Bug 511910 - apt-get unable to handle sha256 rpm checksums
Summary: apt-get unable to handle sha256 rpm checksums
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: apt
Version: 11
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 512518
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-15 15:42 UTC by Ralf Corsepius
Modified: 2019-11-23 03:53 UTC (History)
2 users (show)

Fixed In Version: 0.5.15lorg3.95-0.git416.5.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-11-24 07:42:47 UTC


Attachments (Terms of Use)
Support for SHA256 checksums (35.31 KB, patch)
2009-09-23 22:50 UTC, Sergey
no flags Details | Diff

Description Ralf Corsepius 2009-07-15 15:42:27 UTC
Description of problem:

F11's apt-get seems unable to handle sha256 rpm checksums. Likely it expects md5.

Version-Release number of selected component (if applicable):
apt-0.5.15lorg3.95-0.git416.4.fc11.i586

How reproducible:
Always

Steps to Reproduce:
1. yum install apt
2. yum remove autoconf
3. apt-get update
4. apt-get install autoconf
  
Actual results:

# apt-get install autoconf
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
   autoconf (2.63-2.fc11)
0 upgraded, 1 newly installed, 0 removed and 2 not upgraded.
Need to get 964kB of archives.
After unpacking 2605kB of additional disk space will be used.
Get:1 http://download.fedora.redhat.com fedora/linux/releases/11/Everything/i386/os/ autoconf 2.63-2.fc11 [964kB]
Fetched 964kB in 4s (217kB/s)    
Failed to fetch http://download.fedora.redhat.com/pub//fedora/linux/releases/11/Everything/i386/os//Packages/autoconf-2.63-2.fc11.noarch.rpm  MD5Sum mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Expected results:
Function

Additional info:

Comment 1 Axel Thimm 2009-07-15 16:54:00 UTC
Maybe bug #495633 is a duplicate of this one (or vice versa)?

Comment 2 Ralf Corsepius 2009-07-15 17:14:22 UTC
(In reply to comment #1)
> Maybe bug #495633 is a duplicate of this one (or vice versa)?  

Maybe, but md5sums errors can originate from various issues, esp. when taking into account the unstability and unreliability of Fedora's mirror.

My case:
# diff -s /var/cache/apt/archives/partial/autoconf-2.63-2.fc11.noarch.rpm.FAILED /var/ftp/pub/linux/mirrors/download.fedora.redhat.com/pub/fedora/linux/releases/11/Everything/i386/os/Packages/autoconf-2.63-2.fc11.noarch.rpm 
Files /var/cache/apt/archives/partial/autoconf-2.63-2.fc11.noarch.rpm.FAILED and /var/ftp/pub/linux/mirrors/download.fedora.redhat.com/pub/fedora/linux/releases/11/Everything/i386/os/Packages/autoconf-2.63-2.fc11.noarch.rpm are identical

# rpm -qip /var/cache/apt/archives/partial/autoconf-2.63-2.fc11.noarch.rpm.FAILED
Name        : autoconf                     Relocations: (not relocatable)
Version     : 2.63                              Vendor: Fedora Project
Release     : 2.fc11                        Build Date: Tue 24 Feb 2009 05:00:07 AM CET
Install Date: (not installed)               Build Host: x86-6.fedora.phx.redhat.com
Group       : Development/Tools             Source RPM: autoconf-2.63-2.fc11.src.rpm
Size        : 2605325                          License: GPLv2+ and GFDL
Signature   : RSA/8, Tue 10 Mar 2009 05:53:47 AM CET, Key ID 1dc5c758d22e77f2
Packager    : Fedora Project

Comment 3 Ralf Corsepius 2009-07-16 04:47:30 UTC
I had a short look into apt's source code. 

Unless I am missing something, apt indeed seems to lack support for sha256 checksums, rendering apt and all the FC11 + 3rd party apt-configs more or less worthless.

Comment 4 Panu Matilainen 2009-07-16 06:33:05 UTC
Oh ... yeah, apt has no chance of working with F >= 11 repositories due to sha256 checksum use in the repodata. As MD5 and SHA1 are largely hardwired into the guts of libapt-pkg, fixing that sanely would require a major surgery.

Given the sorry state apt has constantly been lately (several Fedora releases), maybe it's time to face the facts and pull the life-support plug on it.

Comment 5 Ralf Corsepius 2009-07-16 07:02:40 UTC
(In reply to comment #4)
> Oh ... yeah, apt has no chance of working with F >= 11 repositories due to
> sha256 checksum use in the repodata. As MD5 and SHA1 are largely hardwired into
> the guts of libapt-pkg, fixing that sanely would require a major surgery.
That's the same conclusion, I came to.

> Given the sorry state apt has constantly been lately (several Fedora releases),
> maybe it's time to face the facts and pull the life-support plug on it.  
Well, I'd rather not do so, because despite all the years yum is around, yum still occassionally is broken rsp. messes up installations, leaving apt as handy alternative to escape such situations.

[FWIW: Recently having encountered such a situation on FC11 (python-2.5->python-2.6 has killed yum during an FC10->FC11 upgrade) had been the reason which caused me to give apt a try after not having used apt for quite a while.]

That said, I'd rather see apt fixed or a work around be enabled. I don't recall the details, but didn't apt have a global option to ignore checksums?

Comment 6 Ralf Corsepius 2009-07-18 15:48:12 UTC
(In reply to comment #5)
> (In reply to comment #4)
> > Oh ... yeah, apt has no chance of working with F >= 11 repositories due to
> > sha256 checksum use in the repodata. As MD5 and SHA1 are largely hardwired into
> > the guts of libapt-pkg, fixing that sanely would require a major surgery.
> That's the same conclusion, I came to.

FWIW: I've implemented a hack to apt-rpm, which gets sha256 working again.

Unfortunately, this hack breaks apt's API ...

Comment 7 Sergey 2009-09-23 22:50:53 UTC
Created attachment 362369 [details]
Support for SHA256 checksums


Attached patch adds support for SHA256 checksums. With this patch apt works under both Fedora10 (sha1) and Fedora11 (sha256).

Comment 8 Fedora Update System 2009-11-20 19:51:17 UTC
apt-0.5.15lorg3.95-0.git416.5.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/apt-0.5.15lorg3.95-0.git416.5.fc12

Comment 9 Fedora Update System 2009-11-24 07:42:29 UTC
apt-0.5.15lorg3.95-0.git416.5.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2010-02-14 17:22:24 UTC
apt-0.5.15lorg3.95-0.git416.5.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/apt-0.5.15lorg3.95-0.git416.5.fc11

Comment 11 Fedora Update System 2010-02-16 13:08:19 UTC
apt-0.5.15lorg3.95-0.git416.5.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.