On Wed, 17 Aug 2011 19:00:35 +0200 Christian Hofstaedtler <ch@grml.org> wrote: > * Paul Wise <pabs@debian.org> [110817 17:03]: > > On Wed, Aug 17, 2011 at 11:26 AM, Karl Goetz wrote: > > > > > Does this mean any derivative with a package from debian > > > currently older then 2008 has no sha-1? > > > > Yes, if they are directly importing Packages and Sources files > > rather than generating their own such files. > > > > > If so, should derivatives be rebuilding the > > > packages to ensure a sha1 is present? > > > > It should be enough to calculate the hashes that are missing. > > So one of the problems we're currently having is that reprepro > apparently won't add the missing SHA*Sums fields to existing > Packages/Sources entries, even though the checksums are in it's > database. > > Has anyone already worked around this? > I imagine we're not alone with reprepro. I don't know if apt-ftparchive/dpkg-scan{packages,source} are generating the sha* values, but they're not being inserted :) Might have to put together some awk to work out which packages need the attention. thanks, kk -- Karl Goetz, (Kamping_Kaiser / VK5FOSS) Debian contributor / gNewSense Maintainer http://www.kgoetz.id.au No, I won't join your social networking group
Attachment:
signature.asc
Description: PGP signature