Redoing eix-sync a few times over the last couple of hours and now
it's cleaned up.
On 3/2/06, Duncan <1i5t5.duncan@...> wrote:
> Mark Knecht posted
> <5bdc1c8b0603021524m572eedf7x18e22e51a1274d08@...>, excerpted
> below, on Thu, 02 Mar 2006 15:24:07 -0800:
> >>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to /
> > !!! Security Violation: A file exists that is not in the manifest.
> > !!! File: files/digest-baselayout-1.12.0_pre16-r2
> > lightning ~ #
> > What's the proper way to take care of this?
> Depends on how paranoid you are. While it could be someone trying to
> crack the Gentoo ecosystem, it's far more likely to be a simple mis-sync
> -- either you or the upstream rsync server you used happened to sync at
> just the wrong moment and get a modification in progress, with the file
> there but the manifest not yet updated to reflect it. It could also be
> due to a dev partial-syncing, with the same results.
> If you are willing to play the odds, you can just ebuild digest (see
> the ebuild manpage if necessary) the thing and it'll fix the issue on your
> system. If you are security conscious enough to not be comfortable doing
> that (I certainly wouldn't be -- those manifests are there for a reason,
> and it /could/ be a cracker trying something, even if rather unlikely),
> wait a minimum 90 minutes between syncs, and try another emerge --sync.
> Hopefully by then the problem will have corrected itself, or you'll get a
> different sync server assigned that doesn't have the problem.
> If the issue still exists several hours later, after a resync, check the
> logs and verify the servers you are syncing with, then file a bug on
> either the rsync server or baselayout, as it's something that needs fixed,
> still most likely a dev accident, but getting more likely it's a real
> security issue.
> That assumes nothing irregular at your end, like you added that subdir in
> your rsync-excludes file or something, but then again, if you'd done that,
> you'd likely know that was the reason without asking. That would be a bit
> hard to do by accident. =8^)
> Duncan - List replies preferred. No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master." Richard Stallman in
> firstname.lastname@example.org mailing list
email@example.com mailing list