Repeated downloads from SUN JAVA (see URL above) for 1.4.2-10 results in the following outputs. If Sun can't get their act together, I'm thinking that we should mark 1.4.2-10 as 'unstable' and go back to 1.4.2-09. # links http://javashoplm.sun.com/ECom/docs/Welcome.jsp?StoreId=22&PartDetailId=j2sdk-1.4.2_10-oth-JPR&SiteId=JSC&TransactionId=noreg # mv j2sdk-1_4_2_10-linux-i586.bin /usr/portage/distfiles/ # emerge sun-jdk Calculating dependencies ...done! >>> emerge (1 of 1) dev-java/sun-jdk-1.4.2.10 to / !!! Security Violation: A file exists that is not in the manifest. !!! File: files/sun-jdk-1.5.0.05
This does not have anything to do with Sun. >>> emerge (1 of 1) dev-java/sun-jdk-1.4.2.10 to / !!! Security Violation: A file exists that is not in the manifest. !!! File: files/sun-jdk-1.5.0.05 This means that there is an extra file in the Manifest file which is used to record hashes of files for security purposes. Sometimes our mirroring starts at the same time as a CVS commit is going on which results in a security violation because the tree does not reflect CVS properly. Please try emerge sync again and reopen if this problem still exists.
Thank you for the concise detail. This 'emerge sync' Security Violation has been happening to several different packages across my many Gentoo 2005.1 platforms over the last few remaining days of 2005... Wondered if there is a pending bug and/or fix for some kind of critical section/transactional transition and/or protection against these messages against the described CVS commit vs. tree-update?