This is what I get when trying to emerge dev-db/lmdb: sirius ~ $ LC_ALL=C emerge lmdb Calculating dependencies... done! >>> Verifying ebuild manifests >>> Emerging (1 of 1) dev-db/lmdb-0.9.14::gentoo_prefix >>> Downloading 'ftp://ftp.las.ic.unicamp.br/pub/gentoo/distfiles/lmdb-0.9.14.tar.gz' --2014-11-07 22:57:58-- ftp://ftp.las.ic.unicamp.br/pub/gentoo/distfiles/lmdb-0.9.14.tar.gz => '/Library/Gentoo/usr/portage/distfiles/lmdb-0.9.14.tar.gz' Resolving ftp.las.ic.unicamp.br... 143.106.60.118 Connecting to ftp.las.ic.unicamp.br|143.106.60.118|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /pub/gentoo/distfiles ... No such directory 'pub/gentoo/distfiles'. >>> Downloading 'https://gitorious.org/mdb/mdb/archive/2f587ae081d076e3707360c5db086520c219d3ea.tar.gz' --2014-11-07 22:57:58-- https://gitorious.org/mdb/mdb/archive/2f587ae081d076e3707360c5db086520c219d3ea.tar.gz Resolving gitorious.org... 87.238.52.168, 2a02:c0:1014::1 Connecting to gitorious.org|87.238.52.168|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 128170 (125K) [application/x-gzip] Saving to: '/Library/Gentoo/usr/portage/distfiles/lmdb-0.9.14.tar.gz' /Library/Gentoo/usr 100%[=====================>] 125.17K 73.4KB/s in 1.7s 2014-11-07 22:58:01 (73.4 KB/s) - '/Library/Gentoo/usr/portage/distfiles/lmdb-0.9.14.tar.gz' saved [128170/128170] !!! Fetched file: lmdb-0.9.14.tar.gz VERIFY FAILED! !!! Reason: Failed on SHA256 verification !!! Got: 7db00b17eda208bb0e0e3b2446e24f02b5b440232b1b34f976670f6697fd338f !!! Expected: 3b14dfe2134521cfebd98168b925f7327b9bd07c715640b79f3526e54f0ccb1f Refetching... File renamed to '/Library/Gentoo/usr/portage/distfiles/lmdb-0.9.14.tar.gz._checksum_failure_.Nt6VOQ' !!! Couldn't download 'lmdb-0.9.14.tar.gz'. Aborting. * Fetch failed for 'dev-db/lmdb-0.9.14', Log file: * '/Library/Gentoo/var/tmp/portage/dev-db/lmdb-0.9.14/temp/build.log' >>> Failed to emerge dev-db/lmdb-0.9.14, Log file: >>> '/Library/Gentoo/var/tmp/portage/dev-db/lmdb-0.9.14/temp/build.log' * Messages for package dev-db/lmdb-0.9.14: * Fetch failed for 'dev-db/lmdb-0.9.14', Log file: * '/Library/Gentoo/var/tmp/portage/dev-db/lmdb-0.9.14/temp/build.log' sirius ~ $ Reproducible: Always
# ebuild lmdb-0.9.14.ebuild fetch Appending /newaches/gentoo/cvs/gentoo-x86 to PORTDIR_OVERLAY... >>> Downloading 'https://gitorious.org/mdb/mdb/archive/2f587ae081d076e3707360c5db086520c219d3ea.tar.gz' --2014-11-08 15:33:52-- https://gitorious.org/mdb/mdb/archive/2f587ae081d076e3707360c5db086520c219d3ea.tar.gz Resolving gitorious.org (gitorious.org)... 87.238.52.168, 2a02:c0:1014::1 Connecting to gitorious.org (gitorious.org)|87.238.52.168|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 128170 (125K) [application/x-gzip] Saving to: ‘/world/distfiles/lmdb-0.9.14.tar.gz’ /world/distfiles/lmdb-0.9.14.tar 100%[============================================================>] 125.17K 670KB/s in 0.2s 2014-11-08 15:33:52 (670 KB/s) - ‘/world/distfiles/lmdb-0.9.14.tar.gz’ saved [128170/128170] !!! Fetched file: lmdb-0.9.14.tar.gz VERIFY FAILED! !!! Reason: Failed on SHA256 verification !!! Got: 7db00b17eda208bb0e0e3b2446e24f02b5b440232b1b34f976670f6697fd338f !!! Expected: 3b14dfe2134521cfebd98168b925f7327b9bd07c715640b79f3526e54f0ccb1f Refetching... File renamed to '/world/distfiles/lmdb-0.9.14.tar.gz._checksum_failure_.8e2twt' !!! Couldn't download 'lmdb-0.9.14.tar.gz'. Aborting.
The file contents are the same. I am guessing gzip timestamps are messing up the hash. Same deal with getting the snapshot from the openldap git tree. Bleh for no official tarball releases. @robin: Any ideas? Do we just make a release ourselves? I'd rather not but I am out of ideas. Thanks.
(In reply to Eray Aslan from comment #2) > The file contents are the same. I am guessing gzip timestamps are messing > up the hash. Same deal with getting the snapshot from the openldap git tree. > > Bleh for no official tarball releases. > > @robin: Any ideas? Do we just make a release ourselves? I'd rather not > but I am out of ideas. Thanks. Email Howard and ask about it, since this isn't the first time that the checksum has changed either.
When comparing lmdb-0.9.14.tar.gz._checksum_failure_.* among each other and against the currently accepted version, vbindiff highlights the MTIME field as being the only difference. MTIME is described in RFC-1952: MTIME (Modification TIME) This gives the most recent modification time of the original file being compressed. The time is in Unix format, i.e., seconds since 00:00:00 GMT, Jan. 1, 1970. (Note that this may cause problems for MS-DOS and other systems that use local rather than Universal time.) If the compressed data did not come from a file, MTIME is set to the time at which compression started. MTIME = 0 means no time stamp is available. I've observed the update to lmdb-0.9.14 failing for about a month now -- and was wondering why no one else (apparently) had the same problem. Taken together, I believe the archive is generated upon request only, and subsequently held in a server-side cache for a while, maybe until reboot.
eras: As an alternative, contact Gitorious and get them to do one of these: 1. gzip -n to generate gzip with mtime=0 2. explicitly having the timestamp set to the timestamp of the last commit
This seems to have been fixed a while ago, so I am closing this bug.
