On Wed, Apr 13, 2022 at 5:01 PM Steve Sakoman via lists.openembedded.org <[email protected]> wrote: > > On Wed, Apr 13, 2022 at 4:47 PM Ralph Siemsen <[email protected]> > wrote: > > > > On Wed, 2022-04-13 at 11:39 -1000, Steve Sakoman wrote: > > > I did another experiment, where I disabled generation of the sha256 > > > entries in Release (by adding --no-sha256 to the apt-ftparchive > > > command) > > > > > > As a result we get past this first hash mismatch in Release, but then > > > get later hash mismatches when it tries to download .debs. > > > > I am able to get past this, albeit with a hack. This fixes the sha256 > > sum in the Release file, as well as verification of the .deb files. > > The original test then passes: > > > > RESULTS - apt.AptRepoTest.test_apt_install_from_repo: PASSED (46.75s) > > > > The hack to reduce the optimisation level for apt-native and apt. By > > default it uses CXXFLAGS="-g -O2". Reducing this to -O1 fixes the > > checksums. > > Nice work! > > > > The issue is happening on Fedora 35 and Alma 8, so no > > > buildtools-tarball in this case! > > I've started a build that uses buildtools just to verify that fixes it > and there aren't any other issues.
FWIW, here is the link to that build - still underway. Steve > > > Fedora 35 is using gcc-11.2.1, could you check what Alma 8 uses? > > [sakoman@alma8-ty-1 ~]$ gcc --version > gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-4) > > > > > Here are a few other things I checked, prior to noticing the > > optimisation level issue: > > > > 1) we are using apt 1.2.31; the latest 1.2.y version is 1.2.35 > > - this still has the problem with bad sha256sums > > - it does include several CVE fixes which we might want > > - it added a new dependency on systemd > > Urgh . . . this last part isn't good since it would be a behavior > change which isn't OK for LTS > > It may be that the best solution is to change to -O1 :-( > > Steve > > > > > 2) main branch version is 2.3.5 > > - it switched to CMAKE > > - many new dependencies > > - I got it to configure, but not compile > > - custom crypto code seems to be dropped, in favour of gcrypt > > - presumably this would fix the sha256 however I cannot confirm > > > > Regards, > > Ralph > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#164385): https://lists.openembedded.org/g/openembedded-core/message/164385 Mute This Topic: https://lists.openembedded.org/mt/90107518/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
