Bug#665638: prevent debootstrap vom needing SHA256sums
On Sat, Mar 24, 2012 at 05:35:36PM -0400, Joey Hess wrote: Mario Koppensteiner wrote: Am I correct in deducing that this mirror is one that was actually generated with apt-move, and that's why it's missing the SHA256 fields? Yes, you are correct. Can somebody please implement a parameter which tells debootstrap not to relly on SHA256sums and use MD5sums instead? Well, that would be insecure. Better to fix the mirror? Yes, I tried to fix the mirror but I don't unterstand the awk script included in apt-move. See bug [1]. Maybe someone of the Debian Installer Team can help and fix the awk script? Related to bug [1], I got a reply there asking if the md5sums are still neded somewhere in the debian mirror. On the official Debian Mirror I can still see MD5sum. Can someone of the Debian Installer Team reply to the post on bug [1] please? Links: [1] http://bugs.debian.org/662003 sincerely yours Mario signature.asc Description: Digital signature
Bug#665638: prevent debootstrap vom needing SHA256sums
Hi I created a patch for apt-move to solve the SHA256 issue. After I applied my patch to apt-move, debootstrap accepts the local mirror as expected. For reference please have a look at the bug [1]. Links: [1] http://bugs.debian.org/662003 sincerely yours Mario signature.asc Description: Digital signature
Bug#665638: prevent debootstrap vom needing SHA256sums
Package: debootstrap Version: 1.0.37 Severity: important Hello, I have an issue with debootstrap. I debugged the issue and I found the following: The Problem is in the file /usr/share/debootstrap/functions line 634 Here is the code of the line 628 to 634 $PKGDETAILS PKGS $m $pkgdest $@ | ( leftover= while read p ver arc mdup fil checksum size; do if [ $ver = - ]; then leftover=$leftover $p else progress_next $(($dloaddebs + $size)) checksum should contain the SHA256sum and size should contain the size. But if the Packages.gz file does not contain any SHA256sums, then the checksum variable contains the size and the size variable is empty. If that happens then the line 634 executes 0 + I used the following command: root# debootstrap --no-check-gpg --verbose squeeze /path/chrootsystem/ ftp://ftp.domain.tld/pub/debian/squeeze ... I: Found additional base dependencies: libnfnetlink0 libsqlite3-0 I: Checking component main on ftp://ftp.domain.tld/pub/debian/squeeze... root# Note that there is no useful error message at the console. A message which tells the user to look at debootstrap.log would be nice. And the file /path/chrootsystem/debootstrap/debootstrap.log conains: /usr/sbin/debootstrap: 634: /usr/sbin/debootstrap: arithmetic expression: expecting primary: 0 + Can somebody please implement a parameter which tells debootstrap not to relly on SHA256sums and use MD5sums instead? About my issue with no SHA256Sums in Packages.gz I already opend another bug [1]. Links: [1] http://bugs.debian.org/662003 sincerely yours Mario Koppensteiner signature.asc Description: Digital signature
Bug#665638: prevent debootstrap vom needing SHA256sums
Mario Koppensteiner wrote: I have an issue with debootstrap. I debugged the issue and I found the following: The Problem is in the file /usr/share/debootstrap/functions line 634 Here is the code of the line 628 to 634 $PKGDETAILS PKGS $m $pkgdest $@ | ( leftover= while read p ver arc mdup fil checksum size; do if [ $ver = - ]; then leftover=$leftover $p else progress_next $(($dloaddebs + $size)) checksum should contain the SHA256sum and size should contain the size. But if the Packages.gz file does not contain any SHA256sums, then the checksum variable contains the size and the size variable is empty. If that happens then the line 634 executes 0 + I used the following command: root# debootstrap --no-check-gpg --verbose squeeze /path/chrootsystem/ ftp://ftp.domain.tld/pub/debian/squeeze Am I correct in deducing that this mirror is one that was actually generated with apt-move, and that's why it's missing the SHA256 fields? Can somebody please implement a parameter which tells debootstrap not to relly on SHA256sums and use MD5sums instead? Well, that would be insecure. Better to fix the mirror? -- see shy jo signature.asc Description: Digital signature
