| View previous topic :: View next topic |
| Author |
Message |
stroopwafel
n00b
Joined: 03 Nov 2023
Posts: 3
|
 Posted: Sun Dec 03, 2023 6:04 pm Post subject: Proper Method of Bypassing Ebuild Verification |
 |
|
I have attempted to build gui-apps/fuzzel and gui-apps/yambar on two different amd64 computers but have received this message during each attempt:
| Code: | gentoo / # emerge gui-apps/fuzzel::wayland-desktop gui-apps/yambar::wayland-desktop
Calculating dependencies... done!
Dependency resolution took 14.84 s (backtrack: 0/20).
>>> Verifying ebuild manifests
>>> Emerging (1 of 2) gui-apps/fuzzel-1.6.5::wayland-desktop
* Fetching files in the background.
* To view fetch progress, run in another terminal:
* tail -f /var/log/emerge-fetch.log
>>> Downloading 'https://mirrors.mit.edu/gentoo-distfiles/distfiles/95/fuzzel-1.6.5.tar.gz'
--2023-12-03 12:59:29-- https://mirrors.mit.edu/gentoo-distfiles/distfiles/95/fuzzel-1.6.5.tar.gz
Resolving mirrors.mit.edu... 18.7.29.125
Connecting to mirrors.mit.edu|18.7.29.125|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-12-03 12:59:29 ERROR 404: Not Found.
>>> Downloading 'https://codeberg.org/dnkl/fuzzel/archive/1.6.5.tar.gz'
--2023-12-03 12:59:29-- https://codeberg.org/dnkl/fuzzel/archive/1.6.5.tar.gz
Resolving codeberg.org... 2001:67c:1401:20f0::1, 217.197.91.145
Connecting to codeberg.org|2001:67c:1401:20f0::1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 388085 (379K) [application/octet-stream]
Saving to: ‘/var/cache/distfiles/fuzzel-1.6.5.tar.gz.__download__’
/var/cache/distfile 100%[===================>] 378.99K 505KB/s in 0.7s
2023-12-03 12:59:30 (505 KB/s) - ‘/var/cache/distfiles/fuzzel-1.6.5.tar.gz.__download__’ saved [388085/388085]
!!! Fetched file: fuzzel-1.6.5.tar.gz VERIFY FAILED!
!!! Reason: Filesize does not match recorded size
!!! Got: 388085
!!! Expected: 389275
Refetching... File renamed to '/var/cache/distfiles/fuzzel-1.6.5.tar.gz._checksum_failure_.tzviruim'
!!! Couldn't download 'fuzzel-1.6.5.tar.gz'. Aborting.
* Fetch failed for 'gui-apps/fuzzel-1.6.5', Log file:
* '/var/tmp/portage/gui-apps/fuzzel-1.6.5/temp/build.log'
>>> Failed to emerge gui-apps/fuzzel-1.6.5, Log file:
>>> '/var/tmp/portage/gui-apps/fuzzel-1.6.5/temp/build.log'
*** Resuming merge...
Calculating dependencies... done!
Dependency resolution took 14.67 s.
>>> Emerging (1 of 1) gui-apps/yambar-1.7.0::wayland-desktop
* Fetching files in the background.
* To view fetch progress, run in another terminal:
* tail -f /var/log/emerge-fetch.log
>>> Downloading 'https://mirrors.mit.edu/gentoo-distfiles/distfiles/f7/yambar-1.7.0.tar.gz'
--2023-12-03 12:59:50-- https://mirrors.mit.edu/gentoo-distfiles/distfiles/f7/yambar-1.7.0.tar.gz
Resolving mirrors.mit.edu... 18.7.29.125
Connecting to mirrors.mit.edu|18.7.29.125|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-12-03 12:59:51 ERROR 404: Not Found.
>>> Downloading 'https://codeberg.org/dnkl/yambar/archive/1.7.0.tar.gz'
--2023-12-03 12:59:51-- https://codeberg.org/dnkl/yambar/archive/1.7.0.tar.gz
Resolving codeberg.org... 2001:67c:1401:20f0::1, 217.197.91.145
Connecting to codeberg.org|2001:67c:1401:20f0::1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 149562 (146K) [application/octet-stream]
Saving to: ‘/var/cache/distfiles/yambar-1.7.0.tar.gz.__download__’
/var/cache/distfile 100%[===================>] 146.06K 353KB/s in 0.4s
2023-12-03 12:59:52 (353 KB/s) - ‘/var/cache/distfiles/yambar-1.7.0.tar.gz.__download__’ saved [149562/149562]
!!! Fetched file: yambar-1.7.0.tar.gz VERIFY FAILED!
