Portage 2.1.6.4 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.27-gentoo-r7 i686)
=================================================================
System uname: Linux-2.6.27-gentoo-r7-i686-Intel-R-_Pentium-R-_4_CPU_3.00GHz-with-glibc2.0
Timestamp of tree: Wed, 14 Jan 2009 19:45:01 +0000
app-shells/bash:     3.2_p17-r1
dev-lang/python:     2.4.4-r13
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.61-r1
sys-devel/automake:  1.10.1
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://mirror.yandex.ru/gentoo-distfiles/ "
LDFLAGS="-Wl,-O1"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://mirror.yandex.ru/gentoo-portage"
USE="acl berkdb bzip2 cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog midi mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl ssl sysfs tcpd unicode x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 2 Jeremy Olexa (darkside) (RETIRED) 2009-01-14 22:26:38 UTC

Hm, worksforme and the Manifest file hasn't been changed for 2 weeks now 

http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-db/mysql/

I suggest you try a different mirror and report back.

Comment 3 Jeroen Roovers (RETIRED) 2009-01-15 02:28:01 UTC

It's not a blocker of anything.

Comment 4 Robin Johnson 2009-01-15 05:49:22 UTC

What mirror did you get the file from? We MUST know if we are to trace it to one.
It's not on yandex, which is in your GENTOO_MIRRORS.

It's perfect on my system:
robbat2@bohr-int:~ $ sha256sum /home/gentoo/distfiles/mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  /home/gentoo/distfiles/mysql-5.0.70.tar.gz

(In reply to comment #2)
> Hm, worksforme and the Manifest file hasn't been changed for 2 weeks now 
> 
> http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-db/mysql/
> 
> I suggest you try a different mirror and report back.
> 

I tried other mirrors - result did not change:
-------------------------------------------------------------------------------------------------------------------
# emerge -v dev-db/mysql

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N    ] dev-db/mysql-5.0.70-r1  USE="berkdb perl ssl -big-tables -cluster -debug -embedded -extraengine -latin1 -max-idx-128 -minimal (-selinux) -static" 27,920 kB
[ebuild  N    ] virtual/mysql-5.0  0 kB
[ebuild  N    ] dev-perl/DBD-mysql-4.00.5  0 kB

Total: 3 packages (3 new), Size of downloads: 27,920 kB


>>> Verifying ebuild manifests

>>> Starting parallel fetch

>>> Emerging (1 of 3) dev-db/mysql-5.0.70-r1

>>> Downloading 'http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz'
--12:59:12--  http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
           => `/usr/portage/distfiles/mysql-5.0.70.tar.gz'
Resolving de-mirror.org... 87.106.91.70
Connecting to de-mirror.org|87.106.91.70|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,589,887 (27M) [application/x-gzip]

100%[=====================================================================================>] 28,589,887     1.06M/s    ETA 00:00

12:59:40 (1008.17 KB/s) - `/usr/portage/distfiles/mysql-5.0.70.tar.gz' saved [28589887/28589887]

('Failed on SHA256 verification', '37e335686d2f5998b0ae15c86f4216ddf0471462a9e3c2f5631e9cd74936176e', 'd6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325')
!!! Fetched file: mysql-5.0.70.tar.gz VERIFY FAILED!
!!! Reason: Failed on SHA256 verification
!!! Got:      37e335686d2f5998b0ae15c86f4216ddf0471462a9e3c2f5631e9cd74936176e
!!! Expected: d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325
Refetching... File renamed to '/usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.NPfZsY'

>>> Downloading 'http://mirror.provenscaling.com/mysql/enterprise/source/5.0/mysql-5.0.70.tar.gz'
--13:00:29--  http://mirror.provenscaling.com/mysql/enterprise/source/5.0/mysql-5.0.70.tar.gz
           => `/usr/portage/distfiles/mysql-5.0.70.tar.gz'
Resolving mirror.provenscaling.com... 64.34.251.140
Connecting to mirror.provenscaling.com|64.34.251.140|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,589,887 (27M) [application/x-gzip]

