| 1 |
Mark Knecht posted |
| 2 |
<5bdc1c8b0603021524m572eedf7x18e22e51a1274d08@××××××××××.com>, excerpted |
| 3 |
below, on Thu, 02 Mar 2006 15:24:07 -0800: |
| 4 |
|
| 5 |
>>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to / |
| 6 |
> !!! Security Violation: A file exists that is not in the manifest. |
| 7 |
> !!! File: files/digest-baselayout-1.12.0_pre16-r2 |
| 8 |
> lightning ~ # |
| 9 |
> |
| 10 |
> What's the proper way to take care of this? |
| 11 |
|
| 12 |
Depends on how paranoid you are. While it could be someone trying to |
| 13 |
crack the Gentoo ecosystem, it's far more likely to be a simple mis-sync |
| 14 |
-- either you or the upstream rsync server you used happened to sync at |
| 15 |
just the wrong moment and get a modification in progress, with the file |
| 16 |
there but the manifest not yet updated to reflect it. It could also be |
| 17 |
due to a dev partial-syncing, with the same results. |
| 18 |
|
| 19 |
If you are willing to play the odds, you can just ebuild digest (see |
| 20 |
the ebuild manpage if necessary) the thing and it'll fix the issue on your |
| 21 |
system. If you are security conscious enough to not be comfortable doing |
| 22 |
that (I certainly wouldn't be -- those manifests are there for a reason, |
| 23 |
and it /could/ be a cracker trying something, even if rather unlikely), |
| 24 |
wait a minimum 90 minutes between syncs, and try another emerge --sync. |
| 25 |
Hopefully by then the problem will have corrected itself, or you'll get a |
| 26 |
different sync server assigned that doesn't have the problem. |
| 27 |
|
| 28 |
If the issue still exists several hours later, after a resync, check the |
| 29 |
logs and verify the servers you are syncing with, then file a bug on |
| 30 |
either the rsync server or baselayout, as it's something that needs fixed, |
| 31 |
still most likely a dev accident, but getting more likely it's a real |
| 32 |
security issue. |
| 33 |
|
| 34 |
That assumes nothing irregular at your end, like you added that subdir in |
| 35 |
your rsync-excludes file or something, but then again, if you'd done that, |
| 36 |
you'd likely know that was the reason without asking. That would be a bit |
| 37 |
hard to do by accident. =8^) |
| 38 |
|
| 39 |
-- |
| 40 |
Duncan - List replies preferred. No HTML msgs. |
| 41 |
"Every nonfree program has a lord, a master -- |
| 42 |
and if you use the program, he is your master." Richard Stallman in |
| 43 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
| 44 |
|
| 45 |
|
| 46 |
-- |
| 47 |
gentoo-amd64@g.o mailing list |
Archives