Package: buildd.debian.org Severity: normal Dear ftp-masters, build maintainers, DDs,
it all started at usual daily upgrade this morning with: -------------------------------------------------------------------------------- The following packages will be upgraded: at-spi2-core (2.22.0-6 => 2.22.0-6+deb9u1) libatspi2.0-0 (2.22.0-6 => 2.22.0-6+deb9u1) libdb5.3 (5.3.28-12+b1 => 5.3.28-12+b2) libhogweed4 (3.3-1+b1 => 3.3-1+b2) libnettle6 (3.3-1+b1 => 3.3-1+b2) libselinux1 (2.6-3+b1 => 2.6-3+b2) ntp (1:4.2.8p10+dfsg-3 => 1:4.2.8p10+dfsg-3+deb9u1) ntpdate (1:4.2.8p10+dfsg-3 => 1:4.2.8p10+dfsg-3+deb9u1) xkb-data (2.19-1 => 2.19-1+deb9u1) 9 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 2560 kB of archives. After this operation, 160 kB of additional disk space will be used. Get:1 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 ntp amd64 1:4.2.8p10+dfsg-3+deb9u1 [598 kB] Get:2 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 ntpdate amd64 1:4.2.8p10+dfsg-3+deb9u1 [72.4 kB] Get:3 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 libselinux1 amd64 2.6-3+b2 [101 kB] Err:3 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 libselinux1 amd64 2.6-3+b2 Hash Sum mismatch Hashes of expected file: - SHA256:afe008cdd2ca9d9de483ecada93459b33cf40f0d7c61f4652c4839651515725e - MD5Sum:b8ddc8ad9229d17a6fb900538e5c45cb [weak] - Filesize:101394 [weak] Hashes of received file: - SHA256:06434e32a91558ecae41dab74d3ffd0cce90f9868cff82bb4ddfe15f9a66e740 - MD5Sum:9e47c78ec70f36d03fd85f8775326d21 [weak] - Filesize:101302 [weak] Last modification reported: Fri, 30 Jun 2017 00:12:30 +0000 Get:4 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 libdb5.3 amd64 5.3.28-12+b2 [680 kB] Get:5 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 libatspi2.0-0 amd64 2.22.0-6+deb9u1 [60.9 kB] Get:6 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 at-spi2-core amd64 2.22.0-6+deb9u1 [69.3 kB] Get:7 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 libhogweed4 amd64 3.3-1+b2 [136 kB] Get:8 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 libnettle6 amd64 3.3-1+b2 [192 kB] Get:9 http://cdn-fastly.deb.debian.org/debian stretch-proposed-updates/main amd64 xkb-data all 2.19-1+deb9u1 [650 kB] Fetched 2560 kB in 3s (669 kB/s) Download complete and in download only mode E: Failed to fetch http://cdn-fastly.deb.debian.org/debian/pool/main/libs/libselinux/libselinux1_2.6-3+b2_amd64.deb Hash Sum mismatch Hashes of expected file: - SHA256:afe008cdd2ca9d9de483ecada93459b33cf40f0d7c61f4652c4839651515725e - MD5Sum:b8ddc8ad9229d17a6fb900538e5c45cb [weak] - Filesize:101394 [weak] Hashes of received file: - SHA256:06434e32a91558ecae41dab74d3ffd0cce90f9868cff82bb4ddfe15f9a66e740 - MD5Sum:9e47c78ec70f36d03fd85f8775326d21 [weak] - Filesize:101302 [weak] Last modification reported: Fri, 30 Jun 2017 00:12:30 +0000 -------------------------------------------------------------------------------- So a hash mismatch, whats going on? After tracing down as far as i could i do not think debians infrastructure has been cracked. More i think there are several bugs involved. 1) downloading http://cdn-fastly.deb.debian.org/debian/pool/main/libs/libselinux/libselinux1_2.6-3+b2_amd64.deb with wget gives correct sha256sum. But the deb downloaded by apt (which should use the same location) gives the hash mismatch. I have both debs here for further investigation if you need them. I suspect cdn-fastly use some sort of cache which has the wrong deb cached in. 2) libselinux1 got two binary only uploads on amd64 with the *same* version number. At least this is what i suspect after looking at them. See here: -------------------------------------------------------------------------------- cdn-fastly.deb.debian.org: libselinux1_2.6-3+b2_amd64.deb_bin/usr/share/doc/libselinux1/changelog.Debian.amd64.gz libselinux (2.6-3+b2) sid; urgency=low, binary-only=yes * Binary-only non-maintainer upload for amd64; no source changes. * Rebuild with python3.6 as a supported python3. -- amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc...@buildd.debian.org> Thu, 29 Jun 2017 23:57:24 +0000 -------------------------------------------------------------------------------- ftp.de.debian.org: libselinux1_2.6-3+b2_amd64.deb_bin/usr/share/doc/libselinux1/changelog.Debian.amd64.gz libselinux (2.6-3+b2) stretch; urgency=low, binary-only=yes * Binary-only non-maintainer upload for amd64; no source changes. * Rebuild with current sbuild to fix changelog date -- amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc...@buildd.debian.org> Wed, 20 Sep 2017 03:33:46 +0000 -------------------------------------------------------------------------------- -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