100%[=====================================================================================>] 28,589,887     7.71M/s    ETA 00:00

13:00:33 (7.70 MB/s) - `/usr/portage/distfiles/mysql-5.0.70.tar.gz' saved [28589887/28589887]

('Failed on SHA256 verification', 'cded4b47313d8490aec66c1b5c747156f1433a335d7976c74c046c4436695d75', 'd6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325')
!!! Fetched file: mysql-5.0.70.tar.gz VERIFY FAILED!
!!! Reason: Failed on SHA256 verification
!!! Got:      cded4b47313d8490aec66c1b5c747156f1433a335d7976c74c046c4436695d75
!!! Expected: d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325
Refetching... File renamed to '/usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.j5rJ3L'

>>> Downloading 'http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz'
--13:00:35--  http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
           => `/usr/portage/distfiles/mysql-5.0.70.tar.gz'
Resolving distro.ibiblio.org... 152.46.7.109
Connecting to distro.ibiblio.org|152.46.7.109|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,589,887 (27M) [application/x-gzip]

100%[=====================================================================================>] 28,589,887   147.38K/s    ETA 00:00

13:03:58 (138.08 KB/s) - `/usr/portage/distfiles/mysql-5.0.70.tar.gz' saved [28589887/28589887]

('Failed on SHA256 verification', '20737167dec62b64ec142793a81ea031d1cef321ae2d7a2f3b20ae2ec1484ec0', 'd6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325')
!!! Fetched file: mysql-5.0.70.tar.gz VERIFY FAILED!
!!! Reason: Failed on SHA256 verification
!!! Got:      20737167dec62b64ec142793a81ea031d1cef321ae2d7a2f3b20ae2ec1484ec0
!!! Expected: d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325
Refetching... File renamed to '/usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.j5rJ3L'

>>> Downloading 'http://cudlug.cudenver.edu/gentoo/distfiles/mysql-5.0.70.tar.gz'
--13:04:00--  http://cudlug.cudenver.edu/gentoo/distfiles/mysql-5.0.70.tar.gz
           => `/usr/portage/distfiles/mysql-5.0.70.tar.gz'
Resolving cudlug.cudenver.edu... 132.194.22.137
Connecting to cudlug.cudenver.edu|132.194.22.137|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,589,887 (27M) [application/x-gzip]

100%[=====================================================================================>] 28,589,887   354.60K/s    ETA 00:00

13:05:23 (342.25 KB/s) - `/usr/portage/distfiles/mysql-5.0.70.tar.gz' saved [28589887/28589887]

('Failed on SHA256 verification', 'f205c9d7546b5d6a2bdc8a0db27dc4b8c90ca469351d7791c714d709f1dd84d6', 'd6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325')
!!! Fetched file: mysql-5.0.70.tar.gz VERIFY FAILED!
!!! Reason: Failed on SHA256 verification
!!! Got:      f205c9d7546b5d6a2bdc8a0db27dc4b8c90ca469351d7791c714d709f1dd84d6
!!! Expected: d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325
Refetching... File renamed to '/usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.j5rJ3L'

!!! Couldn't download 'mysql-5.0.70.tar.gz'. Aborting.
 * Fetch failed for 'dev-db/mysql-5.0.70-r1', Log file:
 *  '/var/tmp/portage/dev-db/mysql-5.0.70-r1/temp/build.log'

>>> Failed to emerge dev-db/mysql-5.0.70-r1, Log file:

>>>  '/var/tmp/portage/dev-db/mysql-5.0.70-r1/temp/build.log'

 * Messages for package dev-db/mysql-5.0.70-r1:

 * Fetch failed for 'dev-db/mysql-5.0.70-r1', Log file:
 *  '/var/tmp/portage/dev-db/mysql-5.0.70-r1/temp/build.log'

(In reply to comment #4)
> What mirror did you get the file from? We MUST know if we are to trace it to
> one.
> It's not on yandex, which is in your GENTOO_MIRRORS.
> 
> It's perfect on my system:
> robbat2@bohr-int:~ $ sha256sum /home/gentoo/distfiles/mysql-5.0.70.tar.gz
> d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325 
> /home/gentoo/distfiles/mysql-5.0.70.tar.gz
> 
Look the comment #5

Comment 7 Robin Johnson 2009-01-15 10:28:10 UTC

I think sha256sum is broken on your system, or something else in your system is broken and is corrupting the files (esp because you keep getting different checksums).

