Discussion:
pkg/49220: devel/deforaos-libsystem distfile checksum error
k***@munnari.OZ.AU
2014-09-19 10:50:00 UTC
Permalink
Number: 49220
Category: pkg
Synopsis: devel/deforaos-libsystem distfile checksum error
Confidential: no
Severity: serious
Priority: medium
Responsible: pkg-manager
State: open
Class: sw-bug
Submitter-Id: net
Arrival-Date: Fri Sep 19 10:50:00 +0000 2014
Originator: Robert Elz
Release: NetBSD 6.99.30 (irrelevant) (pkgsrc current (HEAD) 2014-09-19)
Prince of Songkla University
System: NetBSD munnari.OZ.AU 6.99.30 NetBSD 6.99.30 (MUNNARI-DomU) #0: Mon Feb 3 19:19:20 ICT 2014 ***@onyx.coe.psu.ac.th:/usr/obj/current/kernels/amd64/MUNNARI-DomU amd64
Architecture: x86_64
Machine: amd64
The distinfo file for devel/deforaos-libsystem expects the
distfile to be 60538 - the file fetched is actually 60539
bytes ... needless to say the checksums do not match.
mv ..../distfiles/libSystem-0.2.0.tar.gz /somewhere/safe/.
cd ..../pkgsrc/devel/deforaos-libsystem
make checksum
Find out what changed in the distfile from the version that was
used to build the package, to the version that is being
distributed now, and assuming the change is benign, update
the distinfo file (given the timing of this problem compared
with the package update, I doubt anyone but the updater has the
original distfile, so neither a DIST_SUBDIR nor a revbump
should be needed). Certainly f.n.o didn't manage to fetch the
original distfile, which suggests that it changed on the master
site before the update to the package was actually committed.

Should it appear that the distfile has been hacked (or similar)
report it upstream, and put the original on f.n.o
r***@NetBSD.org
2014-09-23 07:02:34 UTC
Permalink
Synopsis: devel/deforaos-libsystem distfile checksum error

Responsible-Changed-From-To: pkg-manager->khorben
Responsible-Changed-By: ***@NetBSD.org
Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
Responsible-Changed-Why:
Over to maintainer
Pierre Pronchery
2014-09-23 16:58:26 UTC
Permalink
Post by r***@NetBSD.org
Synopsis: devel/deforaos-libsystem distfile checksum error
Responsible-Changed-From-To: pkg-manager->khorben
Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
Over to maintainer
Thanks for the report, I'm having a look...
--
khorben
Pierre Pronchery
2014-09-23 17:05:01 UTC
Permalink
The following reply was made to PR pkg/49220; it has been noted by GNATS.

From: Pierre Pronchery <***@netbsd.org>
To: gnats-***@NetBSD.org
Cc: ***@NetBSD.org, pkg-***@netbsd.org, pkgsrc-***@netbsd.org,
gnats-***@netbsd.org, ***@munnari.OZ.AU
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Tue, 23 Sep 2014 18:58:26 +0200
Post by r***@NetBSD.org
Synopsis: devel/deforaos-libsystem distfile checksum error
Responsible-Changed-From-To: pkg-manager->khorben
Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
Over to maintainer
Thanks for the report, I'm having a look...

--
khorben
Pierre Pronchery
2014-09-23 17:10:56 UTC
Permalink
Post by Pierre Pronchery
The following reply was made to PR pkg/49220; it has been noted by GNATS.
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Tue, 23 Sep 2014 18:58:26 +0200
Post by r***@NetBSD.org
Synopsis: devel/deforaos-libsystem distfile checksum error
Responsible-Changed-From-To: pkg-manager->khorben
Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
Over to maintainer
Thanks for the report, I'm having a look...
The original size on the server is 60538 bytes, while the SHA1 sum is
c264070ff4034fbdc97aae3f7e694f84e7898365 as found in the distinfo file.
The distinfo file is therefore correct.

