Stefano Rivera wrote: > tags 628779 + patch > thanks > > > Aha, I caught it in action. Looks like possibly content-autonegotiation > > The cause is definitely an out of sync parent mirror (They've ignored my > previous requests to run their mirror properly). However I get free > access to it, so I'm prepared to live with the pain. > > The Package lists are failing verification against Release, but > debmirror isn't checking the Packages lists after download, only > before-hand. Thus it notices Packages.gz is invalid after downloading > it, downloads Packages too, pulls bz2 due to autonegotiation, and then > tries to parse this. > > Easy way to reproduce these issues: > Put a mirror behind a normally configured apache (with content > autonegotiation enabled) Break the Packages files. debmirror from it.
I've not been able to work on this due to * Not having sufficient bandwidth to work on debmirror lately (my own mirror is 2 months out of date and the only machine where I can run debmirror iteratively right now is a slow arm box). * Not really understanding the above description. How are the Packages files supposed to be broken to reproduce it? How can debmirror be checking Packages files before it downloads them? Where does bz2 fit into all this? * The hacky nature of the patches, which I am not comfortable applying without a full understanding of the problem. > Attached are two patches, both a bit hacky, to work-around this: > > 0001-Detect-errors-when-parsing-Packages.patch: > Abort when running into a parse error, and refuse to clean up if there > were errors. Obviously it would sorta fix your problem, but it's not clear what the user should do if this happens, or even what is broken. > 0002-Before-download-Package-list-files-are-checked-with-.patch: > Before download, Package list files are checked with prepended $tempdir. > At download time, Package list files are verified without it. Store both > forms in file_lists. If storing the same data under a different filename fixes this, then surely debmirror is broken at a deeper level, and should be fixed there, so it always verifies the Packages files using the same filename? -- see shy jo
signature.asc
Description: Digital signature