Try checking the SHA1 or the RMD160:
robbat2@bohr-int:/tmp $ sha1sum mysql-5.0.70.tar.gz
8e0cc8f8ebffad8340f40b9a57dc01a9c5c3b5d7  mysql-5.0.70.tar.gz
robbat2@bohr-int:/tmp $ openssl rmd160 <mysql-5.0.70.tar.gz
3b3e654518003ddecc0b50afb608dab8754adb3b


robbat2@bohr-int:/tmp $ wget http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
--2009-01-15 02:24:04--  http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
Resolving de-mirror.org... 87.106.91.70
Connecting to de-mirror.org|87.106.91.70|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28589887 (27M) [application/x-gzip]
Saving to: `mysql-5.0.70.tar.gz'

100%[==========================================================================================================================>] 28,589,887  1.82M/s   in 18s     

2009-01-15 02:24:22 (1.54 MB/s) - `mysql-5.0.70.tar.gz' saved [28589887/28589887]

robbat2@bohr-int:/tmp $ sha256sum mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz

robbat2@bohr-int:/tmp $ wget http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
--2009-01-15 02:25:16--  http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
Resolving distro.ibiblio.org... 152.46.7.109
Connecting to distro.ibiblio.org|152.46.7.109|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28589887 (27M) [application/x-gzip]
Saving to: `mysql-5.0.70.tar.gz'

100%[==========================================================================================================================>] 28,589,887   377K/s   in 58s     

2009-01-15 02:26:14 (484 KB/s) - `mysql-5.0.70.tar.gz' saved [28589887/28589887]

robbat2@bohr-int:/tmp $ sha256sum mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz

(In reply to comment #7)
> I think sha256sum is broken on your system, or something else in your system is
> broken and is corrupting the files (esp because you keep getting different
> checksums).
> 
> Try checking the SHA1 or the RMD160:
> robbat2@bohr-int:/tmp $ sha1sum mysql-5.0.70.tar.gz
> 8e0cc8f8ebffad8340f40b9a57dc01a9c5c3b5d7  mysql-5.0.70.tar.gz
> robbat2@bohr-int:/tmp $ openssl rmd160 <mysql-5.0.70.tar.gz
> 3b3e654518003ddecc0b50afb608dab8754adb3b
> 
> 
> robbat2@bohr-int:/tmp $ wget
> http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
> --2009-01-15 02:24:04-- 
> http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
> Resolving de-mirror.org... 87.106.91.70
> Connecting to de-mirror.org|87.106.91.70|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 28589887 (27M) [application/x-gzip]
> Saving to: `mysql-5.0.70.tar.gz'
> 
> 100%[==========================================================================================================================>]
> 28,589,887  1.82M/s   in 18s     
> 
> 2009-01-15 02:24:22 (1.54 MB/s) - `mysql-5.0.70.tar.gz' saved
> [28589887/28589887]
> 
> robbat2@bohr-int:/tmp $ sha256sum mysql-5.0.70.tar.gz
> d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325 
> mysql-5.0.70.tar.gz
> 
> robbat2@bohr-int:/tmp $ wget
> http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
> --2009-01-15 02:25:16-- 
> http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
> Resolving distro.ibiblio.org... 152.46.7.109
> Connecting to distro.ibiblio.org|152.46.7.109|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 28589887 (27M) [application/x-gzip]
> Saving to: `mysql-5.0.70.tar.gz'
> 
> 100%[==========================================================================================================================>]
> 28,589,887   377K/s   in 58s     
> 
> 2009-01-15 02:26:14 (484 KB/s) - `mysql-5.0.70.tar.gz' saved
> [28589887/28589887]
> 
> robbat2@bohr-int:/tmp $ sha256sum mysql-5.0.70.tar.gz
> d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325 
> mysql-5.0.70.tar.gz
> 

