[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#423835: debian-cd: Incorrect md5sum for Packages.gz files in Release file

Package: debian-cd
Version: 3.0.2
Severity: serious
Tags: patch

I'm classifying this as serious as this makes the Release file invalid and 
thus breaks the CD image. I found this bug because debootstrap threw an 
error during an installation that Packages.gz was invalid. The install 
did continue, probably because Packages was valid, but the red error 
screen is still extremely disturbing.
I maybe worth fixing this for Etch as well.

The problem is in the function md5_files_for_release in 
tools/make_disc_trees.pl where it recompresses the Packages file, 
overwriting an existing Packages.gz file. This function is called with a 
list of files from a 'find'. These files are processed one-by-one, but 
apparently the order is not fixed. 

If the order of the files is Packages-Packages.gz, then all is well: first 
Packages is gzipped again and next the md5sum for the new Packages.gz is 
If the order of the files is Packages.gz-Packages, then first the md5sum 
for Packages.gz is determined but after that it gets overwritten by the 
recompression of Packages (with even a much higher compression rate), 
which explains the discrepancy of the md5sum and file size between the 
Packages.gz file and its listing in the Release file.

That the order is reversed is shown by how they appear in the Release 
file: in my case the .gz file is listed above the regular one.

The attached patch fixes the issue by splitting out the recompression into 
a separate function.


Index: tools/make_disc_trees.pl
--- tools/make_disc_trees.pl	(revision 1412)
+++ tools/make_disc_trees.pl	(working copy)
@@ -350,17 +350,23 @@
 	return ($md5, $st->size);
-sub md5_files_for_release {
-	my ($md5, $size, $filename);
+sub recompress {
+	# Recompress the Packages and Sources files; workaround for bug
+	# #402482
+	my ($filename);
 	$filename = $File::Find::name;
-	# Recompress the Packages and Sources files; workaround for bug
-	# #402482
 	if ($filename =~ m/\/.*\/(Packages|Sources)$/o) {
 		system("gzip -9c < $_ >$_.gz");
+sub md5_files_for_release {
+	my ($md5, $size, $filename);
+	$filename = $File::Find::name;
 	if ($filename =~ m/\/.*\/(Packages|Sources|Release)/o) {
 		$filename =~ s/^\.\///g;
 		($md5, $size) = md5_file($_);
@@ -521,6 +527,7 @@
 	chdir "dists/$codename";
 	open(RELEASE, ">>Release") || die "Failed to open Release file: $!\n";
 	print RELEASE "MD5Sum:\n";
+	find (\&recompress, ".");
 	find (\&md5_files_for_release, ".");

Attachment: pgpAUvrQ2Kl3y.pgp
Description: PGP signature

Reply to: