FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 02-22-2011, 01:18 AM
Michael Gilbert
 
Default Release file changes

On Mon, Feb 21, 2011 at 3:05 PM, Joerg Jaspert wrote:
> On 12398 March 1977, Joey Hess wrote:
>
>>> until today our Release files included 3 Hashes for all their entries:
>>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>>> MD5SUM in *all* newly generated Release files.
>> When will that affect Release files for stable? Next point release?
>> Because that unfortunatly completly breaks debmirror..
> Yep. debmirror, reprepro, debootstrap and cdebootstrap seem to be the
> tools that can't deal with this. The latter two are serious enough to
> keep the change away from oldstable forever, and stable at least until
> after next point release, should they get updated there.

Can we get this reverted at least until the major tools can actually
cope with the change (i.e. for the next point release)? The fact that
this causes a regression in stable's debootstrap is rather
unfortunate. Stable is called "stable" because its functionality
isn't supposed to suddenly change.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTinkMMPQjiGR3tMgzURoZL5iZbJx0rWue+35fz_P@mail .gmail.com">http://lists.debian.org/AANLkTinkMMPQjiGR3tMgzURoZL5iZbJx0rWue+35fz_P@mail .gmail.com
 
Old 02-22-2011, 07:44 AM
Holger Levsen
 
Default Release file changes

Hi,

On Montag, 21. Februar 2011, Joerg Jaspert wrote:
> Yep. debmirror, reprepro, debootstrap and cdebootstrap seem to be the
> tools that can't deal with this.

fai-mirror came to my mind. And probably older dak setups as well?

> The latter two are serious enough to
> keep the change away from oldstable forever, and stable at least until
> after next point release, should they get updated there.

There are also people who use the packages as backports on stable+oldstable...
and those backports dont neccessarily come from debian.backports.org but
are "homemade".

I'm actually of the opinion that such a change _must not_ be introduced in a
stable point release.


cheers,
Holger, refraining from changing the subject to "hey, let's break stable,
it's already 2 weeks old.." sigh.
 
Old 02-22-2011, 05:37 PM
Joerg Jaspert
 
Default Release file changes

> until today our Release files included 3 Hashes for all their entries:
> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
> MD5SUM in *all* newly generated Release files.

Right. For now I undo this (with next dinstall run), until either one of
the following happens:

- lenny is gone and the tools are fixed in squeeze with a point
update (provided the SRMs approve such updates, but I *hope* so).
Until today we discovered:
* debootstrap (has a patch IIRC)
* cdebootstrap
* debmirror (fix uploaded)
* reprepro
* anna
* apt-cacher(-ng)

- wheezy is released. (This is the option I dont really favor, takes
ages )

Also note that in the process we found some inconsistencies in the
Sources file output by apt-ftparchive we currently use - it doesn't
provide a Checksum other than MD5 for the .dsc files of a package. Thats
fixed in Squeeze and so will be fixed on ftp-master when we upgrade the
machine to Squeeze, currently scheduled the day before our meeting.

Additionally let me mention that *right* *now* we are not removing MD5
anywhere else (got asked about Packages/Sources files), but that those
are certainly on the list to be done. Ideally we end up with just two
(at least halfway trustable ) hashes everywhere in the archive.

--
bye, Joerg
<elmo> [..] trying to avoid extra dependencies on gnumeric is like trying to
plug one hole in the titantic with a bit of tissue paper"


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 878vx7oqzi.fsf@gkar.ganneff.de">http://lists.debian.org/878vx7oqzi.fsf@gkar.ganneff.de
 
Old 02-22-2011, 06:25 PM
Russ Allbery
 
Default Release file changes

Joerg Jaspert <joerg@debian.org> writes:

> Right. For now I undo this (with next dinstall run), until either one of
> the following happens:

> - lenny is gone and the tools are fixed in squeeze with a point
> update (provided the SRMs approve such updates, but I *hope* so).
> Until today we discovered:
> * debootstrap (has a patch IIRC)
> * cdebootstrap
> * debmirror (fix uploaded)

I can confirm that the unstable debmirror runs great on oldstable and can
mirror the new-format repository, although I had to use --diff=none
because otherwise a bunch of Packages diff files would fail the SHA-1
checksum and block the mirror. (That's not a new problem; I had
--pdiff=none previously due to the same problem.)

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 871v2z3m7u.fsf@windlord.stanford.edu">http://lists.debian.org/871v2z3m7u.fsf@windlord.stanford.edu
 
Old 02-22-2011, 08:16 PM
Joey Hess
 
Default Release file changes

Russ Allbery wrote:
> Joerg Jaspert <joerg@debian.org> writes:
>
> > Right. For now I undo this (with next dinstall run), until either one of
> > the following happens:
>
> > - lenny is gone and the tools are fixed in squeeze with a point
> > update (provided the SRMs approve such updates, but I *hope* so).
> > Until today we discovered:
> > * debootstrap (has a patch IIRC)
> > * cdebootstrap
> > * debmirror (fix uploaded)
>
> I can confirm that the unstable debmirror runs great on oldstable and can
> mirror the new-format repository, although I had to use --diff=none
> because otherwise a bunch of Packages diff files would fail the SHA-1
> checksum and block the mirror. (That's not a new problem; I had
> --pdiff=none previously due to the same problem.)