Ok:
locweb tmp # wget http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
--13:38:35--  http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
           => `mysql-5.0.70.tar.gz'
Resolving de-mirror.org... 87.106.91.70
Connecting to de-mirror.org|87.106.91.70|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,589,887 (27M) [application/x-gzip]

100%[=====================================================================================>] 28,589,887     8.23M/s    ETA 00:00

13:38:38 (8.22 MB/s) - `mysql-5.0.70.tar.gz' saved [28589887/28589887]

locweb tmp # sha256sum mysql-5.0.70.tar.gz 
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz
locweb tmp # sha1sum mysql-5.0.70.tar.gz 
b3bd8d9deb70a5f43549f3432a21060abf0c1bd9  mysql-5.0.70.tar.gz
locweb tmp # openssl rmd160 mysql-5.0.70.tar.gz 
RIPEMD160(mysql-5.0.70.tar.gz)= 3b3e654518003ddecc0b50afb608dab8754adb3b

---------------------------------------------------------------------------------------------------------------------------------------------
Moreover: 

    # sha256sum /usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.NPfZsY 
    d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  /usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.NPfZsY

It's file from http://de-mirror.org/distro/gentoo/distfiles/,
but emerge saying:

    # emerge -v dev-db/mysql

    >>> Downloading 'http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz'
    --12:59:12--  http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
               => `/usr/portage/distfiles/mysql-5.0.70.tar.gz'
    Resolving de-mirror.org... 87.106.91.70
    Connecting to de-mirror.org|87.106.91.70|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 28,589,887 (27M) [application/x-gzip]     

    100%[=====================================================================================>] 28,589,887     1.06M/s    ETA 00:00
  
    12:59:40 (1008.17 KB/s) - `/usr/portage/distfiles/mysql-5.0.70.tar.gz' saved [28589887/28589887]
   
    ('Failed on SHA256 verification', '37e335686d2f5998b0ae15c86f4216ddf0471462a9e3c2f5631e9cd74936176e',   
    'd6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325')
    !!! Fetched file: mysql-5.0.70.tar.gz VERIFY FAILED!
    !!! Reason: Failed on SHA256 verification
    !!! Got:      37e335686d2f5998b0ae15c86f4216ddf0471462a9e3c2f5631e9cd74936176e
    !!! Expected: d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325
    Refetching... File renamed to '/usr/portage/distfiles/mysql-5.0.70.tar.gz._checksum_failure_.NPfZsY'
    ...

---------------------------------------------------------------------------------------------------------------------------------------------
Moreover #2 
what's this !?!? : 

locweb tmp # sha256sum mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz   (Thu Jan 15 13:53:17 MSK 2009)

locweb tmp # sha256sum mysql-5.0.70.tar.gz 
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz   (Thu Jan 15 13:53:20 MSK 2009)

locweb tmp # sha256sum mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz   (Thu Jan 15 13:53:22 MSK 2009)

locweb tmp # sha256sum mysql-5.0.70.tar.gz
a1c8790344a2b4d231e7fb457137c52a0eb6f93f3cda1ccc079d3b71b3f82aec  mysql-5.0.70.tar.gz    (Thu Jan 15 13:53:34...) --  8-] (It's the same file! )

locweb tmp # sha256sum mysql-5.0.70.tar.gz
e22f7cf54fedc51490e81ddaf2476582ef40c0fb05913fe28ef283e68649a382  mysql-5.0.70.tar.gz   (Thu Jan 15 13:53:45...) -- 8-]]]] (It's the same file! )

locweb tmp # sha256sum mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz   (Thu Jan 15 13:54:10 MSK 2009)

