-
Notifications
You must be signed in to change notification settings - Fork 1.1k
FPM 1.3.2 deb md5sums bug fix notes
Deb packages have an 'md5sums' file in the control section of the package. This file helps dpkg do verifications post-install using dpkg -V vagrant or similar.
FPM 1.3.2 is now available with this fix.
Users wishing to verify file contents using the md5 checksums provided by the deb package will fail when running dpkg -V like so:
dpkg: error: control file 'md5sums' missing value separator
The author who published the patch for this bug was the first person, in my knowledge, to report the problem. I believe this problem has been present in fpm since fpm 0.4.42 (April 9, 2013) and resolved in fpm 1.3.1 (November 4, 2014)
fpm 0.4.42 through fpm 1.3.0.
Prior to fpm 0.4.42, no md5sums file was generated, and packages with no md5sums file, oddly, seems to generate the md5sums file during installation (dpkg -i foo.deb), and dpkg -V seems to be happy with this result.
Recommend upgrading to FPM 1.3.2 for any future package builds. This includes the bugfix such that new packages should be generated correctly.
Existing packages can be fixed by fpm using -s deb -t deb:
# Show bad md5sums (one space between hash and filename)
% ar p broken.deb control.tar.gz | tar -zxO ./md5sums
4a571dbf5dfa81e62eccb65c15ce98d1 tmp/.zshrc
# Fix it with fpm
% fpm -s deb -t deb broken.deb
Created package {:path=>"fizz_1.0_amd64.deb"}
% ar p fizz_1.0_amd64.deb control.tar.gz | tar -zxO ./md5sums
4a571dbf5dfa81e62eccb65c15ce98d1 tmp/.zshrc
I recommend that, if you do republish packages, you should bump the --iteration in the package.
Users who have installed packages affected by this bug, you can patch your md5sums files with the script below. This one-liner will make sure two spaces exist between the hash and filename, as required by dpkg -V.
% sudo sed -i -re 's/([A-Fa-f0-9]{32}) +([^ ].+)$/\1 \2/' /var/lib/dpkg/info/*.md5sums