Duncan wrote:
Mike Williams <[EMAIL PROTECTED]> posted
[EMAIL PROTECTED], excerpted below, on Mon, 31 Jul 2006
16:56:35 +0100:
On Monday 31 July 2006 16:47, Atoms wrote:
Nope. Works fine here.
Okay, next question is, how do I clean portage up (sanely) to allow a
re-download of the ebuild?
just do `ebuild
/usr/portage/www-client/mozilla-firefox/mozilla-firefox-1.5.0.5.ebuild
digest` and then emerge
Err, no!
The size didn't match for a reason.
Delete the ebuild, and sync again. From a different mirror if possible.
My reaction too -- don't just blindly digest and emerge unless you are
quite sure it's safe to do so (a dev explains it or you check viewcvs and
verify that the one there is the same, plus verify that the ebuild isn't
doing anything weird like retrieving "special" source
from warez.and.crakz.r.us or the like).
THE WARNING ABOVE, INCORRECT SIZE OR OTHER FAILURE TO VERIFY, COULD
INDICATE A SECURITY ISSUE. SIMPLY REDIGESTING THE FAILED PACKAGE BYPASSES
THE CHECKS AND COULD LEAVE YOUR GENTOO MACHINE CRACKED WIDE OPEN AND NO
LONGER UNDER YOUR CONTROL!!
I apologize for shouting, but your computer's security may depend on it.
Don't do something stupid!
In actuality, it's much more likely simply broken or even an entirely
harmless difference like a missing newline or the like. However, you
can't KNOW that, and with various server in the FLOSS community having
already been found compromised, we know the crackers are trying, and it's
not out of the realm of possibility that a Gentoo server could be
compromised at some point. Thus, don't do something you might regret.
Either hand verify the ebuild if you know how to, or wait a few hours to a
day or two and the problem will probably have been resolved (or better,
file a bug and report it, asking if it's legit).
Since I'm not as up to speed as I really want to be on manipulating
ebuilds and portage, I simply deleted the ebuild and re-sync'd, this one
came down fine and is compiling now. I thought about a bug report, but
I felt that to be too extreme a measure if I was the only person seeing
the problem. However, the information on the possible security issues
is quite appreciated, that method of infiltration never occurred to me,
so I will be even more careful from now on with this.
--
Fere libenter homines id quod volunt credunt.
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
--
[email protected] mailing list
