Bug#762079: apt: Hash Sum mismatch while sum checks since security update

To: beuc@debian.org, 762079@bugs.debian.org
Subject: Bug#762079: apt: Hash Sum mismatch while sum checks since security update
From: Michael Vogt <mvo@debian.org>
Date: Thu, 18 Sep 2014 11:25:40 +0200
Message-id: <[🔎] 20140918092540.GL28742@bod>
Reply-to: Michael Vogt <mvo@debian.org>, 762079@bugs.debian.org
In-reply-to: <[🔎] 20140918082641.GA4307@mail.beuc.net>
References: <[🔎] 20140918082641.GA4307@mail.beuc.net>

On Thu, Sep 18, 2014 at 10:26:41AM +0200, beuc@debian.org wrote:
> Package: apt
> Version: 0.9.7.9+deb7u3
> Severity: important

Thanks for your bugreport.

[..] 
> W: Failed to fetch file:/usr/src/debian-repository/local/Packages  Hash Sum mismatch
> 
> E: Some index files failed to download. They have been ignored, or old ones used instead.
[..]
> Interestingly, right after building the local packages, my autobuild
> script issue a 'apt-get update' that completes successfully.  But when
> I issue another 'apt-get update' even one second later I get the above
> behavior.  Regenerating the packages produced the same behavior.
>
> 
> But everything checks! What's wrong?

There is a regression in the recent security update that causes
file:/// uris that are on a different partition (or nfs) than the apt
lists dir to misbehave. The fix is commited as 
http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=debian/wheezy&id=3fa61cd604da1a4d744cebf3fbb747bf7c80bf91

and we will upload fixed packages shortly. If you could test the fix
that would be much appreciated.

