Hello, I am currently installing a new box, using Gentoo 2004.2. When i came accross MySQL I notices that the ebuild records a wrong MD5 sum. <snip> >>> emerge (19 of 37) dev-db/mysql-4.0.20-r1 to / >>> Downloading http://mysql.mirror.ok.ee/Downloads/MySQL-4.0/mysql-4.0.20.tar.gz --12:02:07-- http://mysql.mirror.ok.ee/Downloads/MySQL-4.0/mysql-4.0.20.tar.gz => `/usr/portage/distfiles/mysql-4.0.20.tar.gz' Resolving mysql.mirror.ok.ee... 195.222.16.153 Connecting to mysql.mirror.ok.ee[195.222.16.153]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13,807,983 [application/x-tar] 100%[=====================================================================================================>] 13,807,983 173.78K/s ETA 00:00 12:03:25 (173.65 KB/s) - `/usr/portage/distfiles/mysql-4.0.20.tar.gz' saved [13807983/13807983] !!! File is corrupt or incomplete. (Digests do not match) >>> our recorded digest: 7c75ac74e23396bd228dbc2c2d1131df >>> your file's digest: 2035a97edbe337418aa9ddb9a95ed48f !!! File does not exist: /usr/portage/distfiles//mysql-4.0.20.tar.gz </snip> Please correct it as soon as is convenient. I rated this bug major since many people use MySQL and many a package depends on MySQL. Thanks! Kind regards Martin Eisenhardt
Strange: % wget http://mysql.mirror.ok.ee/Downloads/MySQL-4.0/mysql-4.0.20.tar.gz --14:41:34-- http://mysql.mirror.ok.ee/Downloads/MySQL-4.0/mysql-4.0.20.tar.gz => `mysql-4.0.20.tar.gz' Resolving mysql.mirror.ok.ee... 195.222.16.153 Connecting to mysql.mirror.ok.ee[195.222.16.153]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13,807,983 [application/x-tar] 100%[===========================================================================================================>] 13,807,983 494.70K/s ETA 00:00 14:42:03 (465.24 KB/s) - `mysql-4.0.20.tar.gz' saved [13807983/13807983] % md5sum mysql-4.0.20.tar.gz 7c75ac74e23396bd228dbc2c2d1131df mysql-4.0.20.tar.gz % Could your download somehow have been corrupted? Does it work if you delete the file and retry?
md5sum /usr/portage/distfiles/mysql-4.0.20.tar.gz 7c75ac74e23396bd228dbc2c2d1131df /usr/portage/distfiles/mysql-4.0.20.tar.gz I agree - delete file and download again.
I am sorry to have to reject your suggestions (regarding a corrupted download), the reason being that I could proceed with the installation after having changed the md5 sum for this file in the portage tree to the value I reported earlier. Plus, MySQL compiled and installed perfectly. So, I cannot believe that a corrupted *.tar.bz-file decompresses, untars, compiles *and* installs just as the real thing. Any other suggestions? Thanks! Martin
This is just plain stupid. It's PERFECTLY normal if "corrupted" *.tar.bz-file decompresses, untars, compiles *and* installs just as the real thing. If you'll untar file and create new tar then in 9 out of 10 files you'll get DIFFERENT file with DIFFERENT md5sum. Why ? Different file order, different metadata (user Id in tar), different compression, etc, etc. So even if tar contents is the same md5sum CAN BE different. Easily. What's so abnormal about it ? Since I've downloaded and installed MySQL 4.0.20 just a few minutes ago and it had correct digest (7c75ac74e23396bd228dbc2c2d1131df) I suspect you just stumbled upon broken file on some mirror (may be even purposefully changed with added troyan), that's all - nothing to fix. Really.
Martin: if you have the broken mysql download still, please make a backup copy of it. then go to mysql's website, and download the 4.0.20 source tarball manually compare the md5sums of the two i've double checked that the correct md5sum is 7c75ac74e23396bd228dbc2c2d1131df if they don't match extract them to parallel directories and run: diff -Nuar correct.dir bad.dir >diff and post up that diff here.
Hi Robin, unfortunately, I do not have the file in question. I really do believe that you have checked the file from its source at mysql.com so the error has to be on my side. Nevertheless, this is rather strange and I am not quite sure what happened. Just in case something similar happens again: how should I proceed? (Please note: I did emerge -f mysql twice because at first I too believed to have made an error. So this error was reproducible - at least for a certain period of time and with my set of download mirrors.) Kindest regards Martin
if you're paranoid when this happens in future, do: cp badfile /tmp/badfile.bad GENTOO_MIRRORS="" emerge -f package (or find the master src yourself) compare badfile and known good source for differences. report any deliberate malicous changes you see (but beware the some package authors do occasionally change things and not change versions, particullarly with unversioned files). I'm closing as invalid since you got a bad mirror.