Strange package checksum report
Garrett Wollman
wollman at bimajority.org
Sun Jan 25 03:03:36 UTC 2015
<<On Sun, 25 Jan 2015 02:47:12 +0100, Dag-Erling Smørgrav <des at des.no> said:
> Garrett Wollman <wollman at csail.mit.edu> writes:
>> Checking for packages with mismatched checksums:
>> p5-XML-SAX-0.99_2: /usr/local/lib/perl5/site_perl/XML/SAX/ParserDetails.ini
> This file is updated whenever you install or remove a SAX parser, so
> this is expected. There are at least half a dozen different Perl SAX
> implementations in the ports tree.
So perhaps this file should be treated as, um, whatever our equivalent
of a "conffile" is from dpkg-land.
> These are Pyhon bytecode files. They are automatically regenerated if
> you have write access to them and Python thinks they are stale when it
> tries to load them. Apparently, Python's definition of "stale" is
> slightly more complex than just comparing timestamps; they are one of
> the reasons why Baptiste gave up reproducible package builds.
That's unfortunate. Perhaps either Python can be trained to write
updated copies somewhere else? Or maybe we can generate them
at package installation rather than shipping pregenerated versions?
(Would slow down builds of dependent packages, but those are the
breaks.)
> Is your clock synchronized with NTP? Is this a VM? What is the
> underlying filesystem?
Yes, on all machines; no; and ZFS.
-GAWollman
More information about the freebsd-security
mailing list