It does have a minor big with -v on oldstable.

More problimatic is the diff size to use generic checksum types,
since it entailed many broad changes:
git diff 2.5..2.6|wc -l
565
This would be difficult to justify for proposed-updates.

--
see shy jo
 
Old 02-22-2011, 10:06 PM
Henrique de Moraes Holschuh
 
Default Release file changes

On Tue, 22 Feb 2011, Joey Hess wrote:
> Russ Allbery wrote:
> > Joerg Jaspert <joerg@debian.org> writes:
> > > Right. For now I undo this (with next dinstall run), until either one of
> > > the following happens:
> >
> > > - lenny is gone and the tools are fixed in squeeze with a point
> > > update (provided the SRMs approve such updates, but I *hope* so).
> > > Until today we discovered:
> > > * debootstrap (has a patch IIRC)
> > > * cdebootstrap
> > > * debmirror (fix uploaded)
> >
> > I can confirm that the unstable debmirror runs great on oldstable and can
> > mirror the new-format repository, although I had to use --diff=none
> > because otherwise a bunch of Packages diff files would fail the SHA-1
> > checksum and block the mirror. (That's not a new problem; I had
> > --pdiff=none previously due to the same problem.)
>
> It does have a minor big with -v on oldstable.
>
> More problimatic is the diff size to use generic checksum types,
> since it entailed many broad changes:
> git diff 2.5..2.6|wc -l
> 565
> This would be difficult to justify for proposed-updates.

If it has been extensively regression-tested, and there are no ABI changes
that could break local scripts, it should still be considered a valid
candidate, IMO.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110222230656.GA15743@khazad-dum.debian.net">http://lists.debian.org/20110222230656.GA15743@khazad-dum.debian.net
 
Old 02-23-2011, 08:35 AM
Bernd Zeimetz
 
Default Release file changes

On 02/22/2011 07:37 PM, Joerg Jaspert wrote:

until today our Release files included 3 Hashes for all their entries:
MD5SUM, SHA1, SHA256. I just modified the code to no longer include
MD5SUM in *all* newly generated Release files.


Right. For now I undo this (with next dinstall run), until either one of
the following happens:


# wget -q -O -
ftp://security.debian.org/debian-security/dists/lenny/updates/Release |
grep -i md5

#

Please fix this on security.debian.org ASAP.

Thanks,

Bernd

--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprints: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4D64D4F3.9010805@bzed.de">http://lists.debian.org/4D64D4F3.9010805@bzed.de
 
Old 02-23-2011, 09:30 AM
Holger Levsen
 
Default Release file changes

Hi,

On Dienstag, 22. Februar 2011, Joerg Jaspert wrote:
> - lenny is gone and the tools are fixed in squeeze with a point
> update (provided the SRMs approve such updates, but I *hope* so).

Do I understand correctly that you again plan to break squeeze, this time for
those who then havent upgraded to that pointrelease?

> Until today we discovered:
> * debootstrap (has a patch IIRC)
> * cdebootstrap
> * debmirror (fix uploaded)
> * reprepro
> * anna
> * apt-cacher(-ng)
* fai-mirror (needs confirmation)
* lots of custom code


> - wheezy is released. (This is the option I dont really favor, takes
> ages )

I actually prefer this very much over more random breakage in which is
supposed to be stable. 2 years aint that long.


cheers,
Holger
 
Old 02-23-2011, 09:33 AM
Philipp Kern
 
Default Release file changes

On 2011-02-23, Holger Levsen <holger@layer-acht.org> wrote:
>> - wheezy is released. (This is the option I dont really favor, takes
>> ages )
> I actually prefer this very much over more random breakage in which is
> supposed to be stable. 2 years aint that long.

Seconded. If it would've been urgent it should've gone into squeeze.
Furthermore it's about Release files which aren't that large anyway.

Kind regards
Philipp Kern


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: slrnim9okb.e38.trash@kelgar.0x539.de">http://lists.debian.org/slrnim9okb.e38.trash@kelgar.0x539.de
 
Old 02-24-2011, 10:29 AM
Luca Niccoli
 
Default Release file changes

On 21 February 2011 15:39, Joey Hess <joeyh@debian.org> wrote:

> Joerg Jaspert wrote:
>> until today our Release files included 3 Hashes for all their entries:
>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>> MD5SUM in *all* newly generated Release files.

cowbuilder --create fails with:

W: Failed to fetch
http://mi.mirror.garr.it/mirrors/debian/dists/sid/main/binary-armel/PackagesIndex
MD5Sum mismatch

E: Some index files failed to download. They have been ignored, or old
ones used instead.
I: unmounting /var/cache/pbuilder/ccache filesystem
I: unmounting dev/pts filesystem
I: unmounting proc filesystem
pbuilder create failed
forking: rm -rf /var/cache/pbuilder/base.cow

Did Packages.diff/Index use to contain an MD5sum? (it doesn't as of now)
Or is this some unrelated breakage?

Cheers,

Luca


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTinOcn0xdOSJGLZ-OEEACgrEqTsvvBjjU68MMyMO@mail.gmail.com">http://lists.debian.org/AANLkTinOcn0xdOSJGLZ-OEEACgrEqTsvvBjjU68MMyMO@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 05:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org