Ubuntu 16.04 installation fails // Apt-get requires SHA2 hashes now

Following the instructions (https://www.hipchat.com/downloads#linux-install) leads to a failure on Ubuntu 16.04 (Xenial, to be released on April 21st) when trying to update the repo data. The reasons seems to be an update of apt's security policy which now requires a SHA2 key to consider hashes secure. Currently, the HipChat repo only supports md5 sums and SHA1 hashes.

sudo apt-get update fails with the following message:

E: Failed to fetch https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client/dists/xenial/Release No Hash entry in Release file /var/lib/apt/lists/partial/atlassian.artifactoryonline.com_atlassian_hipchat-apt-client_dists_xenial_Release which is considered strong enough for security purposes

There are MD5 sums and SHA1 hashes given, SHA2 is missing (Dump of

/var/lib/apt/lists/partial/atlassian.artifactoryonline.com_atlassian_hipchat-apt-client_dists_xenial_Release):

Origin: Artifactory
Label: Artifactory
Suite: xenial
Codename: xenial
Date: Tue, 29 Mar 2016 19:01:35 UTC
Component: main
Architectures: amd64 i386
MD5Sum:
 dd3772098a8667377384e60378c02be7             3170 main/binary-amd64/Packages
 f1f74c92647239e2749f83f5f213bb2b              892 main/binary-amd64/Packages.bz2
 e06cf7ceacbc63f92bbf183481cdc089              709 main/binary-amd64/Packages.gz
 d41d8cd98f00b204e9800998ecf8427e                0 main/binary-i386/Packages
 4059d198768f9f8dc9372dc1c54bc3c3               14 main/binary-i386/Packages.bz2
 3970e82605c7d109bb348fc94e9eecc0               20 main/binary-i386/Packages.gz
SHA1:
 e47c8e208e97cb0720b6414fbd388f07a48f62d9             3170 main/binary-amd64/Packages
 3576add76d8cefde17794f7f25549fad2e037838              892 main/binary-amd64/Packages.bz2
 4f75b0e662b9eff505de8ed428d40c9543048121              709 main/binary-amd64/Packages.gz
 da39a3ee5e6b4b0d3255bfef95601890afd80709                0 main/binary-i386/Packages
 64a543afbb5f4bf728636bdcbbe7a2ed0804adc2               14 main/binary-i386/Packages.bz2
 e03849ea786b9f7b28a35c17949e85a93eb1cff1               20 main/binary-i386/Packages.gz

Best,

Fabian

5 answers

1 accepted

Accepted Answer
0 votes

SHA256 hashes have been appended on Mon, 16 May 2016 04:21:21 UTC and installation of hipchat4 works now. Thanks!

Hey Fabian - nice catch. That sha1 deprecation is going to play hell with everyone.

such an awesome error message...

apt-get update
E: Failed to fetch https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client/dists/xenial/Release  No Hash entry in Release file /var/lib/apt/lists/partial/atlassian.artifactoryonline.com_atlassian_hipchat-apt-client_dists_xenial_Release which is considered strong enough for security purposes

 

Anyway, you can get around this problem with an (unsecure, know WTF you are doing workaround) by just downloading the deb file by hand and installing it using dpkg:

NOTE: before executing any of these command line statements you'll want to be sure your system is updated, has the dependencies installed, and that you know what you are doing.

  • the example shown below downloads the 64bit HipChat 4 client for Ubuntu Xenial - if you need a different client/have a different OS you'll need to find another answer

Steps

  1. download hipchat4 using the repository URL and path shown below
    1. URL and Path: https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client/pool/HipChat4-4.0.1633-Linux.deb
    2. Command line to download file: wget https://atlassian.artifactoryonline.com/atlassian/hipchat-apt-client/pool/HipChat4-4.0.1633-Linux.deb -O HipChat4-4.0.1633-Linux.deb
  2. NOTE: this information was extracted from running the repository data/policy data using a hybrid Ubuntu desktop that's running some combination of 14.04, 15.04 and 15.10 packages, kernel and stuffs - as I said, you need to know what you are doing prior to messing with packages as the raw learning process can be l o n g and p a i n f u l l.
  3. Once the deb file has been download you can install it with:
    1. dpkg -i HipChat4-4.0.1633-Linux.deb

ah, nevermind, looks like Atlassian has released a new client already

nope, nothing new available. the above works, however. Just make sure you get the right architecture for your desktop (32bit/64bit)

-wc

 

 

Hey William, 

thanks for describing the alternative route! Mine is to just use https://web.hipchat.com for the moment.

While it might be a more complicated task to automate builds with included SHA256 hashes, it might be a quick fix to just call sha256sum for all files and manually add this data for the current build. At least the path of installing HipChat with a chance of possibly broken update options seems a better one than not installing HipChat at all.

Best,

Fabian

@Fabian Topfstedt

Nice additional information Fabian. I've never tried the sha256sum/adding for current build. Nifty.

-wc

Also looking for help on this very issue.

"Just make sure you get the right architecture for your desktop (32bit/64bit)"

How can I do get a 32bit version? Is there any i386 wersion of the link?

 

Thanks, Jan

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 10, 2018 in Hipchat

What should I think about when migrating HipChat to Slack?

...from the beginning. We have built up a lot of content in HipChat, with it being a core tool in our distributed company model. While it is true that we didn’t need to move to Slack immediately, we felt it...

506 views 1 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you