[Bug 1098738] Re: apt-get source only checks md5 hashes in Sources files
Michael Vogt
michaelvogt at imap.cc
Thu Jan 31 06:01:23 UTC 2013
On Thu, Jan 31, 2013 at 02:30:47AM -0000, Daniel Hartwig wrote:
> Integration test.
>
> # pkg-sha256-bad has a bad SHA sum, but good MD5 sum. If apt is
> # checking the best available hash (as it should), this will trigger
> # a hash mismatch.
>
> -- before patch:
> Test for hash ok of apt-get source -d pkg-md5-ok … PASS
> Test for hash ok of apt-get source -d pkg-sha256-ok … PASS
> Test for hash mismatch of apt-get source -d pkg-sha256-bad … FAIL
>
> -- after patch:
> Test for hash ok of apt-get source -d pkg-md5-ok … PASS
> Test for hash ok of apt-get source -d pkg-sha256-ok … PASS
> Test for hash mismatch of apt-get source -d pkg-sha256-bad … PASS
Thanks Daniel! That looks great :)
I added it to my bzr branch for this bug and will merge it to the
debian and ubuntu branches soon. I also cleaned up the FIXMEs and
pushed to lp:~mvo/apt/source-hashes/
Cheers,
Michael
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1098738
Title:
apt-get source only checks md5 hashes in Sources files
Status in “apt” package in Ubuntu:
In Progress
Bug description:
'apt-get source' only validates the md5 hash in the Sources file.
Ideally, it should check the sha hashes also.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098738/+subscriptions
More information about the foundations-bugs
mailing list