[SOLVED]Stretch upgrade 9.0.0 to 9.1.0 fails from update DVD

Help with issues regarding installation of Debian

Re: Stretch upgrade 9.0.0 to 9.1.0 fails from update DVD

Postby gurfle » 2017-08-04 17:24

Looks like a real bug. The response to the bug report from Steve McIntyre says:
Apologies - you've found a real bug here. I need to update the
update-cd script to use better hashes than just md5sum for the update
images. This setup has worked for a very long time, but newer versions
of apt won't accept it any more. Looking into a fix now...
User avatar
gurfle
 
Posts: 331
Joined: 2009-06-04 02:08
Location: Seattle, Washington, US

Re: Stretch upgrade 9.0.0 to 9.1.0 fails from update DVD

Postby luvr » 2017-08-06 18:57

I need to update the update-cd script to use better hashes than just md5sum for the update images. This setup has worked for a very long time, but newer versions of apt won't accept it any more.

Ah! I get it now... The Packages files (e.g., ‘dists/stretch/main/binary-amd64/Packages') on the update DVD include only MD5 checksums, which are no longer considered safe.
luvr
 
Posts: 79
Joined: 2016-07-21 19:39
Location: Boom - The Home Town of Tomorrowland, Belgium

Re: Stretch upgrade 9.0.0 to 9.1.0 fails from update DVD

Postby gurfle » 2017-08-07 16:19

Not sure when the official repositories will have them. but you can get the fixed update jigdos at this link (posted in the bug report):
https://get.debian.org/images/unofficial/test-update-9.1.1/
User avatar
gurfle
 
Posts: 331
Joined: 2009-06-04 02:08
Location: Seattle, Washington, US

Re: [SOLVED]Stretch upgrade 9.0.0 to 9.1.0 fails from update

Postby luvr » 2017-08-09 09:02

Out of curiosity, I have just downloaded the ‘debian-update-9.1.1-amd64-DVD-1.iso’ image—which went blazingly fast with the “jigdo-lite” command, since it found all of its required files on the ‘debian-update-9.1.0-amd64-DVD-1.iso’ image (which I had loop-mounted read-only on ‘/mnt/tmp’):
Code: Select all
If you already have a previous version of the CD you are
downloading, jigdo can re-use files on the old CD that are also
present in the new image, and you do not need to download them
again. Mount the old CD ROM and enter the path it is mounted under
(e.g. `/mnt/cdrom').
Alternatively, just press enter if you want to start downloading
the remaining files.

You can also enter a single digit from the list below to
select the respective entry for scanning:
  1: /mnt/tmp
Files to scan: 1

Downloading .template file
--2017-08-09 11:23:22--  http://get.debian.org/images/unofficial/test-update-9.1.1/amd64/jigdo-dvd/debian-update-9.1.1-amd64-DVD-1.template
Resolving get.debian.org (get.debian.org)... 2001:6b0:19::165, 2001:6b0:19::173, 194.71.11.165, ...
Connecting to get.debian.org (get.debian.org)|2001:6b0:19::165|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 292351 (285K)
Saving to: ‘debian-update-9.1.1-amd64-DVD-1.template’

debian-update-9.1.1-amd64-DVD-1.template                 100%[================================================================================================================================>] 285.50K  1.02MB/s    in 0.3s   

2017-08-09 11:23:22 (1.02 MB/s) - ‘debian-update-9.1.1-amd64-DVD-1.template’ saved [292351/292351]

Found 443 of the 443 files required by the template                                                                                             
Successfully created `debian-update-9.1.1-amd64-DVD-1.iso'

The ‘Packages’ files now include not only the MD5, but also the SHA256 checksums of the packages.

The missing digital signatures (causing warnings about the Release files) are not critical to the current version of the APT system, but there are apparently efforts going on to harden the package management software, with the goal to drop support for unsigned repositories in future APT versions. One example of this gradual hardening is that MD5 checksums are no longer accepted.
luvr
 
Posts: 79
Joined: 2016-07-21 19:39
Location: Boom - The Home Town of Tomorrowland, Belgium

Re: [SOLVED]Stretch upgrade 9.0.0 to 9.1.0 fails from update

Postby gurfle » 2017-08-10 01:34

Not understanding all this security business enough, can you confirm that the iso file created by your fast jigdo method actually can be used to install packages from? Given my ignorance on the issue, I took the time to download the entire thing before testing, but it certainly would be great to know for sure that is not necessary.

Cheers, Nick
User avatar
gurfle
 
Posts: 331
Joined: 2009-06-04 02:08
Location: Seattle, Washington, US

Re: [SOLVED]Stretch upgrade 9.0.0 to 9.1.0 fails from update

Postby luvr » 2017-08-10 15:24

gurfle wrote:Not understanding all this security business enough, can you confirm that the iso file created by your fast jigdo method actually can be used to install packages from? Given my ignorance on the issue, I took the time to download the entire thing before testing, but it certainly would be great to know for sure that is not necessary.

I’m pretty confident that the ISO file that I created is completely identical to yours, but if you want to double-check, then I suggest you verify its SHA512 checksum. Assuming that your copy of the ‘debian-update-9.1.1-amd64-DVD-1.iso’ file is in the current directory, just run the following command:
Code: Select all
sha512sum -c <<//*EOF
8bad9bee3afa49953a99955a18575829b093cc6d24c235071c4f27be6e4326f6025543a768d1cd282aff1d16568ab717b41476f509be6459606a327ecd8ef9cc *debian-update-9.1.1-amd64-DVD-1.iso
//*EOF

The first line runs the ‘sha512sum’ command in “check” mode—i.e., it expects one or more text lines as input, from which it will read the expected checksum value (a string of 128 hexadecimal digits, representing a 512-bit binary value, at four bits per character position) and the name of the file to which the checksum value applies. The command will obtain its input from the standard input stream, until it encounters the string “//*EOF” on a line by itself. The second line of the above code is the input to the program: the checksum value, a space, an asterisk for binary file input mode (I could have used a space here, but I wanted to avoid having two spaces in a row), and finally the name of the file to check. The third line marks the end of the input to the program.

I generated the checksum on my own copy of the file, so if your copy passes the validation, then you can rest assured that the two copies are identical.
luvr
 
Posts: 79
Joined: 2016-07-21 19:39
Location: Boom - The Home Town of Tomorrowland, Belgium

Re: [SOLVED]Stretch upgrade 9.0.0 to 9.1.0 fails from update

Postby gurfle » 2017-08-10 17:47

Neat!:
Code: Select all
nick@oldlaptop:/media/nick/DebianRepositori$ sha512sum -c <<//*EOF
> 8bad9bee3afa49953a99955a18575829b093cc6d24c235071c4f27be6e4326f6025543a768d1cd282aff1d16568ab717b41476f509be6459606a327ecd8ef9cc *debian-update-9.1.1-amd64-DVD-1.iso
> //*EOF
debian-update-9.1.1-amd64-DVD-1.iso: OK
nick@oldlaptop:/media/nick/DebianRepositori$


This confirms that everyone who has a non-working 9.1.0 update DVD and wishes to make a working 9.1.1 update DVD can create it in jigdo using your "fast" way.

And thanks for the detailed "education" via this example on how to use such codes!

Cheers, Nick
User avatar
gurfle
 
Posts: 331
Joined: 2009-06-04 02:08
Location: Seattle, Washington, US

Previous

Return to Installation

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable