Incorrect "md5sum" package reported

[pombredanne]

I scan http://ftp.us.debian.org/debian/pool/main/p/python-tenacity/python-tenacity-doc_8.2.1-1_all.deb as a single package

scancode-2024-04-04-11-28-44.json.txt summary-2024-04-04-11-28-53.json.txt See

[pombredanne]

@AyanSinhaMahapatra does this ring a bell?

[AyanSinhaMahapatra]

@pombredanne yes, see https://github.com/nexB/scancode-toolkit/pull/3682/commits/b60d78fbf0df29b7cc0d64e224971cf5d17ddb7e I thought I fixed this there. Let me check why this is not fixed by this, maybe we are not running from latest?

There is another issue here which I've not been able to fix yet, is yielding a package from the input archive itself.

Now in the scan single package pipeline, we extract the package directly in a directory and scan there.

Instead we should: move the package to the input directory, extract and scan including the package archive, then we will yield a package from the https://github.com/nexB/scancode-toolkit/blob/develop/src/packagedcode/debian.py#L63 parser. But this has some unintended consequences in package summary calculation and some other places, so I've not figured out how to do this without side effects.

[AyanSinhaMahapatra]

Fixed above ^ with a couple other updates. See https://github.com/nexB/scancode-toolkit/pull/3723/files#diff-f477faef4b1c440ccb53892ef45a4fbf0ed05b37f8891717071ed697cc35825aR164 where we do not assign a name in the package_data and so we don't create any packages.

[tdruez]

@AyanSinhaMahapatra Can we close this one?

[AyanSinhaMahapatra]

@tdruez yes, this is fixed and merged on the SCTK side, so closing this.