Bug#624122: Bug#743298: apt-get corrupts Sources and Packages files on running unxz

To: Harald Dunkel <harri@afaics.de>, 743298-done@bugs.debian.org
Cc: 624122@bugs.debian.org
Subject: Bug#624122: Bug#743298: apt-get corrupts Sources and Packages files on running unxz
From: David Kalnischkies <david@kalnischkies.de>
Date: Tue, 1 Apr 2014 19:35:20 +0200
Message-id: <[🔎] 20140401173519.GA5341@crossbow>
Reply-to: David Kalnischkies <david@kalnischkies.de>, 624122@bugs.debian.org
In-reply-to: <[🔎] 533ACC6B.3000007@afaics.de>
References: <[🔎] 533ACC6B.3000007@afaics.de>

Version: 1.0

Hi,

On Tue, Apr 01, 2014 at 04:25:47PM +0200, Harald Dunkel wrote:
> I have 2 hosts downloading sid from http://ftp.debian.org.
> One host ("elmer") claims on "apt-get update"
> 
> W: Failed to fetch xz:/var/lib/apt/lists/partial/ftp.debian.org_debian_dists_sid_main_source_Sources  Hash Sum mismatch
> W: Failed to fetch xz:/var/lib/apt/lists/partial/ftp.debian.org_debian_dists_sid_main_binary-amd64_Packages  Hash Sum mismatch
> E: Some index files failed to download. They have been ignored, or old ones used instead.

Thanks for the report!
Unfortunately it's a (hidden) duplicate and fixed in a recent upload,
so I have to close it again… but let me explain a bit before that:

As noted in #624122 – our catch-all hashsum mismatch bugreport(s) –
I botched uncompressing of lzma/xz in 0.9.16 while introducing
(un)compression via liblzma instead of an optional external binary.

The problem is that it can happen that the code reads 4096 compressed
bytes, which do not produce any uncompressed output. The code then came
to the conclusion that it is done uncompressing the file… which happens
to be wrong in this case resulting in a too short file and therefore in
a hashsum mismatch as a too short file of course doesn't match.

This happens "rarely", so by any chance the next dinstall run will
generate a new file which doesn't expose this behavior – just like our
testcases do not expose this at all.

A fix is known for a while, but was stuck in git as nobody with
upload rights and sufficient time was around to upload it.
(We can argue now if that was so to punish me or just by chance –
 I opt for the former, which is what I deserved I guess)
On the upside, this has changed today, so that this fix is finally
included – and even in a very important release for us. ;)

In the meantime, the last workaround mentioned in #624122 is actually
the only one working in case the problem is this one. It doesn't help
for all the cases which usually end up in #624122. Just like the
config options mentioned before that about another issue ending up with
that error message as #624122 has no workaround if you get it for
"hashsum mismatch" rather than a "code practice vs. theory mismatch"
(and I can only break so many apt versions).

Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#624122: Bug#743298: apt-get corrupts Sources and Packages files on running unxz
  - From: Harald Dunkel <harri@afaics.de>

References:
- Bug#743298: apt-get corrupts Sources and Packages files on running unxz
  - From: Harald Dunkel <harri@afaics.de>

Prev by Date: apt_1.0_amd64.changes ACCEPTED into unstable
Next by Date: Bug#743298: marked as done (apt-get corrupts Sources and Packages files on running unxz)
Previous by thread: Bug#743298: Acknowledgement (apt-get corrupts Sources and Packages files on running unxz)
Next by thread: Bug#624122: Bug#743298: apt-get corrupts Sources and Packages files on running unxz
Index(es):
- Date
- Thread