Dear Skolelinux community, we attempted to upgrade a Skolelinx server from Squeeze to Wheezy (and planned to progress to Jessie later on, of course) and run into the following issue. As an example, I'd like to pick the "slbackup" package:
md5sum says: ~> md5sum slbackup_0.0.12-5~edu70+1_all.deb *7e72a33d83d3185abe66278c1b01b67e* slbackup_0.0.12-5~edu70+1_all.deb but http://ftp.skolelinux.org/skolelinux/dists/wheezy/local/binary-amd64/Packages states MD5sum: *83d3185abe66278c1b01b67e98d69f57* SHA1: a23c8598901c18fa16dc18128e6b668ef2de7f61 SHA256: 4dc74d5da14c7b8d5bcc55fcfc40660991255d074142d9f0b2461e3200000000 Only the SHA512 value matches the one we calculated locally, MD5, SHA1 and SHA256 are screwed. There is an indication that there might be somewhere something broken with string manipulation as e.g. the MD5 sums we got match a substring of the one given on the project web page. This gets more obvious if written like this: 7e72a33d *83d3185abe66278c1b01b67e* ........ *83d3185abe66278c1b01b67e* 98d69f57 I picked a few more Skolelinux Wheezy packages and all of them showed the same issue with the hashes. I suspect that there is a bug in the packaging tool chain the project team might not be aware of. Without a working upstream repository, an upgrade won't be possible. Some questions arise for me: * Is that issue already known? * if so, are there any solutions proposed? * is this the right place to ask and if not, who else should I ask? Thank you all in advance and best regards Peter Dreuw -- Peter Dreuw Berater Tel.: +49 2166 9901-155 Fax: +49 2166 9901-100 E-Mail: [email protected] gpg fingerprint: 33B0 82D3 D103 B594 E7D3 53C7 FBB6 3BD0 DB32 ED41 http://www.credativ.de/ credativ GmbH, HRB Mönchengladbach 12080 USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer
0xDB32ED41.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
