[Reproducible-builds] Bug#823428: dpkg: many packages affected by dpkg-source: error: source package uses only weak checksums
Niko Tyni
ntyni at debian.org
Wed May 4 16:28:40 UTC 2016
Package: dpkg
Severity: serious
Version: 1.18.5
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org
There are a number of packages in sid can't currently be unpacked with
the default dpkg-source options.
dpkg-source: error: source package uses only weak checksums
This happens since dpkg 1.18.5, apparently
https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=040973c7a1e50b78ef042ef5ffbfff0440c24700
Error out on source packages without any strong digests in
Dpkg::Source::Package, used by dpkg-source --extract, which can still
be disabled with --no-check.
With about 2.5% of the archive test built on tests.reproducible-builds.org with a newer
dpkg, we've caught at least
apparix
apwal
asterisk-prompt-se
bbpager
bbtime
brag
btyacc
libclass-pluggable-perl
libcrypt-des-ede3-perl
libdatetime-format-db2-perl
libdbd-excel-perl
sgml-spell-checker
which would give a linear estimate of roughly 400 broken packages
in total.
A mass bug filing (at RC level) seems to be in order, but maybe dpkg
should just warn for a while until packages get fixed? I assume the
Debian buildds don't use --no-check, so binNMUs of affected packages
are probably broken at the moment?
Tentatively setting at 'serious' but feel free to adjust/close if this
is all going as designed.
--
Niko Tyni ntyni at debian.org
More information about the Reproducible-builds
mailing list