Description of problem:
F11's apt-get seems unable to handle sha256 rpm checksums. Likely it expects md5.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. yum install apt
2. yum remove autoconf
3. apt-get update
4. apt-get install autoconf
# apt-get install autoconf
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 removed and 2 not upgraded.
Need to get 964kB of archives.
After unpacking 2605kB of additional disk space will be used.
Get:1 http://download.fedora.redhat.com fedora/linux/releases/11/Everything/i386/os/ autoconf 2.63-2.fc11 [964kB]
Fetched 964kB in 4s (217kB/s)
Failed to fetch http://download.fedora.redhat.com/pub//fedora/linux/releases/11/Everything/i386/os//Packages/autoconf-2.63-2.fc11.noarch.rpm MD5Sum mismatch
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Maybe bug #495633 is a duplicate of this one (or vice versa)?
(In reply to comment #1)
> Maybe bug #495633 is a duplicate of this one (or vice versa)?
Maybe, but md5sums errors can originate from various issues, esp. when taking into account the unstability and unreliability of Fedora's mirror.
# diff -s /var/cache/apt/archives/partial/autoconf-2.63-2.fc11.noarch.rpm.FAILED /var/ftp/pub/linux/mirrors/download.fedora.redhat.com/pub/fedora/linux/releases/11/Everything/i386/os/Packages/autoconf-2.63-2.fc11.noarch.rpm
Files /var/cache/apt/archives/partial/autoconf-2.63-2.fc11.noarch.rpm.FAILED and /var/ftp/pub/linux/mirrors/download.fedora.redhat.com/pub/fedora/linux/releases/11/Everything/i386/os/Packages/autoconf-2.63-2.fc11.noarch.rpm are identical
# rpm -qip /var/cache/apt/archives/partial/autoconf-2.63-2.fc11.noarch.rpm.FAILED
Name : autoconf Relocations: (not relocatable)
Version : 2.63 Vendor: Fedora Project
Release : 2.fc11 Build Date: Tue 24 Feb 2009 05:00:07 AM CET
Install Date: (not installed) Build Host: x86-6.fedora.phx.redhat.com
Group : Development/Tools Source RPM: autoconf-2.63-2.fc11.src.rpm
Size : 2605325 License: GPLv2+ and GFDL
Signature : RSA/8, Tue 10 Mar 2009 05:53:47 AM CET, Key ID 1dc5c758d22e77f2
Packager : Fedora Project
I had a short look into apt's source code.
Unless I am missing something, apt indeed seems to lack support for sha256 checksums, rendering apt and all the FC11 + 3rd party apt-configs more or less worthless.
Oh ... yeah, apt has no chance of working with F >= 11 repositories due to sha256 checksum use in the repodata. As MD5 and SHA1 are largely hardwired into the guts of libapt-pkg, fixing that sanely would require a major surgery.
Given the sorry state apt has constantly been lately (several Fedora releases), maybe it's time to face the facts and pull the life-support plug on it.
(In reply to comment #4)
> Oh ... yeah, apt has no chance of working with F >= 11 repositories due to
> sha256 checksum use in the repodata. As MD5 and SHA1 are largely hardwired into
> the guts of libapt-pkg, fixing that sanely would require a major surgery.
That's the same conclusion, I came to.
> Given the sorry state apt has constantly been lately (several Fedora releases),
> maybe it's time to face the facts and pull the life-support plug on it.
Well, I'd rather not do so, because despite all the years yum is around, yum still occassionally is broken rsp. messes up installations, leaving apt as handy alternative to escape such situations.
[FWIW: Recently having encountered such a situation on FC11 (python-2.5->python-2.6 has killed yum during an FC10->FC11 upgrade) had been the reason which caused me to give apt a try after not having used apt for quite a while.]
That said, I'd rather see apt fixed or a work around be enabled. I don't recall the details, but didn't apt have a global option to ignore checksums?
(In reply to comment #5)
> (In reply to comment #4)
> > Oh ... yeah, apt has no chance of working with F >= 11 repositories due to
> > sha256 checksum use in the repodata. As MD5 and SHA1 are largely hardwired into
> > the guts of libapt-pkg, fixing that sanely would require a major surgery.
> That's the same conclusion, I came to.
FWIW: I've implemented a hack to apt-rpm, which gets sha256 working again.
Unfortunately, this hack breaks apt's API ...
Created attachment 362369 [details]
Support for SHA256 checksums
Attached patch adds support for SHA256 checksums. With this patch apt works under both Fedora10 (sha1) and Fedora11 (sha256).
apt-0.5.15lorg3.95-0.git416.5.fc12 has been submitted as an update for Fedora 12.
apt-0.5.15lorg3.95-0.git416.5.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
apt-0.5.15lorg3.95-0.git416.5.fc11 has been submitted as an update for Fedora 11.
apt-0.5.15lorg3.95-0.git416.5.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.