lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as Won't Fix.
** Changed in: apt (Ubuntu Lucid)
Status: Triaged = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Verification is done for precise so removing -needed tag.
** Tags removed: verification-needed
** Tags added: lucid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is
** Branch linked: lp:debian/apt
** Branch linked: lp:debian/experimental/apt
** Branch linked: lp:ubuntu/apt
** Branch linked: lp:ubuntu/precise-proposed/apt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I installed apt-utils version 0.8.16~exp12ubuntu10.11 from precise-
proposed and confirm that the checksums are generated with it.
(precise-amd64)root@impulse:/home/bdmurray/test# apt-ftparchive sources .
beef has no source override entry
beef has no binary override entry either
Package: beef
This bug was fixed in the package apt - 0.8.16~exp12ubuntu10.11
---
apt (0.8.16~exp12ubuntu10.11) precise-proposed; urgency=low
[ Michael Vogt ]
* test/integration/test-bug-1078697-missing-source-hashes:
- add test for deb-src hash generation
[ Marc Deslauriers ]
* make
The new apt-utils package appears to have been deployed on pepo
(ftpmaster), so we can call this done from Launchpad's point of view.
** Changed in: launchpad
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
apt (0.7.25.3ubuntu9.15~0.IS.10.04) lucid-cat; urgency=low
[ Michael Vogt ]
* Backport patch for apt-ftparchive to generate missing deb-src
hashes. Unlike patch for Raring/Precise, only SHA1 and SHA256
hashes are generated. (LP: #1078697)
-- Barry Warsaw ba...@ubuntu.com Fri, 12
Agreed, thanks for creating the bug task for Lucid.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages
To manage
Hello Paul, or anyone else affected,
Accepted apt into precise-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.11 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Still waiting for the SRU into Precise, but the package has been
accepted into lucid-cat and should land on Launchpad at its next update,
currently scheduled for next Wednesday.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Branch linked: lp:~barry/ubuntu/lucid/apt/lp1078697-lucid-cat
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages
To
Fixes for Raring and Precise have been uploaded, awaiting approval.
mvo provided a patch against Lucid's version (see attached branch) and I
tested this against lucid-cat. It seemed to work so I uploaded to
lucid-cat. Caveat: lucid-cat version doesn't produce sha512 checksums
(only sha1 and
This bug was fixed in the package apt - 0.9.7.7ubuntu4
---
apt (0.9.7.7ubuntu4) raring; urgency=low
[ Michael Vogt ]
* test/integration/test-bug-1078697-missing-source-hashes:
- add test for deb-src hash generation
[ Marc Deslauriers ]
* make apt-ftparchive generate
** Also affects: apt (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Raring)
Importance: High
Assignee: Barry Warsaw (barry)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apt (Ubuntu Precise)
Status: New = In Progress
** Changed in: apt (Ubuntu Precise)
Importance: Undecided = High
** Changed in: apt (Ubuntu Precise)
Assignee: (unassigned) = Barry Warsaw (barry)
--
You received this bug notification because you are a member of
** Description changed:
As part of the Debian derivatives census, we are doing some checks on
all derivatives. We noticed that a number of source packages are missing
SHA-1/SHA-256 hashes. You may have inherited this issue from Debian, we
had the same issue until recently. Here are some
** Changed in: apt (Ubuntu Raring)
Milestone: None = ubuntu-13.04-beta-2
** Changed in: apt (Ubuntu Precise)
Milestone: None = ubuntu-12.04.4
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: apt (Ubuntu)
Status: Confirmed = In Progress
** Changed in: apt (Ubuntu)
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu
I assume we need a precise version of this branch too?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages
To manage
** Changed in: apt (Ubuntu)
Assignee: (unassigned) = Barry Warsaw (barry)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some
Here's a first stab at making apt-ftparchive generate the missing
hashes. Review appreciated.
** Patch added: apt_0.9.7.7ubuntu2~md1.debdiff
https://bugs.launchpad.net/launchpad/+bug/1078697/+attachment/3508960/+files/apt_0.9.7.7ubuntu2%7Emd1.debdiff
--
You received this bug notification
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages
To manage notifications about this bug go to:
@Marc, looking solely at the patch, it looks good to me. (I haven't
looked at the rest of the apt code to make sure it fits.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu
On Thu, Jan 31, 2013 at 01:00:54PM -, Marc Deslauriers wrote:
Here's a first stab at making apt-ftparchive generate the missing
hashes. Review appreciated.
** Patch added: apt_0.9.7.7ubuntu2~md1.debdiff
All the langpacks that just landed in precise-proposed should have a
full compliment of hashes in their .dsc files, FWIW.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive
** Changed in: apt (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages
To manage
If you wait a bit longer the fix for apt-ftparchive is 3 years old:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567343
That is rev 1875.1.95 in bzr and what pabs refers to as until recently (minus
the time needed to get this onto ftp-master box of course) as far as I know.
And of course
Indeed, that change seems to do what is desired. But 7 months later, in
September 2010, Ubuntu bug #633967 was fixed, making apt-ftparchive only
include hashes if they're in the dsc: http://bazaar.launchpad.net
/~ubuntu-branches/debian/sid/apt/sid/revision/21#ftparchive/writer.cc.
This change was
I suspect that Debian somewhat accidentally resolved the problem by
dropping apt-ftparchive and moving to database-backed index generation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
This commit should prevent apt-ftparchive to generate Checksum-listings
which just includes the dsc file and nothing else (General mode of
operation: It copies the Checksum-listings from the dsc file and adds
the dsc file to it). So that would explain the diveintopython example
(if
(To clarify, the hardy-lucid upgrade is important because it pulled in
apt-ftparchive = 0.7.25.3 on ftpmaster.)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is
Unlike Debian, Ubuntu's post-release updates go to a separate pocket --
the release pocket is frozen and its indices are never regenerated after
release. Production was upgraded from hardy to lucid between lucid and
maverick, so we'd expect lucid's Sources to omit the .dsc, while
maverick's would
@David, please see my response to comment #15 in bug #1098738
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages
To
This needs fixing in apt-ftparchive before Launchpad can do anything.
Also, MD5 collisions aren't hugely concerning here. It's a preimage that
would be more of a problem, and there's no serious preimage attack known
on MD5 today. I agree that this isn't a good situation, but it's not
everything
I'm not so sure. It's true that the known attacks are collision attacks.
Yet, collision attacks can be used to mount data-integrity attacks that
replace specific files in archives, at least, with the trick at
http://eprint.iacr.org/2004/356.pdf. That depends on having the colliding
blocks happen
It certainly should be regarded as entirely broken, but it's not world-
burningly critical to fix the old releases.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078697
Title:
Ubuntu archive is
Yeah, I wouldn't worry about old releases, just the current ones (but that
does include lucid, precise, and quantal, and oneiric unless it takes a
while to sorto ut).
On Fri, Jan 11, 2013 at 3:58 PM, William Grant m...@williamgrant.id.auwrote:
It certainly should be regarded as entirely
I suspect when William said old releases he meant already-published
releases for which we generally and strongly prefer not to regenerate
indices. That said, a one-time regen of only Sources and no other
indices, might not be the worst thing ever, if we fix apt-ftparchive to
include the missing
38 matches
Mail list logo
