Testing the string use-case shows that it goes wrong on 253 bytes:
$ dd if=/dev/urandom of=foo bs=1 count=252 ; python -c 'import apt_pkg; print
apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
252+0 records in
252+0 records out
252 bytes (252 B) copied, 0,00294077 s, 85,7 kB/s
83c762165fbec99d6fd590ed2d3b291d40bfa8525c97b391d2cfb661c27e25fa
83c762165fbec99d6fd590ed2d3b291d40bfa8525c97b391d2cfb661c27e25fa foo
$ dd if=/dev/urandom of=foo bs=1 count=252 ; python -c 'import apt_pkg; print
apt_pkg.sha256sum(open("foo").read())' ; sha256sum foo
253+0 records in
253+0 records out
253 bytes (253 B) copied, 0,00317775 s, 79,6 kB/s
976fc1a77523e602fd1fe36d13771d83bae61f8e5d5279ca97b158664ff8b8c8
d68a24e86b8037437a20a592a717c40c163127f4942b511b102f0b11e449794c foo
--
Hardy release files contain invalid SHA256 signatures.
https://bugs.launchpad.net/bugs/243630
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
