aptly-dev
Published package has different size and hash of uploaded and added package
Detailed Description
We have a strange issue that couldn't be resolved yet. I uploaded a new version of a package for 3 different plattforms (armhf, arm64, amd64) and wanted to create a snapshot of it and publish this snapshot as always.
Today one of the packages behaves strange. While the packages for arm64 and amd64 are working fine in the repository, the armhf version doesn't. It could be uploaded. I downloaded the uploaded package and compared it with the original one. They had the same hash. I could add this package to the repository without any issues. Also creating a snapshot of the repo worked fine and also the publishing process of the repo did not threw any errors.
But the repo is broken since then. Clients using the repo are recieving erros like this: File has unexpected size (28546882 != 28539660). Mirror sync in progress? [IP: ] Hashes of expected file:
- SHA512:008cf9ea3a03172b1cdc4b36e3c2e51bf3a82727eee152bee383ec2dbef27663c666957739efd0a9dafac6874094f27dc9bbf438f2bd71b960dc8a1247576938
- SHA256:602d103f21e08bea3060cd76a87e1905ca44ba519e2e2516d17d487506f856db
- SHA1:e8bcb15b87eb102ce2c43658888b1a3da50507f2 [weak]
- MD5Sum:da85353bb6801a2db93b374191e8a82c [weak]
- Filesize:28539660 [weak] E: Failed to fetch https://xxx/repo/echion-beta/pool/main/e/echionplaycontrol/echionplaycontrol.0.14-1.linux-arm.deb File has unexpected size (28546882 != 28539660). Mirror sync in progress? [IP: ] Hashes of expected file: - SHA512:008cf9ea3a03172b1cdc4b36e3c2e51bf3a82727eee152bee383ec2dbef27663c666957739efd0a9dafac6874094f27dc9bbf438f2bd71b960dc8a1247576938 - SHA256:602d103f21e08bea3060cd76a87e1905ca44ba519e2e2516d17d487506f856db - SHA1:e8bcb15b87eb102ce2c43658888b1a3da50507f2 [weak] - MD5Sum:da85353bb6801a2db93b374191e8a82c [weak] - Filesize:28539660 [weak] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
I already tried deleting the package from the repository, creating a new snapshot of the repo and publish it and then redoing this with the new package version again.
But everytime the same issue occures. The packages file at server/repo/REPONAME/dists/DISTRIBUTION/main/binary-armhf/ contains the correct hashes and also the correct file size. But the package stored at server/repo/REPONAME/pool/main/e/echionaudioplayer/ has the wrong hash and also wrong file size.
It seems that something during the process of adding the file to the repository, creating the snapshot of the repository or publishing this created snapshot makes a broken copy of the original file.
Your Environment
A debian based system on a x86 architecture. aptly version: '1.5.0'
I also have the same problem. I think it is a problem related to publishing from multiple sites simultaneously. Publish again to solve this issue. But it's not reliable.
We're seeing this also, alongside a stubborn failure for the apt lists to update.
Packages are published without error, and they exist on the filesystem, but they are not picked up by an apt-get update. It's if we then re-run the deployment pipeline we sometimes get the error in the opening comment (we end up with two copies of the same package/arch in different pool directories, with slightly different file sizes).
We're publishing both amd and armhf builds of the same package to a standalone repository.
When we first started seeing this it seemed to go away after a bit of manual apt cache/list deletion, but it's pretty much stuck in a loop now. The CI/CD pipeline this affects worked previously for years.
I just ran clean-up commands for both aptly and apt, and the deployment then worked, but I can pretty much guarantee it will fail again tomorrow.
aptly version: 1.4.0+ds1-4+b4 Debian 11
