Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Portage: SHA256 verification failed...
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
VoVaN
l33t
l33t


Joined: 02 Jul 2003
Posts: 667
Location: The Netherlands

PostPosted: Thu Apr 27, 2006 9:35 am    Post subject: Portage: SHA256 verification failed... Reply with quote

I'd like to try a new portage, so I upgraded portage from the latest stable to the latest ~x86 and got the problem with verifying SHA256... What could be the problem there? This version of portage works just fine on the second Gentoo box.
Back to top
View user's profile Send private message
ciaranm
Retired Dev
Retired Dev


Joined: 19 Jul 2003
Posts: 1719
Location: In Hiding

PostPosted: Thu Apr 27, 2006 9:47 am    Post subject: Reply with quote

Portage's SHA256 support is broken. See bugzie.
Back to top
View user's profile Send private message
VoVaN
l33t
l33t


Joined: 02 Jul 2003
Posts: 667
Location: The Netherlands

PostPosted: Thu Apr 27, 2006 10:07 am    Post subject: Reply with quote

ciaranm wrote:
Portage's SHA256 support is broken. See bugzie.


Thank you for that, but the strange thing, as I mentioned, that the same version of portage works fine with the same packages on the second box!
Back to top
View user's profile Send private message
ciaranm
Retired Dev
Retired Dev


Joined: 19 Jul 2003
Posts: 1719
Location: In Hiding

PostPosted: Thu Apr 27, 2006 10:21 am    Post subject: Reply with quote

VoVaN wrote:
ciaranm wrote:
Portage's SHA256 support is broken. See bugzie.


Thank you for that, but the strange thing, as I mentioned, that the same version of portage works fine with the same packages on the second box!

Same pycrypto too?
Back to top
View user's profile Send private message
VoVaN
l33t
l33t


Joined: 02 Jul 2003
Posts: 667
Location: The Netherlands

PostPosted: Thu Apr 27, 2006 10:29 am    Post subject: Reply with quote

ciaranm wrote:
VoVaN wrote:
ciaranm wrote:
Portage's SHA256 support is broken. See bugzie.


Thank you for that, but the strange thing, as I mentioned, that the same version of portage works fine with the same packages on the second box!

Same pycrypto too?


Well, I've made some more tests with both boxes. One of them has pycrypto-2.0.1-r4 another r5: both of them have problems, but with different equilds. I upgraded pycrypto on the second box... and now both of them have problems with the same set of packages ;) ,so nothing strange according the bug you mentioned.
Back to top
View user's profile Send private message
Riekr
n00b
n00b


Joined: 21 Jun 2002
Posts: 47
Location: Italy

PostPosted: Thu Apr 27, 2006 1:56 pm    Post subject: Reply with quote

same problem here..
_________________
Our continuing mission to boldly code where no one has man page 4.
Back to top
View user's profile Send private message
blank_vlad
n00b
n00b


Joined: 30 Jan 2005
Posts: 24

PostPosted: Thu Apr 27, 2006 3:31 pm    Post subject: Reply with quote

What a colossal screwup. By one count, 686 ebuilds in the Portage tree are affected and have bad SHA256 sums.

I hope nobody exploits this before it's all cleaned up. If so, someone should get a right spanking.
Back to top
View user's profile Send private message
Spielmacher
n00b
n00b


Joined: 21 Jul 2005
Posts: 13

PostPosted: Thu Apr 27, 2006 4:22 pm    Post subject: wine-0.9.12 - wrong checksum for .ebuild Reply with quote

Okay, i tried to emerge wine-0.9.12:

Code:

desktop-p4 luemmel # rm -R /usr/portage/distfiles

Code:

desktop-p4 luemmel # emerge --sync
Using PORTAGE_RSYNC_OPTS instead of hardcoded defaults
>>> Starting rsync with rsync://134.68.220.73/gentoo-portage...
>>> Checking server timestamp ...
Welcome to raven.gentoo.org

Server Address : 134.68.220.73
Contact Name   : mirror-admin@gentoo.org
Hardware       : 2 x Intel(R) Xeon(TM) CPU 1700MHz, 2176MB RAM

...