!!! Reason: Filesize does not match recorded size
!!! Got: 149562
!!! Expected: 148762
Refetching... File renamed to '/var/cache/distfiles/yambar-1.7.0.tar.gz._checksum_failure_.x8_uerh4'
!!! Couldn't download 'yambar-1.7.0.tar.gz'. Aborting.
* Fetch failed for 'gui-apps/yambar-1.7.0', Log file:
* '/var/tmp/portage/gui-apps/yambar-1.7.0/temp/build.log'
>>> Failed to emerge gui-apps/yambar-1.7.0, Log file:
>>> '/var/tmp/portage/gui-apps/yambar-1.7.0/temp/build.log'
* Messages for package gui-apps/fuzzel-1.6.5:
* Fetch failed for 'gui-apps/fuzzel-1.6.5', Log file:
* '/var/tmp/portage/gui-apps/fuzzel-1.6.5/temp/build.log'
* Messages for package gui-apps/yambar-1.7.0:
* Fetch failed for 'gui-apps/yambar-1.7.0', Log file:
* '/var/tmp/portage/gui-apps/yambar-1.7.0/temp/build.log'
*
* The following 2 packages have failed to build, install, or execute
* postinst:
*
* (gui-apps/fuzzel-1.6.5:0/0::wayland-desktop, ebuild scheduled for merge), Log file:
* '/var/tmp/portage/gui-apps/fuzzel-1.6.5/temp/build.log'
* (gui-apps/yambar-1.7.0:0/0::wayland-desktop, ebuild scheduled for merge), Log file:
* '/var/tmp/portage/gui-apps/yambar-1.7.0/temp/build.log'
* |
What is the correct approach one should use to work around such a problem? |
|
| Back to top |
|
 |
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Sun Dec 03, 2023 6:10 pm Post subject: |
|
|
Welcome to the forums.
Why do you want to bypass verification? Do you believe that the verification step is incorrect in claiming that these downloads are not what they are expected to be?
As I read the output, there are two problems with these ebuilds. First, they failed to set RESTRICT=mirror, so Portage expects to find the sources on the Gentoo mirrors, but the sources are not on the mirrors. Second, they refer to a download URL which does not serve the content that the ebuild expects to find. This can happen through upstream negligence (changing a file and reusing an old URL), through corruption on the hosting server, or through malicious intervention. While the first is the most likely, you should not idly override this. I suggest you contact the maintainer of the overlay that provided these ebuilds and ask them to update their manifest for the new contents. |
|
| Back to top |
|
|
stroopwafel
n00b
Joined: 03 Nov 2023
Posts: 3
|
| Posted: Sun Dec 03, 2023 6:17 pm Post subject: |
|
|
| Thank you for your response. I have wanted to bypass verification so that I am able to install and use them in my desktop environment. Do I need to have portage know that these packages are coming from a third-party source, is that why it is connecting to the other domain first? Is this where the conflicting file size is being recorded from? |
|
| Back to top |
|
|
spica
Apprentice
Joined: 04 Jun 2021
Posts: 287
|
| Posted: Sun Dec 03, 2023 7:23 pm Post subject: |
|
|
| Code: | | ebuild blah.ebuild manifest |
You can not skip digest verification.
If you want to continue to use that overlay then you need to tell the owners that you observe digest verification error
Or simply grab ebuild into your local repo and regenerate Manifest file, this way you start maintaining own ebuild |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Sun Dec 03, 2023 7:37 pm Post subject: |
|
|
| stroopwafel wrote: | | I have wanted to bypass verification so that I am able to install and use them in my desktop environment. Do I need to have portage know that these packages are coming from a third-party source, is that why it is connecting to the other domain first? |
As I said, the ebuild did not state that its sources will not be found on the mirrors (via RESTRICT=mirror), so Portage presumes the sources can be found there, and starts there. This presumption would be valid if this ebuild were a private fork of a package that is available at the same version level in Portage. That can happen if someone wants an ebuild that is more featureful than the Gentoo ebuild of the package. That is not your use case. You want to run a package which is not in Gentoo Portage at all. Sources are only on the mirrors for packages that are in Gentoo Portage. Suppressing this search would be good to do, and is properly done in the ebuild, not as a directive that you as the end user need to set in your local configuration.
