1 |
Mark Knecht posted |
2 |
<5bdc1c8b0603021524m572eedf7x18e22e51a1274d08@××××××××××.com>, excerpted |
3 |
below, on Thu, 02 Mar 2006 15:24:07 -0800: |
4 |
|
5 |
>>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to / |
6 |
> !!! Security Violation: A file exists that is not in the manifest. |
7 |
> !!! File: files/digest-baselayout-1.12.0_pre16-r2 |
8 |
> lightning ~ # |
9 |
> |
10 |
> What's the proper way to take care of this? |
11 |
|
12 |
Depends on how paranoid you are. While it could be someone trying to |
13 |
crack the Gentoo ecosystem, it's far more likely to be a simple mis-sync |
14 |
-- either you or the upstream rsync server you used happened to sync at |
15 |
just the wrong moment and get a modification in progress, with the file |
16 |
there but the manifest not yet updated to reflect it. It could also be |
17 |
due to a dev partial-syncing, with the same results. |
18 |
|
19 |
If you are willing to play the odds, you can just ebuild digest (see |
20 |
the ebuild manpage if necessary) the thing and it'll fix the issue on your |
21 |
system. If you are security conscious enough to not be comfortable doing |
22 |
that (I certainly wouldn't be -- those manifests are there for a reason, |
23 |
and it /could/ be a cracker trying something, even if rather unlikely), |
24 |
wait a minimum 90 minutes between syncs, and try another emerge --sync. |
25 |
Hopefully by then the problem will have corrected itself, or you'll get a |
26 |
different sync server assigned that doesn't have the problem. |
27 |
|
28 |
If the issue still exists several hours later, after a resync, check the |
29 |
logs and verify the servers you are syncing with, then file a bug on |
30 |
either the rsync server or baselayout, as it's something that needs fixed, |
31 |
still most likely a dev accident, but getting more likely it's a real |
32 |
security issue. |
33 |
|
34 |
That assumes nothing irregular at your end, like you added that subdir in |
35 |
your rsync-excludes file or something, but then again, if you'd done that, |
36 |
you'd likely know that was the reason without asking. That would be a bit |
37 |
hard to do by accident. =8^) |
38 |
|
39 |
-- |
40 |
Duncan - List replies preferred. No HTML msgs. |
41 |
"Every nonfree program has a lord, a master -- |
42 |
and if you use the program, he is your master." Richard Stallman in |
43 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
44 |
|
45 |
|
46 |
-- |
47 |
gentoo-amd64@g.o mailing list |