Sorry for the trouble,
 Michael
 
> Cheers!
> Sylvain
> 
> -- Package-specific info:
> 
> -- apt-config dump --
> 
> APT "";
> APT::Architecture "amd64";
> APT::Build-Essential "";
> APT::Build-Essential:: "build-essential";
> APT::Install-Recommends "1";
> APT::Install-Suggests "0";
> APT::Authentication "";
> APT::Authentication::TrustCDROM "true";
> APT::NeverAutoRemove "";
> APT::NeverAutoRemove:: "^firmware-linux.*";
> APT::NeverAutoRemove:: "^linux-firmware$";
> APT::NeverAutoRemove:: "^linux-image.*";
> APT::NeverAutoRemove:: "^kfreebsd-image.*";
> APT::NeverAutoRemove:: "^linux-restricted-modules.*";
> APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
> APT::NeverAutoRemove:: "^gnumach$";
> APT::NeverAutoRemove:: "^gnumach-image.*";
> APT::Never-MarkAuto-Sections "";
> APT::Never-MarkAuto-Sections:: "metapackages";
> APT::Never-MarkAuto-Sections:: "restricted/metapackages";
> APT::Never-MarkAuto-Sections:: "universe/metapackages";
> APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
> APT::Never-MarkAuto-Sections:: "oldlibs";
> APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
> APT::Never-MarkAuto-Sections:: "universe/oldlibs";
> APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
> APT::Periodic "";
> APT::Periodic::Update-Package-Lists "1";
> APT::Periodic::Download-Upgradeable-Packages "0";
> APT::Periodic::AutocleanInterval "0";
> APT::Update "";
> APT::Update::Post-Invoke "";
> APT::Update::Post-Invoke:: "touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";
> APT::Archives "";
> APT::Archives::MaxAge "30";
> APT::Archives::MinAge "2";
> APT::Archives::MaxSize "500";
> APT::Architectures "";
> APT::Architectures:: "amd64";
> APT::Compressor "";
> APT::Compressor::. "";
> APT::Compressor::.::Name ".";
> APT::Compressor::.::Extension "";
> APT::Compressor::.::Binary "";
> APT::Compressor::.::Cost "1";
> APT::Compressor::gzip "";
> APT::Compressor::gzip::Name "gzip";
> APT::Compressor::gzip::Extension ".gz";
> APT::Compressor::gzip::Binary "gzip";
> APT::Compressor::gzip::Cost "2";
> APT::Compressor::gzip::CompressArg "";
> APT::Compressor::gzip::CompressArg:: "-9n";
> APT::Compressor::gzip::UncompressArg "";
> APT::Compressor::gzip::UncompressArg:: "-d";
> APT::Compressor::bzip2 "";
> APT::Compressor::bzip2::Name "bzip2";
> APT::Compressor::bzip2::Extension ".bz2";
> APT::Compressor::bzip2::Binary "bzip2";
> APT::Compressor::bzip2::Cost "3";
> APT::Compressor::bzip2::CompressArg "";
> APT::Compressor::bzip2::CompressArg:: "-9";
> APT::Compressor::bzip2::UncompressArg "";
> APT::Compressor::bzip2::UncompressArg:: "-d";
> APT::Compressor::xz "";
> APT::Compressor::xz::Name "xz";
> APT::Compressor::xz::Extension ".xz";
> APT::Compressor::xz::Binary "xz";
> APT::Compressor::xz::Cost "4";
> APT::Compressor::xz::CompressArg "";
> APT::Compressor::xz::CompressArg:: "-6";
> APT::Compressor::xz::UncompressArg "";
> APT::Compressor::xz::UncompressArg:: "-d";
> APT::Compressor::lzma "";
> APT::Compressor::lzma::Name "lzma";
> APT::Compressor::lzma::Extension ".lzma";
> APT::Compressor::lzma::Binary "xz";
> APT::Compressor::lzma::Cost "5";
> APT::Compressor::lzma::CompressArg "";
> APT::Compressor::lzma::CompressArg:: "--format=lzma";
> APT::Compressor::lzma::CompressArg:: "-9";
> APT::Compressor::lzma::UncompressArg "";
> APT::Compressor::lzma::UncompressArg:: "--format=lzma";
> APT::Compressor::lzma::UncompressArg:: "-d";
> APT::Compressor::::Name "";
> APT::Compressor::::Extension ".";
> APT::Compressor::::Binary "";
> APT::Compressor::::Cost "100";
> APT::Compressor::::CompressArg "";
> APT::Compressor::::CompressArg:: "-9";
> APT::Compressor::::UncompressArg "";
> APT::Compressor::::UncompressArg:: "-d";
> Dir "/";
> Dir::State "var/lib/apt/";
> Dir::State::lists "lists/";
> Dir::State::cdroms "cdroms.list";
> Dir::State::mirrors "mirrors/";
> Dir::State::extended_states "extended_states";
> Dir::State::status "/var/lib/dpkg/status";
> Dir::Cache "var/cache/apt/";
> Dir::Cache::archives "archives/";
> Dir::Cache::srcpkgcache "srcpkgcache.bin";
> Dir::Cache::pkgcache "pkgcache.bin";
> Dir::Etc "etc/apt/";
> Dir::Etc::sourcelist "sources.list";
> Dir::Etc::sourceparts "sources.list.d";
> Dir::Etc::vendorlist "vendors.list";
> Dir::Etc::vendorparts "vendors.list.d";
> Dir::Etc::main "apt.conf";
> Dir::Etc::netrc "auth.conf";
> Dir::Etc::parts "apt.conf.d";
> Dir::Etc::preferences "preferences";
> Dir::Etc::preferencesparts "preferences.d";
> Dir::Etc::trusted "trusted.gpg";
> Dir::Etc::trustedparts "trusted.gpg.d";
> Dir::Bin "";
> Dir::Bin::methods "/usr/lib/apt/methods";
> Dir::Bin::solvers "";
> Dir::Bin::solvers:: "/usr/lib/apt/solvers";
> Dir::Bin::dpkg "/usr/bin/dpkg";
> Dir::Bin::bzip2 "/bin/bzip2";
> Dir::Bin::xz "/usr/bin/xz";
> Dir::Media "";
> Dir::Media::MountPath "/media/apt";
> Dir::Log "var/log/apt";
> Dir::Log::Terminal "term.log";
> Dir::Log::History "history.log";
> Dir::Ignore-Files-Silently "";
> Dir::Ignore-Files-Silently:: "~$";
> Dir::Ignore-Files-Silently:: "\.disabled$";
> Dir::Ignore-Files-Silently:: "\.bak$";
> Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
> Dir::Ignore-Files-Silently:: "\.save$";
> Dir::Ignore-Files-Silently:: "\.orig$";
> Acquire "";
> Acquire::cdrom "";
> Acquire::cdrom::mount "/media/cdrom/";
> Acquire::Languages "";
> Acquire::Languages:: "en";
> Acquire::Languages:: "none";
> DPkg "";
> DPkg::Pre-Install-Pkgs "";
> DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
> DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
> DPkg::Tools "";
> DPkg::Tools::Options "";
> DPkg::Tools::Options::/usr/bin/apt-listchanges "";
> DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
> DPkg::Post-Invoke "";
> DPkg::Post-Invoke:: "if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; if [ -e /var/lib/update-notifier/updates-available ]; then echo > /var/lib/update-notifier/updates-available; fi ";
> CommandLine "";
> CommandLine::AsString "apt-config dump";
> 
> -- (no /etc/apt/preferences present) --
> 
> 
> -- /etc/apt/sources.list --
> 
> # This file is under Puppet Control.
> # Any local changes will be lost
> 
> deb http://ftp.debian.org/debian wheezy main contrib
> deb-src http://ftp.debian.org/debian wheezy main contrib
> 
> deb http://security.debian.org wheezy/updates main contrib
> deb-src http://security.debian.org wheezy/updates main contrib
> 
> 
> -- System Information:
> Debian Release: 7.6
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages apt depends on:
> ii  debian-archive-keyring  2012.4
> ii  gnupg                   1.4.12-7+deb7u6
> ii  libapt-pkg4.12          0.9.7.9+deb7u3
> ii  libc6                   2.13-38+deb7u4
> ii  libgcc1                 1:4.7.2-5
> ii  libstdc++6              4.7.2-5
> 
> apt recommends no packages.
> 
> Versions of packages apt suggests:
> pn  apt-doc     <none>
> ii  aptitude    0.6.8.2-1
> ii  dpkg-dev    1.16.15
> ii  python-apt  0.8.8.2
> ii  xz-utils    5.1.1alpha+20120614-2
> 
> -- no debconf information
> Report will be sent to "Debian Bug Tracking System" <submit@bugs.debian.org>
> 
> 
> -- 
> To UNSUBSCRIBE, email to deity-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20140918082641.GA4307@mail.beuc.net">https://lists.debian.org/[🔎] 20140918082641.GA4307@mail.beuc.net
>

Reply to:

Follow-Ups:
- Bug#762079: apt: Hash Sum mismatch while sum checks since security update
  - From: beuc@debian.org

References:
- Bug#762079: apt: Hash Sum mismatch while sum checks since security update
  - From: beuc@debian.org

Prev by Date: Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Next by Date: Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Previous by thread: Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Next by thread: Bug#762079: apt: Hash Sum mismatch while sum checks since security update
Index(es):
- Date
- Thread