However, there seems to be a problem with the server-side code serving
this file with some clients in particular. Mozilla Firefox 24 issues me
a doubly gzip-encoded file, which is obviously wrong.

I am therefore keeping this bug report open while I try to fix the issue
with the server.

Sorry for the inconvenience,
--
khorben
Pierre Pronchery
2014-09-23 17:15:01 UTC
Permalink
The following reply was made to PR pkg/49220; it has been noted by GNATS.

From: Pierre Pronchery <***@netbsd.org>
To: gnats-***@NetBSD.org
Cc: gnats-***@netbsd.org, pkgsrc-***@netbsd.org, ***@munnari.OZ.AU
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Tue, 23 Sep 2014 19:10:56 +0200
Post by Pierre Pronchery
The following reply was made to PR pkg/49220; it has been noted by GNATS.
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Tue, 23 Sep 2014 18:58:26 +0200
Post by r***@NetBSD.org
Synopsis: devel/deforaos-libsystem distfile checksum error
Responsible-Changed-From-To: pkg-manager->khorben
Responsible-Changed-When: Tue, 23 Sep 2014 07:02:34 +0000
Over to maintainer
Thanks for the report, I'm having a look...
The original size on the server is 60538 bytes, while the SHA1 sum is
c264070ff4034fbdc97aae3f7e694f84e7898365 as found in the distinfo file.
The distinfo file is therefore correct.

However, there seems to be a problem with the server-side code serving
this file with some clients in particular. Mozilla Firefox 24 issues me
a doubly gzip-encoded file, which is obviously wrong.

I am therefore keeping this bug report open while I try to fix the issue
with the server.

Sorry for the inconvenience,
--
khorben
Robert Elz
2014-09-24 03:30:01 UTC
Permalink
The following reply was made to PR pkg/49220; it has been noted by GNATS.

From: Robert Elz <***@munnari.OZ.AU>
To: gnats-***@NetBSD.org
Cc:
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Wed, 24 Sep 2014 10:24:54 +0700

Date: Tue, 23 Sep 2014 17:15:01 +0000 (UTC)
From: Pierre Pronchery <***@netbsd.org>
Message-ID: <***@mollari.NetBSD.org>

| I am therefore keeping this bug report open while I try to fix the issue
| with the server.

That's fine - if it matters, my client was the normal pkgsrc ftp (from
6.99.something). There is no urgency about fixing this for me, I just
fetch every distfile there is to fetch (kind of like f.n.o does, except
I also fetch the non-redistributable ones).

kre
Robert Elz
2014-09-24 14:50:01 UTC
Permalink
The following reply was made to PR pkg/49220; it has been noted by GNATS.

From: Robert Elz <***@munnari.OZ.AU>
To: gnats-***@NetBSD.org
Cc:
Subject: Re: pkg/49220 (devel/deforaos-libsystem distfile checksum error)
Date: Wed, 24 Sep 2014 21:44:05 +0700

Date: Tue, 23 Sep 2014 17:15:01 +0000 (UTC)
From: Pierre Pronchery <***@netbsd.org>
Message-ID: <***@mollari.NetBSD.org>

| However, there seems to be a problem with the server-side code serving
| this file with some clients in particular. Mozilla Firefox 24 issues me
| a doubly gzip-encoded file, which is obviously wrong.

I did a little more investigating too ... if I use wget to fetch it
comes correctly - with whatever pkgsrc uses by default (either the
standard ftp client, or something using libfetch - whatever it is) the
sole difference (that makes the sizes different, and alters the checksum)
is that a '1' (0x31) is appended to the file. gzip just says
trailing garbage ignored
and otherwise unpacks the file (seemingly) fine (I have not tried to
untar it to verify, but it is likely to be OK).

Maybe someone might recognise what might be appending a '1' at the end of
a file fetched using ftp (or whatever) using HTTP (port 80) - or what the
server might be doing, which apparently depends upon the client, that would
cause the file to get sent differently.

kre

Loading...