On Wed, 17 Aug 2011 19:00:35 +0200
Christian Hofstaedtler <ch@grml.org> wrote:
> * Paul Wise <pabs@debian.org> [110817 17:03]:
> > On Wed, Aug 17, 2011 at 11:26 AM, Karl Goetz wrote:
> >
> > > Does this mean any derivative with a package from debian
> > > currently older then 2008 has no sha-1?
> >
> > Yes, if they are directly importing Packages and Sources files
> > rather than generating their own such files.
> >
> > > If so, should derivatives be rebuilding the
> > > packages to ensure a sha1 is present?
> >
> > It should be enough to calculate the hashes that are missing.
>
> So one of the problems we're currently having is that reprepro
> apparently won't add the missing SHA*Sums fields to existing
> Packages/Sources entries, even though the checksums are in it's
> database.
>
> Has anyone already worked around this?
> I imagine we're not alone with reprepro.
I don't know if apt-ftparchive/dpkg-scan{packages,source} are
generating the sha* values, but they're not being inserted :)
Might have to put together some awk to work out which packages need the
attention.
thanks,
kk
--
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
http://www.kgoetz.id.au
No, I won't join your social networking group
Attachment:
signature.asc
Description: PGP signature