Number of files: 142007
Number of files transferred: 370
Total file size: 128392917 bytes
Total transferred file size: 932636 bytes
Literal data: 932636 bytes
Matched data: 0 bytes
File list size: 3303639
Total bytes written: 7581
Total bytes read: 4253453

wrote 7581 bytes  read 4253453 bytes  102675.52 bytes/sec
total size is 128392917  speedup is 30.13

>>> Updating Portage cache:  100%



Code:

desktop-p4 luemmel # emerge -pv wine

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N    ] app-emulation/wine-0.9.12  USE="X alsa arts cups gif glut jpeg ncurses opengl scanner truetype xml -debug -esd -jack -lcms -ldap -nas -oss" 10,475 kB

Total size of downloads: 10,475 kB

Code:

desktop-p4 luemmel # emerge wine
Calculating dependencies... done!
>>> Emerging (1 of 1) app-emulation/wine-0.9.12 to /
Adjusting permissions recursively: '/usr/portage/distfiles/'
Adjusting permissions recursively: '/usr/portage/distfiles/cvs-src'
Adjusting permissions recursively: '/usr/portage/distfiles/.locks'
>>> Downloading ftp://ftp.tu-clausthal.de/pub/linux/gentoo/distfiles/wine-0.9.12.tar.bz2
--18:07:13--  ftp://ftp.tu-clausthal.de/pub/linux/gentoo/distfiles/wine-0.9.12.tar.bz2
           => `/usr/portage/distfiles/wine-0.9.12.tar.bz2'
Resolving ftp.tu-clausthal.de... 139.174.2.36
Connecting to ftp.tu-clausthal.de|139.174.2.36|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /pub/linux/gentoo/distfiles ... done.
==> PASV ... done.    ==> RETR wine-0.9.12.tar.bz2 ... done.
Length: 10,726,811 (10M) (unauthoritative)

100%[==========================================================================>] 10,726,811    53.30K/s    ETA 00:00

18:10:33 (55.37 KB/s) - `/usr/portage/distfiles/wine-0.9.12.tar.bz2' saved [10726811]

>>> checking ebuild checksums
!!! Digest verification failed:
!!! /usr/portage/app-emulation/wine/wine-20050524.ebuild
!!! Reason: Failed on SHA256 verification
!!! Got: 6550bb13775ef6a75dc702fe6177ce1ec0679f1821d34bdf40dc2d951e5d7cfc
!!! Expected: b11869f9d5f987e2816b1c7bc90851662f748f26254c63abacfca132525a6bc1


Mod Edit: Trimmed some = to prevent horizontal scrolling - tomk
Back to top
View user's profile Send private message
TReq
n00b
n00b


Joined: 19 Aug 2004
Posts: 33

PostPosted: Thu Apr 27, 2006 5:18 pm    Post subject: Reply with quote

try deleting /usr/portage/distfiles/wine-0.9.12.tar.bz2 and fetching the file again. If it doesn't work then it should be an error with the ftp you're using.

I just tried fetching the source from http://ftp.linux.ee/pub/gentoo/distfiles/distfiles/wine-0.9.12.tar.bz2 and all the checksums are ok.


Hope this helps.
Back to top
View user's profile Send private message
bszente
Tux's lil' helper
Tux's lil' helper


Joined: 14 Feb 2005
Posts: 123
Location: Tirgu Mures, Romania

PostPosted: Thu Apr 27, 2006 6:39 pm    Post subject: Reply with quote

I have the same issue, and I get exactly the same SHA256 values on different mirrors.
I tried also your link TReq, but it generate the same error. I think the ebuild has the bug.
Back to top
View user's profile Send private message
UncleOwen
Veteran
Veteran


