[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Upgrading to Wheezy issues



Dear Skolelinux community,

we attempted to upgrade a Skolelinx server from Squeeze to Wheezy (and planned to progress to Jessie later on, of course) and run into the following issue. As an example, I'd like to pick the "slbackup" package:


md5sum says:

~> md5sum slbackup_0.0.12-5~edu70+1_all.deb
7e72a33d83d3185abe66278c1b01b67e slbackup_0.0.12-5~edu70+1_all.deb

but http://ftp.skolelinux.org/skolelinux/dists/wheezy/local/binary-amd64/Packages states

MD5sum: 83d3185abe66278c1b01b67e98d69f57
SHA1: a23c8598901c18fa16dc18128e6b668ef2de7f61
SHA256: 4dc74d5da14c7b8d5bcc55fcfc40660991255d074142d9f0b2461e3200000000

Only the SHA512 value matches the one we calculated locally, MD5, SHA1 and SHA256 are screwed.

There is an indication that there might be somewhere something broken with string manipulation as e.g. the MD5 sums we got match a substring of the one given on the project web page. This gets more obvious if written like this:

7e72a33d 83d3185abe66278c1b01b67e
........ 83d3185abe66278c1b01b67e  98d69f57


I picked a few more Skolelinux Wheezy packages and all of them showed the same issue with the hashes. I suspect that there is a bug in the packaging tool chain the project team might not be aware of.

Without a working upstream repository, an upgrade won't be possible.

Some questions arise for me:

* Is that issue already known?
* if so, are there any solutions proposed?
* is this the right place to ask and if not, who else should I ask?

Thank you all in advance
and best regards

Peter Dreuw
 
--

Peter Dreuw
Berater
Tel.:  +49 2166 9901-155
Fax:   +49 2166 9901-100
E-Mail: Peter.Dreuw@credativ.de

gpg fingerprint: 33B0 82D3 D103 B594 E7D3  53C7 FBB6 3BD0 DB32 ED41
http://www.credativ.de/

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer

Attachment: 0xDB32ED41.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: