Package: debian-cd Version: 3.0.2 Severity: serious Tags: patch I'm classifying this as serious as this makes the Release file invalid and thus breaks the CD image. I found this bug because debootstrap threw an error during an installation that Packages.gz was invalid. The install did continue, probably because Packages was valid, but the red error screen is still extremely disturbing. I maybe worth fixing this for Etch as well. The problem is in the function md5_files_for_release in tools/make_disc_trees.pl where it recompresses the Packages file, overwriting an existing Packages.gz file. This function is called with a list of files from a 'find'. These files are processed one-by-one, but apparently the order is not fixed. If the order of the files is Packages-Packages.gz, then all is well: first Packages is gzipped again and next the md5sum for the new Packages.gz is determined. If the order of the files is Packages.gz-Packages, then first the md5sum for Packages.gz is determined but after that it gets overwritten by the recompression of Packages (with even a much higher compression rate), which explains the discrepancy of the md5sum and file size between the Packages.gz file and its listing in the Release file. That the order is reversed is shown by how they appear in the Release file: in my case the .gz file is listed above the regular one. The attached patch fixes the issue by splitting out the recompression into a separate function. Cheers, FJP
Index: tools/make_disc_trees.pl =================================================================== --- tools/make_disc_trees.pl (revision 1412) +++ tools/make_disc_trees.pl (working copy) @@ -350,17 +350,23 @@ return ($md5, $st->size); } -sub md5_files_for_release { - my ($md5, $size, $filename); +sub recompress { + # Recompress the Packages and Sources files; workaround for bug + # #402482 + my ($filename); $filename = $File::Find::name; - # Recompress the Packages and Sources files; workaround for bug - # #402482 if ($filename =~ m/\/.*\/(Packages|Sources)$/o) { system("gzip -9c < $_ >$_.gz"); } +} +sub md5_files_for_release { + my ($md5, $size, $filename); + + $filename = $File::Find::name; + if ($filename =~ m/\/.*\/(Packages|Sources|Release)/o) { $filename =~ s/^\.\///g; ($md5, $size) = md5_file($_); @@ -521,6 +527,7 @@ chdir "dists/$codename"; open(RELEASE, ">>Release") || die "Failed to open Release file: $!\n"; print RELEASE "MD5Sum:\n"; + find (\&recompress, "."); find (\&md5_files_for_release, "."); close(RELEASE); chdir("../..");
Attachment:
pgpAUvrQ2Kl3y.pgp
Description: PGP signature