search

Icinga / icinga-packaging

Packaging documentation and issues for the official Icinga repository
https://packages.icinga.com
44 stars 15 forks source link

Unable to download Icinga2 package sources from packages.icinga.com #300

Open pjakuszew-rtbh opened 6 months ago

pjakuszew-rtbh commented 6 months ago

Describe the bug

I'm trying to download Icinga2 sources using apt-get source icinga2 on a Ubuntu 22.04 machine. It seems that something broke during upload when latest version was being synced to packages.icinga.com:

$ apt-get source icinga2
Reading package lists... Done
NOTICE: 'icinga2' packaging is maintained in the 'Git' version control system at:
https://git.icinga.com/packaging/deb-icinga2.git
Please use:
git clone https://git.icinga.com/packaging/deb-icinga2.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 7925 kB of source archives.
Get:1 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (diff) [20.6 kB]
Get:2 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (dsc) [2620 B]
Get:3 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (tar) [7901 kB]
Err:3 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (tar)
  File has unexpected size (7903667 != 7901494). Mirror sync in progress? [IP: 185.233.189.126 443]
  Hashes of expected file:
   - SHA512:8c7bf917394ece8b79b1be3c32cf70d917cc282fa496ddb6a5ba9fee0af8e35d90c21a71954fc2d539148cd350b3167931e77a7ea3b762428927fb6713366626
   - Filesize:7901494 [weak]
   - SHA256:97536e1487e72f690acd0df2576c9a38435fb5481d5aa7a292c94abaf9c6e033
   - SHA1:8a033140149bdb843f2c63e15fd28a924b4df98d [weak]
   - MD5Sum:3f7350695b9b224b92ef2c83ae46e7f5 [weak]
Fetched 23.2 kB in 0s (67.0 kB/s)
E: Failed to fetch https://packages.icinga.com/ubuntu/pool/main/i/icinga2/icinga2_2.14.2.orig.tar.gz  File has unexpected size (7903667 != 7901494). Mirror sync in progress? [IP: 185.233.189.126 443]
   Hashes of expected file:
    - SHA512:8c7bf917394ece8b79b1be3c32cf70d917cc282fa496ddb6a5ba9fee0af8e35d90c21a71954fc2d539148cd350b3167931e77a7ea3b762428927fb6713366626
    - Filesize:7901494 [weak]
    - SHA256:97536e1487e72f690acd0df2576c9a38435fb5481d5aa7a292c94abaf9c6e033
    - SHA1:8a033140149bdb843f2c63e15fd28a924b4df98d [weak]
    - MD5Sum:3f7350695b9b224b92ef2c83ae46e7f5 [weak]
E: Failed to fetch some archives.

To Reproduce

  1. Start a machine with Ubuntu 22.04
  2. Add the official Icinga2 apt repository
  3. Run apt-get source icinga2

Expected behavior

Icinga2 package sources should be downloaded and extracted to current working directory.

yhabteab commented 6 months ago

Hi @pjakuszew-rtbh, thanks for reporting!

How does your deb-src entry in the /etc/apt/sources.list.d directory look like?

yhabteab commented 6 months ago

Never mind! I was able to reproduce it!

root@ubuntu-jammy:~# apt source icinga2
Reading package lists... Done
NOTICE: 'icinga2' packaging is maintained in the 'Git' version control system at:
https://git.icinga.com/packaging/deb-icinga2.git
Please use:
git clone https://git.icinga.com/packaging/deb-icinga2.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 7925 kB of source archives.
Get:1 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (diff) [20.6 kB]
Get:2 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (dsc) [2620 B]
Get:3 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (tar) [7901 kB]
Err:3 https://packages.icinga.com/ubuntu icinga-jammy/main icinga2 2.14.2-1+ubuntu22.04 (tar)
  File has unexpected size (7903667 != 7901494). Mirror sync in progress? [IP: 185.233.189.126 443]
  Hashes of expected file:
   - SHA512:8c7bf917394ece8b79b1be3c32cf70d917cc282fa496ddb6a5ba9fee0af8e35d90c21a71954fc2d539148cd350b3167931e77a7ea3b762428927fb6713366626
   - Filesize:7901494 [weak]
   - SHA256:97536e1487e72f690acd0df2576c9a38435fb5481d5aa7a292c94abaf9c6e033
   - SHA1:8a033140149bdb843f2c63e15fd28a924b4df98d [weak]
   - MD5Sum:3f7350695b9b224b92ef2c83ae46e7f5 [weak]
Fetched 23.2 kB in 0s (385 kB/s)
E: Failed to fetch https://packages.icinga.com/ubuntu/pool/main/i/icinga2/icinga2_2.14.2.orig.tar.gz  File has unexpected size (7903667 != 7901494). Mirror sync in progress? [IP: 185.233.189.126 443]
   Hashes of expected file:
    - SHA512:8c7bf917394ece8b79b1be3c32cf70d917cc282fa496ddb6a5ba9fee0af8e35d90c21a71954fc2d539148cd350b3167931e77a7ea3b762428927fb6713366626
    - Filesize:7901494 [weak]
    - SHA256:97536e1487e72f690acd0df2576c9a38435fb5481d5aa7a292c94abaf9c6e033
    - SHA1:8a033140149bdb843f2c63e15fd28a924b4df98d [weak]
    - MD5Sum:3f7350695b9b224b92ef2c83ae46e7f5 [weak]
E: Failed to fetch some archives.
julianbrost commented 6 months ago

There seems to be a problem with our package tooling in respect to source packages when we retroactively build an existing release for new distribution releases. So when Icinga 2.14.2 was built for Ubuntu 23.04, a new orig.tar was generated than unintentionally replaced the other one on packages.icinga.com.

I've attached both versions of the orig.tar, the first one matches the expected hash. So that you can at least verify that there was no tampering (greetings to everyone affected by the xz mess), they only differ in metadata, i.e. timestamps and order of the files in the archive:

icinga2_2.14.2.orig.a.tar.gz icinga2_2.14.2.orig.b.tar.gz

We'll see what we can do about the repo, it's somewhat unfortunate that the same version was built from different orig.tars for different distributions, so I don't know if this can be properly represented in the repo metadata.