1 |
Duncan wrote: |
2 |
> Mike Williams <mike@××××××××.uk> posted |
3 |
> 200607311656.36538.mike@××××××××.uk, excerpted below, on Mon, 31 Jul 2006 |
4 |
> 16:56:35 +0100: |
5 |
> |
6 |
>> On Monday 31 July 2006 16:47, Atoms wrote: |
7 |
>>>>> Nope. Works fine here. |
8 |
>>>> Okay, next question is, how do I clean portage up (sanely) to allow a |
9 |
>>>> re-download of the ebuild? |
10 |
>>> just do `ebuild |
11 |
>>> /usr/portage/www-client/mozilla-firefox/mozilla-firefox-1.5.0.5.ebuild |
12 |
>>> digest` and then emerge |
13 |
>> Err, no! |
14 |
>> The size didn't match for a reason. |
15 |
>> |
16 |
>> Delete the ebuild, and sync again. From a different mirror if possible. |
17 |
> |
18 |
> My reaction too -- don't just blindly digest and emerge unless you are |
19 |
> quite sure it's safe to do so (a dev explains it or you check viewcvs and |
20 |
> verify that the one there is the same, plus verify that the ebuild isn't |
21 |
> doing anything weird like retrieving "special" source |
22 |
> from warez.and.crakz.r.us or the like). |
23 |
> |
24 |
> THE WARNING ABOVE, INCORRECT SIZE OR OTHER FAILURE TO VERIFY, COULD |
25 |
> INDICATE A SECURITY ISSUE. SIMPLY REDIGESTING THE FAILED PACKAGE BYPASSES |
26 |
> THE CHECKS AND COULD LEAVE YOUR GENTOO MACHINE CRACKED WIDE OPEN AND NO |
27 |
> LONGER UNDER YOUR CONTROL!! |
28 |
> |
29 |
> I apologize for shouting, but your computer's security may depend on it. |
30 |
> Don't do something stupid! |
31 |
> |
32 |
> In actuality, it's much more likely simply broken or even an entirely |
33 |
> harmless difference like a missing newline or the like. However, you |
34 |
> can't KNOW that, and with various server in the FLOSS community having |
35 |
> already been found compromised, we know the crackers are trying, and it's |
36 |
> not out of the realm of possibility that a Gentoo server could be |
37 |
> compromised at some point. Thus, don't do something you might regret. |
38 |
> Either hand verify the ebuild if you know how to, or wait a few hours to a |
39 |
> day or two and the problem will probably have been resolved (or better, |
40 |
> file a bug and report it, asking if it's legit). |
41 |
> |
42 |
|
43 |
Since I'm not as up to speed as I really want to be on manipulating |
44 |
ebuilds and portage, I simply deleted the ebuild and re-sync'd, this one |
45 |
came down fine and is compiling now. I thought about a bug report, but |
46 |
I felt that to be too extreme a measure if I was the only person seeing |
47 |
the problem. However, the information on the possible security issues |
48 |
is quite appreciated, that method of infiltration never occurred to me, |
49 |
so I will be even more careful from now on with this. |
50 |
|
51 |
|
52 |
|
53 |
|
54 |
-- |
55 |
Fere libenter homines id quod volunt credunt. |
56 |
|
57 |
Mark Haney |
58 |
Sr. Systems Administrator |
59 |
ERC Broadband |
60 |
(828) 350-2415 |
61 |
-- |
62 |
gentoo-amd64@g.o mailing list |