I understood that you wanted to bypass it to let you install it. People do not generally build things just to throw them away (except for tinderbox operators). My point was: why do you think that this safety mechanism is wrong, and that bypassing it is the right solution? Even if the mismatch is due to upstream behaving poorly but not maliciously, if the manifest mismatches, there is no guarantee that the file served to you works the same as the file with which the ebuild was developed. | stroopwafel wrote: | | Is this where the conflicting file size is being recorded from? |
No. The conflict is because the overlay's ebuild maintainer set a Manifest that advertises a different size than what upstream is actually serving. As I stated above, this can be because upstream swapped out their files (a poor practice, which they should not do) or because of tampering. It could also be a mistake by the ebuild maintainer, and upstream never offered a file that matches this Manifest. Regardless, the proper solution is to have the ebuild maintainer correct the Manifest in the overlay, hopefully after doing due diligence to determine that the file now served is both intended and works correctly with the ebuild as written.
spica's command will do the bypass exactly as you ask, with no regard to whether this is the right course of action. Root is always right, after all. |
|
| Back to top |
|
|
stroopwafel
n00b
Joined: 03 Nov 2023
Posts: 3
|
| Posted: Sun Dec 03, 2023 9:11 pm Post subject: |
|
|
I have decided to build from upstream. Each package works as expected.
gui-apps/fuzzel::wayland-desktop gave error:
| Code: | gentoo /var/db/repos/local/gui-apps/fuzzel # ebuild fuzzel-1.6.5.ebuild manifest
* ERROR: gui-apps/fuzzel-1.6.5::local failed (depend phase):
* External commands disallowed while sourcing ebuild: usex png libpng none
*
* Call stack:
* ebuild.sh, line 628: Called source '/var/db/repos/local/gui-apps/fuzzel/fuzzel-1.6.5.ebuild'
* fuzzel-1.6.5.ebuild, line 1: Called command_not_found_handle 'usex' 'png' 'libpng' 'none'
* ebuild.sh, line 100: Called die
* The specific snippet of code:
* die "External commands disallowed while sourcing ebuild: ${*}"
*
* If you need support, post the output of `emerge --info '=gui-apps/fuzzel-1.6.5::local'`,
* the complete build log and the output of `emerge -pqv '=gui-apps/fuzzel-1.6.5::local'`.
* The ebuild environment file is located at '/var/tmp/portage/gui-apps/fuzzel-1.6.5/temp/die.env'.
* Working directory: '/usr/lib/python3.11/site-packages'
* S: '/var/tmp/portage/gui-apps/fuzzel-1.6.5/work/fuzzel-1.6.5'
/var/db/repos/local/gui-apps/fuzzel/fuzzel-1.6.5.ebuild: trap: line 2: unexpected EOF while looking for matching `)'
/var/db/repos/local/gui-apps/fuzzel/fuzzel-1.6.5.ebuild: line 1: unexpected EOF while looking for matching `)'
* ERROR: gui-apps/fuzzel-1.6.5::local failed (depend phase):
* error sourcing ebuild
*
* Call stack:
* ebuild.sh, line 628: Called die
* The specific snippet of code:
* source "${EBUILD}" || die "error sourcing ebuild"
*
* If you need support, post the output of `emerge --info '=gui-apps/fuzzel-1.6.5::local'`,
* the complete build log and the output of `emerge -pqv '=gui-apps/fuzzel-1.6.5::local'`.
* The ebuild environment file is located at '/var/tmp/portage/gui-apps/fuzzel-1.6.5/temp/die.env'.
* Working directory: '/usr/lib/python3.11/site-packages'
* S: '/var/tmp/portage/gui-apps/fuzzel-1.6.5/work/fuzzel-1.6.5' |
gui-apps/yambar::wayland-desktop had something very similar. Thank you for the help. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Sun Dec 03, 2023 11:06 pm Post subject: |
|
|
It looks like those ebuilds are broken. As I read /usr/lib/portage/python3.11/phase-helpers.sh, the most likely explanation would be that the ebuild set an EAPI that does not provide usex, but used usex anyway. This would be a bug in the ebuild, which should be reported to its maintainer.
It is also possible that the error is that usex is not legal in this scope, and is intentionally undefined as a result. That too would be an ebuild bug.
Since you never linked to the ebuild or showed its contents, there is little we can do to debug this. A quick search for fuzzel ebuild leads me to various ebuilds that appear to be notably newer than the one you are trying to use. Perhaps you got this from an outdated repository that has been abandoned. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Unsupported Software
