Bug#1055193: libarchive-zip-perl: Document (or remove) the checksum-part-of-filename behavior

Sam Geeraerts samgee at elmundolibre.be
Wed Nov 1 21:20:15 GMT 2023 

Package: libarchive-zip-perl
Version: 1.68-1
Severity: normal

Dear maintainer,

The crc32 utility computes a checksum of the given files, e.g.:

$ filename=blah ; filepath=/tmp/"${filename}" ; echo foo > "${filepath}" ; crc32 "${filepath}"
7e3265a8

However, when part of the filename looks like a checksum, crc32 assumes that it should validate against that checksum and has different output. E.g. this happens when the path contains a UUID:

$ filename=$(uuidgen) ; filepath=/tmp/"${filename}" ; echo foo > "${filepath}" ; crc32 "${filepath}"
7e3265a8	BAD 7e3265a8 != b2c8fb74

This behavior is not documented in the man page. If this functionality is desirable and intended, then it should be documented.

On the other hand, one could argue that the program's behavior should not depend on the format of a file's path. In other words, it's an unwanted side effect. Then the functionality should be removed. Or if there is a valid use case for it, then it should be an option (that is disabled by default) and be documented as such.

I ran into this when I wanted to verify some files on a partition that was mounted by UUID.

Workaround: pipe crc32 to cut, e.g. sum=$(crc32 /path/to/file | cut -f 1)

Related upstream bug report: https://github.com/redhotpenguin/perl-Archive-Zip/issues/97

-- System Information:
Debian Release: 11.8
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldoldstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-26-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libarchive-zip-perl depends on:
ii  perl  5.32.1-4+deb11u2

libarchive-zip-perl recommends no packages.

libarchive-zip-perl suggests no packages.

-- no debconf information

More information about the pkg-perl-maintainers mailing list