← Back to team overview

touch-packages team mailing list archive

[Bug 1274466] Re: apt-ftparchive on-disk cache format changed between lucid and precise, results in Packages files with silently corrupted checksums fields

 

Hello Steve, or anyone else affected,

Accepted apt into trusty-proposed. The package will build now and be
available at http://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.2 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: apt (Ubuntu Trusty)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1274466

Title:
  apt-ftparchive on-disk cache format changed between lucid and precise,
  results in Packages files with silently corrupted checksums fields

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Committed
Status in “apt” source package in Trusty:
  Fix Committed

Bug description:
  Test case:
  - generate a cachedb with apt-ftparchive from lucid via
     apt-ftparchive --db old-db 2vcard_0.5-3_all.deb
  - use apt-ftparchive from precise and run
     apt-ftparchive --db old-db 2vcard_0.5-3_all.deb
    and verify that the hashsums are no longer correct
  - use apt-ftparchive from precise-proposed and run:
      apt-ftparchive --db old-db 2vcard_0.5-3_all.deb
    and verify that the hashes are correct now

  
  The archive.ubuntu.com master server has just been upgraded from lucid to precise.  As a result, the apt version went from 0.7.25.3 to 0.8.16~exp12, and apparently some time in that interval the on-disk format of apt-ftparchive's cache changed.

  This wouldn't be a problem, except apt-ftparchive itself doesn't
  *notice* that the cache format has changed, and instead happily reads
  the existing files and parses them incorrectly, resulting in corrupted
  checksums output in the Packages file for each of the .debs.

  apt-ftparchive should version its file formats so that it correctly
  notices incompatible cache files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1274466/+subscriptions