Joined: 27 Feb 2003
Posts: 1493
Location: Germany, Hamburg

PostPosted: Thu Apr 27, 2006 6:42 pm    Post subject: Reply with quote

See
https://bugs.gentoo.org/show_bug.cgi?id=131396
https://bugs.gentoo.org/show_bug.cgi?id=131293
Back to top
View user's profile Send private message
tomk
Bodhisattva
Bodhisattva


Joined: 23 Sep 2003
Posts: 7221
Location: Sat in front of my computer

PostPosted: Thu Apr 27, 2006 7:13 pm    Post subject: Reply with quote

Merged from here and made sticky.
_________________
Search | Read | Answer | Report | Strip
Back to top
View user's profile Send private message
ciaranm
Retired Dev
Retired Dev


Joined: 19 Jul 2003
Posts: 1719
Location: In Hiding

PostPosted: Thu Apr 27, 2006 7:26 pm    Post subject: Reply with quote

blank_vlad wrote:
I hope nobody exploits this before it's all cleaned up. If so, someone should get a right spanking.

Doesn't actually lead to anything that can be exploited that isn't already exploitable in a different manner. It's more of a pain because a) it screws over people either way when it's fixed, and b) it screws over those of us using things other than Portage that have working sha256 support.

And yes, lots of people should get a spanking for using code that fails the NIST SHA-256 validation test suite.
Back to top
View user's profile Send private message
xordan
Tux's lil' helper
Tux's lil' helper


Joined: 30 Aug 2004
Posts: 148

PostPosted: Thu Apr 27, 2006 8:35 pm    Post subject: Reply with quote

Meh, half the things I'm trying to emerge fail. Any idea how quick this'll be fixed, or what we can do to workaround the problem? (if anything)
Back to top
View user's profile Send private message
UncleOwen
Veteran
Veteran


Joined: 27 Feb 2003
Posts: 1493
Location: Germany, Hamburg

PostPosted: Thu Apr 27, 2006 8:39 pm    Post subject: Reply with quote

resync, as far as I can tell many (all?) affected files are already fixed.
Back to top
View user's profile Send private message
gimpel
Advocate
Advocate


Joined: 15 Oct 2004
Posts: 2720
Location: Munich, Bavaria

PostPosted: Thu Apr 27, 2006 8:46 pm    Post subject: Reply with quote

xordan wrote:
Meh, half the things I'm trying to emerge fail. Any idea how quick this'll be fixed, or what we can do to workaround the problem? (if anything)

lol.. i just did:
Code:
emerge -av =sys-apps/portage-2.1_pre7-r5

..of course that failed in the first place :P :)
Code:
ebuild /usr/portage/sys-apps/portage/portage-2.1_pre7-r5.ebuild digest
emerge -av =sys-apps/portage-2.1_pre7-r5
echo "=sys-apps/portage-2.1_pre9-r4" >> /etc/portage/package.mask


but running ~arch you should know that yourself...

or simply wait till the mirrors are fixed.
_________________
http://proaudio.tuxfamily.org/wiki - pro-audio software overlay
Back to top
View user's profile Send private message
bszente
Tux's lil' helper
Tux's lil' helper


Joined: 14 Feb 2005
Posts: 123
Location: Tirgu Mures, Romania

PostPosted: Thu Apr 27, 2006 8:52 pm    Post subject: Reply with quote

Emerging pycrypto-2.0.1-r5 will do the trick.
Back to top
View user's profile Send private message
Spielmacher
n00b
n00b


Joined: 21 Jul 2005
Posts: 13

PostPosted: Thu Apr 27, 2006 9:12 pm    Post subject: Reply with quote

bszente wrote:
Emerging pycrypto-2.0.1-r5 will do the trick.

Yes, pycrypto-2.0.1-r5 solved my problem.
Back to top
View user's profile Send private message
twodeko
n00b
n00b


Joined: 04 Mar 2005
Posts: 43
Location: Ames, IA

PostPosted: Thu Apr 27, 2006 9:25 pm    Post subject: Reply with quote

you just emerged that package, did an emerge --sync and now you don't have any issues?

im still having plenty of them on ~amd64.
Back to top
View user's profile Send private message
E-PaiN
n00b
n00b


Joined: 10 Feb 2006
Posts: 26
Location: the Netherlands

PostPosted: Thu Apr 27, 2006 9:37 pm    Post subject: Reply with quote

No, the problems are still there...

