Bug#319142: apt: attempts to install corrupted packages

To: Andrew Suffield <asuffield@debian.org>
Cc: 319142@bugs.debian.org
Subject: Bug#319142: apt: attempts to install corrupted packages
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Wed, 20 Jul 2005 09:38:08 +0200
Message-id: <[🔎] 87fyuaapwf.fsf@informatik.uni-tuebingen.de>
Reply-to: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>, 319142@bugs.debian.org
In-reply-to: <[🔎] 20050720064402.GA27249@suffields.me.uk> (Andrew Suffield's message of "Wed, 20 Jul 2005 07:44:02 +0100")
References: <[🔎] 20050720064402.GA27249@suffields.me.uk>

Andrew Suffield <asuffield@debian.org> writes:

> Package: apt
> Severity: important
>
> asuffield@cyclone:~$ apt-cache show xfonts-scalable
> Package: xfonts-scalable
> ...
> Version: 6.8.2.dfsg.1-3
> ...
> MD5sum: 0e9e786a6220993510e2b9cfdbc65ee1
>
> Preparing to replace xfonts-scalable 4.3.0.dfsg.1-14 (using .../xfonts-scalable_6.8.2.dfsg.1-3_all.deb) ...
> Unpacking replacement xfonts-scalable ...
> dpkg: error processing /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb (--unpack):
>  corrupted filesystem tarfile - corrupted package archive: Success
> dpkg-deb: subprocess paste killed by signal (Broken pipe)
>
> asuffield@cyclone:~$ md5sum /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb
> a525d80fb0df950f4e9b0e3141c63d0c  /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb
>
> Not only is this broken and annoying, it indicates that the security
> checking code is completely non-functional.
>
> (There's nothing strange going on here. This is the tail end of a
> regular upgrade that left me with hundreds of packages properly
> installed and three dead ones)

Hi,

I can confirm this bus at least in part (see below).

Andrew: What does your sources.list look like? Do you have a local
mirror with the corrupted file (file or copy url)?

I did some testing, purposefully corrupting a deb, to see what gets
checked and what not (apt 0.6.38):

Appending to the deb:

Failed to fetch http://frosties/debian/pool/main/3/3dchess/3dchess_0.8.1-11_amd64.deb  Size mismatch
Failed to fetch file:///var/lib/amd64-archive/pool/non-free/r/rar/rar_3.30-2-0.0.0.local.1_amd64.deb  Size mismatch

Changing a byte:

Failed to fetch http://frosties/debian/pool/main/3/3dchess/3dchess_0.8.1-11_amd64.deb  MD5Sum mismatch
Unpacking rar (from .../rar_3.30-2-0.0.0.local.1_amd64.deb) ...
Setting up rar (3.30-2-0.0.0.local.1) ...

Urgs, this didn't even trigger a gzip error.

$ md5sum /var/lib/amd64-archive/pool/non-free/r/rar/*
86f0f21855bb0c055ea4efb27f505d14  /var/lib/amd64-archive/pool/non-free/r/rar/rar_3.30-2-0.0.0.local.1_amd64.deb
8567ca516885da5eedc06e8fa76a0ff5  /var/lib/amd64-archive/pool/non-free/r/rar/rar_3.30-2-0.0.0.local.1_amd64.deb.orig

Package: rar
Version: 3.30-2-0.0.0.local.1
MD5sum: 8567ca516885da5eedc06e8fa76a0ff5

So I can confirm the bug for file (and copy) urls. Is that because
apt-get considers them local and they don't go through
/var/lib/apt/cache/partial?

MfG
        Goswin

Reply to:

Follow-Ups:
- Bug#319142: apt: attempts to install corrupted packages
  - From: Michael Vogt <michael.vogt@ubuntu.com>

References:
- Bug#319142: apt: attempts to install corrupted packages
  - From: Andrew Suffield <asuffield@debian.org>

Prev by Date: Bug#319142: apt: attempts to install corrupted packages
Next by Date: Bug#173215: It's climbing, don't miss_IGTS This week muzzle
Previous by thread: Bug#319142: apt: attempts to install corrupted packages
Next by thread: Bug#319142: apt: attempts to install corrupted packages
Index(es):
- Date
- Thread