get source' only validates the md5 hash in the Sources file.
Ideally, it should check the sha hashes also.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098738/+subscriptions
More information about the foundations-bugs
mailing list