[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#423835: marked as done (debian-cd: Incorrect md5sum for Packages.gz files in Release file)

Your message dated Sat, 01 Sep 2007 23:17:02 +0000
with message-id <E1IRcD8-0006QG-GR@ries.debian.org>
and subject line Bug#423835: fixed in debian-cd 3.0.3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: debian-cd
Version: 3.0.2
Severity: serious
Tags: patch

I'm classifying this as serious as this makes the Release file invalid and 
thus breaks the CD image. I found this bug because debootstrap threw an 
error during an installation that Packages.gz was invalid. The install 
did continue, probably because Packages was valid, but the red error 
screen is still extremely disturbing.
I maybe worth fixing this for Etch as well.

The problem is in the function md5_files_for_release in 
tools/make_disc_trees.pl where it recompresses the Packages file, 
overwriting an existing Packages.gz file. This function is called with a 
list of files from a 'find'. These files are processed one-by-one, but 
apparently the order is not fixed. 

If the order of the files is Packages-Packages.gz, then all is well: first 
Packages is gzipped again and next the md5sum for the new Packages.gz is 
If the order of the files is Packages.gz-Packages, then first the md5sum 
for Packages.gz is determined but after that it gets overwritten by the 
recompression of Packages (with even a much higher compression rate), 
which explains the discrepancy of the md5sum and file size between the 
Packages.gz file and its listing in the Release file.

That the order is reversed is shown by how they appear in the Release 
file: in my case the .gz file is listed above the regular one.

The attached patch fixes the issue by splitting out the recompression into 
a separate function.


Index: tools/make_disc_trees.pl
--- tools/make_disc_trees.pl	(revision 1412)
+++ tools/make_disc_trees.pl	(working copy)
@@ -350,17 +350,23 @@
 	return ($md5, $st->size);
-sub md5_files_for_release {
-	my ($md5, $size, $filename);
+sub recompress {
+	# Recompress the Packages and Sources files; workaround for bug
+	# #402482
+	my ($filename);
 	$filename = $File::Find::name;
-	# Recompress the Packages and Sources files; workaround for bug
-	# #402482
 	if ($filename =~ m/\/.*\/(Packages|Sources)$/o) {
 		system("gzip -9c < $_ >$_.gz");
+sub md5_files_for_release {
+	my ($md5, $size, $filename);
+	$filename = $File::Find::name;
 	if ($filename =~ m/\/.*\/(Packages|Sources|Release)/o) {
 		$filename =~ s/^\.\///g;
 		($md5, $size) = md5_file($_);
@@ -521,6 +527,7 @@
 	chdir "dists/$codename";
 	open(RELEASE, ">>Release") || die "Failed to open Release file: $!\n";
 	print RELEASE "MD5Sum:\n";
+	find (\&recompress, ".");
 	find (\&md5_files_for_release, ".");

Attachment: pgpEdmFFw8rOo.pgp
Description: PGP signature

--- End Message ---
--- Begin Message ---
Source: debian-cd
Source-Version: 3.0.3

We believe that the bug you reported is fixed in the latest version of
debian-cd, which is due to be installed in the Debian FTP archive:

  to pool/main/d/debian-cd/debian-cd_3.0.3.dsc
  to pool/main/d/debian-cd/debian-cd_3.0.3.tar.gz
  to pool/main/d/debian-cd/debian-cd_3.0.3_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 423835@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Steve McIntyre <93sam@debian.org> (supplier of updated debian-cd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Sat, 01 Sep 2007 23:58:42 +0100
Source: debian-cd
Binary: debian-cd
Architecture: source all
Version: 3.0.3
Distribution: unstable
Urgency: low
Maintainer: Debian CD Group <debian-cd@lists.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
 debian-cd  - Tools for building (Official) Debian CD set
Closes: 418195 423463 423835 425600 437497
 debian-cd (3.0.3) unstable; urgency=low
   [ Steve McIntyre ]
   * In start_new_disc, cope with $DEBVERSION containing spaces.
   * Only put the release notes and installation guide on disc#1.
   * In list2cds, don't add udebs in the final COMPLETE run -
     they're no use there.
   * Add some munging on the Release files if we're not building
     for "testing". Used in the etch release, and I'll back it out shortly.
   * Copied etch files to lenny ready for the new testing work.
   [ Frans Pop ]
   * Clean up: remove files for potato and woody releases.
   [ Steve McIntyre ]
   * Removed m68k from the list of arches in generate_di+k_list and
     generate_di_list to reduce warnings.
   * Updated comments in update-cd; potato was a while ago!
   * It seems the changes for 3.0.0 completely broke extranonfree
     support. Re-add it.
   [ Frans Pop ]
   * Dann Frazier has taken over from Jeff Bailey for daily IA64 D-I builds.
   * General update the template for the README file; explain the difference
     between small and full images better. Closes: #418195.
   [ Steve McIntyre ]
   * Re-added DEBOOTSTRAP_DIR definition in the Makefile
   * Don't hack with the Release file unless EARLY_BUILD_HACK=1.
     Closes: #423463
   [ Joey Hess ]
   * Remove pcmcia-cs-udeb from udeb_include; we don't need this udeb with
     modern kernels. (We didn't need it for etch either actually.)
   [ Steve McIntyre ]
   * Fix for multi-arch CDs including source - the extranonfree update
     broke the source output
   [ Frans Pop ]
   * Include both dhcp-client-udeb and dhcp3-client udeb while we're
     transitioning in the installer.
   * Exclude live-installer, simple-cdd, pwgen and nbd udebs as they are
     currently not used in Debian Installer.
   * Remove support for sparc32 as it is no longer supported for Lenny.
   [ Steve McIntyre ]
   * Update unstable-map: in the Makefile - use lenny rather than etch
   [ Petter Reinholdtsen ]
   * Update tools/grab_md5 to use the same variable name (SUITE->CODENAME)
     as the rest of the code, to reduce confusion.
   [ Joey Hess ]
   * Drop old with26 cruft for lenny.
   * Update lenny's isolinux.bin to the one from syslinux 3.51-1
   * Parse isolinux.cfg case-insensatively.
   * Merge boot-i386 and boot-amd64 into boot-x86.
   [ Otavio Salvador ]
   * Fix extranonfree support to be backward compatible with previous
     behaviour (default to false)
   * Create dpkg status file before calling APT
   [ Steve McIntyre ]
   * Fix boot-x86 shell syntax so it runs
   * Further logic fixing in boot-x86: amd64 should now work
   * Temporary fixup for daily lenny sparc builds - use older image locations
     if new ones not available.
   * Remove Build-Dep-Indep on sysutils. Closes: #437497
   * In build.sh, use $DI_CODENAME for installer task files rather than
     $CODENAME - allows for sid builds more easily etc.
   * Recompress the Packages files separately just before generating
     Release files. Closes: #423835, thanks to fjp for the patch.
   * Check if required base packages might also be supplied by a local
     repository too, not just the main distribution. Closes: #425600
   * Merge update-cd changes across from the version in etch.
 daac0d046074e750355b1c09478bc7f3 710 admin extra debian-cd_3.0.3.dsc
 05bbf4d1b26e7fabfceeff78793e4668 934775 admin extra debian-cd_3.0.3.tar.gz
 3c40ab3f277e7b27ff4b16a70ca1d002 929546 admin extra debian-cd_3.0.3_all.deb

Version: GnuPG v1.4.6 (GNU/Linux)


--- End Message ---

Reply to: