Package: apt Version: 1.8.2 Severity: wishlist I've just had autopkgtest explode:
https://salsa.debian.org/postgresql/postgresql/-/jobs/205099 Get:1 file:/tmp/autopkgtest.V0T9GW/binaries libpq5 11.4-1 [165 kB] Get:2 file:/tmp/autopkgtest.V0T9GW/binaries libpq-dev 11.4-1 [161 kB] ... Get:69 http://cdn-fastly.deb.debian.org/debian sid/main amd64 postgresql-server-dev-11 amd64 11.4-1 [932 kB] Err:69 http://cdn-fastly.deb.debian.org/debian sid/main amd64 postgresql-server-dev-11 amd64 11.4-1 Hash Sum mismatch Hashes of expected file: - SHA256:2a5e5334855a16f8f87bd1e3642c8a41109ce325583f365d77c4eb7541006612 - MD5Sum:85b683f05d235008de3feb2d5f2a7c0c [weak] - Filesize:931564 [weak] - SHA512:fd0b27379598b896aa374b2650fb88357adbcbd1d4e7f55bfe56f535b6a1c69af75f609b616d557d1fa9d7d42be229bdd41c8faca666ea30967662c7258f4d46 Hashes of received file: - SHA512:aa3effa6ba09fadb17edbeeeb76678c56371391496db12f3c74863ad5e1d1d5555e6e48e91254024925c0b87b94be577d5e188250e0bfeb72920d409db52736d - SHA256:2a5e5334855a16f8f87bd1e3642c8a41109ce325583f365d77c4eb7541006612 - MD5Sum:85b683f05d235008de3feb2d5f2a7c0c [weak] - Filesize:931564 [weak] Last modification reported: Thu, 20 Jun 2019 15:44:20 +0000 ... W: Sources disagree on hashes for supposely identical version '11.4-1' of 'postgresql-server-dev-11:amd64'. The problem is that a previous build step recompiled postgresql-server-dev-11 11.4-1 which led to a different package, but with the same size. Now when apt was merging both Packages files, it determined both to be the same based on name, version, size (and other fields). It them "merged" the hashes from both, but because only the local file had a SHA512, the file downloaded from the main archive didn't match it. In most cases this CI workflow where recompiled packages have the same version number works fine, because the packages either reproduce completely, or have a different size. As discussed on #debian-devel, a fix here would be to include the hashsums when comparing packages. Please consider doing so. (While version numbers should be unique, in practise this workflow is quite common, so please don't break it. It works quite well except when hitting this "almost-identical" case in the middle.) Thanks! Christoph
