Re: [gentoo-user] getting digest verification failed when emerging bittorrent
On Sat, 07 Mar 2009 15:54:22 -0600, Dale wrote: wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest Bear in mind this overrides the security that digests provide, although it is harmless when it is only a Chnagleog file. Does emerge --digest still exist? I recall using something like that a long time ago. I think I used it for googleforearth which never matches. That's not a good idea as the mismatch could be caused by a hacked source or binary file. The problem with Google Earth was that they used unversioned tarballs. Whenever you gt a digest error on a distfile, the first step is to delete the distfile and let emerge download it again. If that doesn't help, resync and then check Bugzilla. Don't redigest a distfile unless you can e 100% certain of its validity. -- Neil Bothwick Klingons do NOT sweat! They perspire with honour! signature.asc Description: PGP signature
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
On Sun, 8 Mar 2009 09:25:19 + Neil Bothwick n...@digimed.co.uk wrote: Don't redigest a distfile unless you can e 100% certain of its validity. On the other hand, the rule can go like this: Always redigest when downloading from official source, unless you can be 100% sure that you've rsync'ed with the valid (tm) mirror, not some third-party-in-the-middle impersonation or malicious developer contribution. -- Mike Kazantsev // fraggod.net signature.asc Description: PGP signature
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
Neil Bothwick wrote: On Sat, 07 Mar 2009 15:54:22 -0600, Dale wrote: wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest Bear in mind this overrides the security that digests provide, although it is harmless when it is only a Chnagleog file. Does emerge --digest still exist? I recall using something like that a long time ago. I think I used it for googleforearth which never matches. That's not a good idea as the mismatch could be caused by a hacked source or binary file. The problem with Google Earth was that they used unversioned tarballs. Whenever you gt a digest error on a distfile, the first step is to delete the distfile and let emerge download it again. If that doesn't help, resync and then check Bugzilla. Don't redigest a distfile unless you can e 100% certain of its validity. It's not just security. It's a basic measure to ensure the source files haven't changed (some projects are known to change the source files without changing the tarball name) and that the installation instructions in the ebuild are still valid. Note that it's possible for the source files to change and the instructions in the ebuild appear to work, but to not correctly install the package. AllenJB
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
On Sunday 08 March 2009 07:06:22 John covici wrote: on Saturday 03/07/2009 Dale(rdalek1...@gmail.com) wrote Alan McKinnon wrote: On Saturday 07 March 2009 23:20:38 John covici wrote: Hi. I am getting digest verification failed when trying to emerge bittorrent -- it is having trouble with the Changelog file. The exact message is: !!! Digest verification failed: !!! /usr/portage/net-p2p/bittorrent/ChangeLog !!! Reason: Filesize does not match recorded size !!! Got: 19308 !!! Expected: 19466 Is there a new ebuild coming? wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest Does emerge --digest still exist? I recall using something like that a long time ago. I think I used it for googleforearth which never matches. OK, thanks I was hoping something like that would work. As others have already said (but the importance of it got lost in the ensuing retorts), you have to be careful not to redigest stuff arbitrarily. This case was a mere Changelog which doesn't affect the built binaries and hence is safe. Most digest failures are for one of two reasons: 1. Proprietary binaries that don't think it necessary to tell their customers which version they are getting. They must think customer's are psychic, 2. The developer goofed and forgot to upload one or more changed files. The dangerous case that digests are designed to help you with is malicious changes where you get a trojan. This danger is real and you should take it seriously. The fact that I've never actually *seen* it happen doesn't mean anything and isn't even relevant. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
On Saturday 07 March 2009 23:20:38 John covici wrote: Hi. I am getting digest verification failed when trying to emerge bittorrent -- it is having trouble with the Changelog file. The exact message is: !!! Digest verification failed: !!! /usr/portage/net-p2p/bittorrent/ChangeLog !!! Reason: Filesize does not match recorded size !!! Got: 19308 !!! Expected: 19466 Is there a new ebuild coming? wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
Alan McKinnon wrote: On Saturday 07 March 2009 23:20:38 John covici wrote: Hi. I am getting digest verification failed when trying to emerge bittorrent -- it is having trouble with the Changelog file. The exact message is: !!! Digest verification failed: !!! /usr/portage/net-p2p/bittorrent/ChangeLog !!! Reason: Filesize does not match recorded size !!! Got: 19308 !!! Expected: 19466 Is there a new ebuild coming? wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest Does emerge --digest still exist? I recall using something like that a long time ago. I think I used it for googleforearth which never matches. Dale :-) :-)
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
On Saturday 07 March 2009 23:54:22 Dale wrote: Alan McKinnon wrote: On Saturday 07 March 2009 23:20:38 John covici wrote: Hi. I am getting digest verification failed when trying to emerge bittorrent -- it is having trouble with the Changelog file. The exact message is: !!! Digest verification failed: !!! /usr/portage/net-p2p/bittorrent/ChangeLog !!! Reason: Filesize does not match recorded size !!! Got: 19308 !!! Expected: 19466 Is there a new ebuild coming? wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest Does emerge --digest still exist? I recall using something like that a long time ago. I think I used it for googleforearth which never matches. --digest is long since gone and totally replaced with manifests. ebuild still has a --digest option, but these days it is the same as --manifest -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] getting digest verification failed when emerging bittorrent
on Saturday 03/07/2009 Dale(rdalek1...@gmail.com) wrote Alan McKinnon wrote: On Saturday 07 March 2009 23:20:38 John covici wrote: Hi. I am getting digest verification failed when trying to emerge bittorrent -- it is having trouble with the Changelog file. The exact message is: !!! Digest verification failed: !!! /usr/portage/net-p2p/bittorrent/ChangeLog !!! Reason: Filesize does not match recorded size !!! Got: 19308 !!! Expected: 19466 Is there a new ebuild coming? wait 24 hours, resync, try again. Or just re-digest the package manually: ebuild path_to_ebuild_file manifest Does emerge --digest still exist? I recall using something like that a long time ago. I think I used it for googleforearth which never matches. OK, thanks I was hoping something like that would work. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