(In reply to comment #7)
> I think sha256sum is broken on your system, or something else in your system is
> broken and is corrupting the files (esp because you keep getting different
> checksums).
> 
> Try checking the SHA1 or the RMD160:
> robbat2@bohr-int:/tmp $ sha1sum mysql-5.0.70.tar.gz
> 8e0cc8f8ebffad8340f40b9a57dc01a9c5c3b5d7  mysql-5.0.70.tar.gz
> robbat2@bohr-int:/tmp $ openssl rmd160 <mysql-5.0.70.tar.gz
> 3b3e654518003ddecc0b50afb608dab8754adb3b
> 
> 
> robbat2@bohr-int:/tmp $ wget
> http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
> --2009-01-15 02:24:04-- 
> http://de-mirror.org/distro/gentoo/distfiles/mysql-5.0.70.tar.gz
> Resolving de-mirror.org... 87.106.91.70
> Connecting to de-mirror.org|87.106.91.70|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 28589887 (27M) [application/x-gzip]
> Saving to: `mysql-5.0.70.tar.gz'
> 
> 100%[==========================================================================================================================>]
> 28,589,887  1.82M/s   in 18s     
> 
> 2009-01-15 02:24:22 (1.54 MB/s) - `mysql-5.0.70.tar.gz' saved
> [28589887/28589887]
> 
> robbat2@bohr-int:/tmp $ sha256sum mysql-5.0.70.tar.gz
> d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325 
> mysql-5.0.70.tar.gz
> 
> robbat2@bohr-int:/tmp $ wget
> http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
> --2009-01-15 02:25:16-- 
> http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles/mysql-5.0.70.tar.gz
> Resolving distro.ibiblio.org... 152.46.7.109
> Connecting to distro.ibiblio.org|152.46.7.109|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 28589887 (27M) [application/x-gzip]
> Saving to: `mysql-5.0.70.tar.gz'
> 
> 100%[==========================================================================================================================>]
> 28,589,887   377K/s   in 58s     
> 
> 2009-01-15 02:26:14 (484 KB/s) - `mysql-5.0.70.tar.gz' saved
> [28589887/28589887]
> 
> robbat2@bohr-int:/tmp $ sha256sum mysql-5.0.70.tar.gz
> d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325 
> mysql-5.0.70.tar.gz
> 

I think the matter not in sha256sum, emerging lynx is perfect:

locweb ~ # emerge -v lynx

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  N    ] www-client/lynx-2.8.6-r2  USE="bzip2 ipv6 nls ssl unicode -cjk" LINGUAS="-ja" 2,238 kB

Total: 1 package (1 new), Size of downloads: 2,238 kB


>>> Verifying ebuild manifests

>>> Emerging (1 of 1) www-client/lynx-2.8.6-r2
>>> Downloading 'http://de-mirror.org/distro/gentoo/distfiles/lynx2.8.6rel.4.tar.bz2'
--14:24:32--  http://de-mirror.org/distro/gentoo/distfiles/lynx2.8.6rel.4.tar.bz2
           => `/usr/portage/distfiles/lynx2.8.6rel.4.tar.bz2'
Resolving de-mirror.org... 87.106.91.70
Connecting to de-mirror.org|87.106.91.70|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,291,156 (2.2M) [application/x-tar]

100%[=====================================================================================>] 2,291,156    957.21K/s             

14:24:35 (954.24 KB/s) - `/usr/portage/distfiles/lynx2.8.6rel.4.tar.bz2' saved [2291156/2291156]

 * lynx2.8.6rel.4.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                 [ ok ]
 * checking ebuild checksums ;-) ...                                                                                      [ ok ]
 * checking auxfile checksums ;-) ...                                                                                     [ ok ]
 * checking miscfile checksums ;-) ...                                                                                    [ ok ]
>>> Unpacking source...
>>> Unpacking lynx2.8.6rel.4.tar.bz2 to /var/tmp/portage/www-client/lynx-2.8.6-r2/work
>>> Source unpacked.
>>> Compiling source in /var/tmp/portage/www-client/lynx-2.8.6-r2/work/lynx2-8-6 
...

Comment 10 Robin Johnson 2009-01-16 08:25:54 UTC

Ok, so you got the same RMD160, but not the same SHA1.
Either both your SHA1 and SHA256 are broken in such a way that they are getting weird input or are being polluted, or your disk is messed.