I've got the latest --sync (~1:30 minutes ago) and re-emerged both python and pycrypto (2.0.1-r5) and now it has succesfully emerged nautilus but fails at vino now.

I wonder if it's going to be worth staying up late for this, I want my computer to be compiling overnight so I can work on setting my distro up better tommorow. :?
Back to top
View user's profile Send private message
bszente
Tux's lil' helper
Tux's lil' helper


Joined: 14 Feb 2005
Posts: 123
Location: Tirgu Mures, Romania

PostPosted: Thu Apr 27, 2006 9:41 pm    Post subject: Reply with quote

twodeko wrote:
you just emerged that package, did an emerge --sync and now you don't have any issues?

I did this evening an emerge --sync, and I updated the ~x86 portage. After that I encounterer this SHA256 issue.
On the bugzilla I read that pycrypto-2.0.1-r5 solves the problem, so I did an emerge, and it works now. No resync is necessary.
Back to top
View user's profile Send private message
aysther
n00b
n00b


Joined: 05 Sep 2005
Posts: 68
Location: Charlotte, NC

PostPosted: Thu Apr 27, 2006 11:54 pm    Post subject: Reply with quote

I had to downgrade from dev-python/pycrypto-2.0.1-r5 to dev-python/pycrypto-2.0.1-r4 in order to build some things recently. If something doesn't work, I'd recommend just switching versions temporarily. It doesn't take too long, and hopefully there are no rammafications for doing this that I'm not aware of.
_________________
Microsoft Ceo "I'm Going to F'ing Kill Google."
Back to top
View user's profile Send private message
a7thson
Apprentice
Apprentice


Joined: 08 Apr 2006
Posts: 176
Location: your pineal gland

PostPosted: Fri Apr 28, 2006 12:28 am    Post subject: Reply with quote

Quote:
Yes, pycrypto-2.0.1-r5 solved my problem.

It didn't help me at all.
As luck would have it I chose today to do emerge -e world under gcc4.1.1/glibc-2.4-r2. I didn't realize that the source of 60% of my failed emerges was actually due to a bug in portage - I was concerned that I'd broken portage or python or both, and more concerned that re-emerging them had no discernable impact. At least I now know the cause, hopefully it will be solved..
_________________
i7-3610QM | E5-2670 | FX-8300
Back to top
View user's profile Send private message
djanderson
Tux's lil' helper
Tux's lil' helper


Joined: 24 Mar 2004
Posts: 98
Location: Boulder, CO

PostPosted: Fri Apr 28, 2006 1:25 am    Post subject: Reply with quote

bszente wrote:
I did this evening an emerge --sync, and I updated the ~x86 portage. After that I encounterer this SHA256 issue.
On the bugzilla I read that pycrypto-2.0.1-r5 solves the problem, so I did an emerge, and it works now. No resync is necessary.


As far as I could tell from the bug reports, it's pycrypto-2.0.1-r5 that's creating the problems.

I was getting problems on a lot of programs, and I think the best short term solution is:

Code:
emerge -a =dev-python/pycrypto-2.0.1-r4


That fixed everything for me.
Back to top
View user's profile Send private message
zmedico
Developer
Developer


Joined: 02 Jan 2004
Posts: 310
Location: California USA

PostPosted: Fri Apr 28, 2006 3:36 am    Post subject: Reply with quote

djanderson wrote:
As far as I could tell from the bug reports, it's pycrypto-2.0.1-r5 that's creating the problems.


In a way, yes. Unfortunately, the pycrypto-2.0.1-r5 revbump was done prematurely, without giving us time to fix the incorrect digests that were generated by <=pycrypto-2.0.1-r4. Now that the majority of the digests have been corrected, you will want to upgrade to pycrypto-2.0.1-r5 again.
_________________
Zac
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum