[Bug 1234705] Re: apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources

[Colin Watson]

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1234705

Title:
  apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Committed
Status in “apt” source package in Quantal:
  Fix Committed
Status in “apt” source package in Raring:
  Fix Committed

Bug description:
  [Impact] apt-ftparchive generates SHA256 checksums for .dsc files and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive, although only for .dsc files that contain Checksums-Sha512 (which is not yet the default).
  [Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc with the Checksums-Sha512 field (you may need to generate one manually).  Check that the filled-in checksum for the .dsc itself is correct.
  [Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.

  When apt-ftparchive is called upon to generate SHA512 checksums for a
  .dsc file that itself contains a Checksums-Sha512 field, the version
  in precise, quantal, and raring generate a SHA256 checksum instead and
  claim it's SHA512.  This is due to this line which is obviously
  incorrect once you notice it:

    SHA256Summation SHA512;

  We need to fix this before Launchpad production is upgraded from lucid
  to precise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1234705/+subscriptions