Does the sha1+sha256 in openssl give the same weirdness?

Please do the wget to /dev/shm and check all 3 hashes there.
- if good, fsck ALL of your partitions.
- if bad, your sha1sum/sha256sum are broken.
- additionally, use the sha1+sha256 implementations from openssl as well.

(In reply to comment #10)
> Ok, so you got the same RMD160, but not the same SHA1.
> Either both your SHA1 and SHA256 are broken in such a way that they are getting
> weird input or are being polluted, or your disk is messed.
> 
> Does the sha1+sha256 in openssl give the same weirdness?
> 
> Please do the wget to /dev/shm and check all 3 hashes there.
> - if good, fsck ALL of your partitions.
> - if bad, your sha1sum/sha256sum are broken.
> - additionally, use the sha1+sha256 implementations from openssl as well.
> 

checking all 3 hashes in /dev/shm - bad

(In reply to comment #10)
> Ok, so you got the same RMD160, but not the same SHA1.
> Either both your SHA1 and SHA256 are broken in such a way that they are getting
> weird input or are being polluted, or your disk is messed.
> 
> Does the sha1+sha256 in openssl give the same weirdness?
> 
> Please do the wget to /dev/shm and check all 3 hashes there.
> - if good, fsck ALL of your partitions.
> - if bad, your sha1sum/sha256sum are broken.
> - additionally, use the sha1+sha256 implementations from openssl as well.
> 

(In reply to comment #10)
> Ok, so you got the same RMD160, but not the same SHA1.
> Either both your SHA1 and SHA256 are broken in such a way that they are getting
> weird input or are being polluted, or your disk is messed.
> 
> Does the sha1+sha256 in openssl give the same weirdness?
> 
> Please do the wget to /dev/shm and check all 3 hashes there.
> - if good, fsck ALL of your partitions.
> - if bad, your sha1sum/sha256sum are broken.
> - additionally, use the sha1+sha256 implementations from openssl as well.
> 
Hm! Problem was decided after emerging dev-libs/openssl - 
it updated from openssl-0.9.8g-r2 (which was in http://distfiles.gentoo.org/releases/x86/2008.0/stages/stage3-x86-2008.0.tar.bz2) to openssl-0.9.8j - 
First:
...
 * mysql-5.0.70.tar.gz RMD160 SHA1 SHA256 size ;-) ...                   
                                          [ ok ]
 * checking ebuild checksums ;-) ...                                           
                                          [ ok ]
 * checking auxfile checksums ;-) ...                                          
                                          [ ok ]
 * checking miscfile checksums ;-) ...                                         
                                          [ ok ]
...

Second:
locweb tmp # sha256sum mysql-5.0.70.tar.gz
d6532f623cb47100758f554b04ca14d848e3381e9848db899cc6b32dd555b325  mysql-5.0.70.tar.gz
locweb tmp # sha1sum mysql-5.0.70.tar.gz
8e0cc8f8ebffad8340f40b9a57dc01a9c5c3b5d7  mysql-5.0.70.tar.gz
locweb tmp # openssl rmd160 mysql-5.0.70.tar.gz
RIPEMD160(mysql-5.0.70.tar.gz)= 3b3e654518003ddecc0b50afb608dab8754adb3b

Comment 13 Robin Johnson 2009-01-20 20:49:22 UTC

enabiullin: thanks.

base-system: we should make sure nobody is still using the broken openssl.

releng: maybe respin the 2008.0 tarball or replace it with a non-broken openssl?

Comment 14 Andrew Gaffney (RETIRED) 2009-01-20 22:40:31 UTC

I (as a member of releng) have no desire to respin 2008.0 at this point, especially since we have many more up-to-date stages

Comment 15 SpanKY 2009-01-20 23:29:58 UTC

there really isnt anything base-system can do about it.  0.9.8j is already stable.  if you want to ask releng to update the profiles to force it, then go for it.

Comment 16 Andrew Gaffney (RETIRED) 2009-05-03 17:30:41 UTC

There are updates stages as part of the autobuilds, which will have updated openssl versions.