Bug#319142: apt: attempts to install corrupted packages
Andrew Suffield <asuffield@debian.org> writes:
> Package: apt
> Severity: important
>
> asuffield@cyclone:~$ apt-cache show xfonts-scalable
> Package: xfonts-scalable
> ...
> Version: 6.8.2.dfsg.1-3
> ...
> MD5sum: 0e9e786a6220993510e2b9cfdbc65ee1
>
> Preparing to replace xfonts-scalable 4.3.0.dfsg.1-14 (using .../xfonts-scalable_6.8.2.dfsg.1-3_all.deb) ...
> Unpacking replacement xfonts-scalable ...
> dpkg: error processing /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb (--unpack):
> corrupted filesystem tarfile - corrupted package archive: Success
> dpkg-deb: subprocess paste killed by signal (Broken pipe)
>
> asuffield@cyclone:~$ md5sum /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb
> a525d80fb0df950f4e9b0e3141c63d0c /var/cache/apt/archives/xfonts-scalable_6.8.2.dfsg.1-3_all.deb
>
> Not only is this broken and annoying, it indicates that the security
> checking code is completely non-functional.
>
> (There's nothing strange going on here. This is the tail end of a
> regular upgrade that left me with hundreds of packages properly
> installed and three dead ones)
Hi,
I can confirm this bus at least in part (see below).
Andrew: What does your sources.list look like? Do you have a local
mirror with the corrupted file (file or copy url)?
I did some testing, purposefully corrupting a deb, to see what gets
checked and what not (apt 0.6.38):
Appending to the deb:
Failed to fetch http://frosties/debian/pool/main/3/3dchess/3dchess_0.8.1-11_amd64.deb Size mismatch
Failed to fetch file:///var/lib/amd64-archive/pool/non-free/r/rar/rar_3.30-2-0.0.0.local.1_amd64.deb Size mismatch
Changing a byte:
Failed to fetch http://frosties/debian/pool/main/3/3dchess/3dchess_0.8.1-11_amd64.deb MD5Sum mismatch
Unpacking rar (from .../rar_3.30-2-0.0.0.local.1_amd64.deb) ...
Setting up rar (3.30-2-0.0.0.local.1) ...
Urgs, this didn't even trigger a gzip error.
$ md5sum /var/lib/amd64-archive/pool/non-free/r/rar/*
86f0f21855bb0c055ea4efb27f505d14 /var/lib/amd64-archive/pool/non-free/r/rar/rar_3.30-2-0.0.0.local.1_amd64.deb
8567ca516885da5eedc06e8fa76a0ff5 /var/lib/amd64-archive/pool/non-free/r/rar/rar_3.30-2-0.0.0.local.1_amd64.deb.orig
Package: rar
Version: 3.30-2-0.0.0.local.1
MD5sum: 8567ca516885da5eedc06e8fa76a0ff5
So I can confirm the bug for file (and copy) urls. Is that because
apt-get considers them local and they don't go through
/var/lib/apt/cache/partial?
MfG
Goswin
Reply to: