libgcrypt SHA256 mismatch?

Lars Eighner portsuser at larseighner.com
Thu Sep 29 01:45:25 UTC 2011 

On Wed, 28 Sep 2011, Kurt Buff wrote:

> All,
>
> I've just spun up a new 8.2-RELEASE VM, and gotten a fresh ports tree.
> I tried to install XFCE4, but it has ended with an error:
>
> ===>    Verifying install for gcrypt.18 in /usr/ports/security/libgcrypt
> ===>  License GPLv2 LGPL21 accepted by the user
> ===>  Extracting for libgcrypt-1.5.0
> => SHA256 Checksum mismatch for libgcrypt-1.5.0.tar.bz2.
> ===>  Refetch for 1 more times files: libgcrypt-1.5.0.tar.bz2
> ===>  License GPLv2 LGPL21 accepted by the user
> => libgcrypt-1.5.0.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
> => Attempting to fetch
> http://gnupg.org.favoritelinks.net/libgcrypt/libgcrypt-1.5.0.tar.bz2
> fetch: http://gnupg.org.favoritelinks.net/libgcrypt/libgcrypt-1.5.0.tar.bz2:
> size unknown
> fetch: http://gnupg.org.favoritelinks.net/libgcrypt/libgcrypt-1.5.0.tar.bz2:
> size of remote file is not known
> libgcrypt-1.5.0.tar.bz2                               4634  B 5734 kBps
> ===>  License GPLv2 LGPL21 accepted by the user
> => SHA256 Checksum mismatch for libgcrypt-1.5.0.tar.bz2.
> ===>  Giving up on fetching files: libgcrypt-1.5.0.tar.bz2
> Make sure the Makefile and distinfo file
> (/usr/ports/security/libgcrypt/distinfo)
> are up to date.  If you are absolutely sure you want to override this
> check, type "make NO_CHECKSUM=yes [other args]".
>
>
> Anyone else run into this?

The source file is being truncated because fetch loses its connection for
one reason or another.  Many servers now cut you off if you are at dial-up
speeds because "net fairness" means broadband users always go to the front
of the line.

You can make a shell script to fetch the file and keep running it until you
finally get the whole file a piece at a time or you can try ftp.  When you
have the whole source file (check it against distinfo) place it in
/usr/ports/distfiles. Things should go fine.

"Checksum mismatch" nearly always means a truncated file.  I cannot ever
remember seeing it otherwise.  Do not override it with NO_CHECKSUM.  That
will be useless with a truncated file and worse than useless if a security
port really has been tampered with.


-- 
Lars Eighner
http://www.larseighner.com/index.html
8800 N IH35 APT 1191 AUSTIN TX 78753-5266

More information about the freebsd-questions mailing list