go-apt-mirror overlooks checksum mismatch between Release and InRelease

[ymmt2005]

go-apt-mirror at its first stage downloads Release and InRelease indices.

Ref: https://wiki.debian.org/DebianRepository/Format#A.22Release.22_files

These should contain the same checksums for all other indices, but in reality they may contain different checksums for some indices temporarily.

If Release and InRelease have different checksums for some indices, current go-apt-mirror may overlook them and create incomplete mirror.

This bug may be fixed by detecting mismatches or by implementing by-hash indices acquisition.

[ymmt2005]

With #16, if the repository does not support by-hash index acquisition and contains different checksums between Release and InRelease, go-apt-mirror exits abnormally without creating inconsistent mirrors.

If the repo supports by-hash, go-apt-mirror will retrieve all indices and stores them into by-hash directories.