Bug 66785

Summary:	samba ebuild again has problems with checksums
Product:	Gentoo Linux	Reporter:	Andre Hinrichs <andre.hinrichs>
Component:	New packages	Assignee:	Gentoo's SAMBA Team <samba>
Status:	RESOLVED DUPLICATE
Severity:	critical	CC:	fmouse-gentoo, henrik, jesse, nuno.araujo, security, throstur
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Andre Hinrichs 2004-10-08 10:51:02 UTC

Similar to bug #64585 I'm not able to emerge net-fs/samba-3.0.7-r1
I did a diff to the digest files...

--- digest-samba-3.0.7  2004-09-28 10:06:45.000000000 +0200
+++ digest-samba-3.0.7-r1       2004-10-08 16:07:57.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 5906341429e64214909865a4be92e4ab samba-3.0.7.tar.gz 15012667
+MD5 a3e74c3cbb3303dcc92f037fdb35ff20 samba-3.0.7.tar.gz 15012667
 MD5 5f173d549014985d681478897135915b samba-vscan-0.3.5.tar.bz2 161982
-MD5 998ece1ac96680d75cebe6f0352f56b9 smbldap-tools-0.8.5.tgz 271436
+MD5 dbd622492aa0f1942979963467cc1d9a smbldap-tools-0.8.5.tgz 271436


From my point of view there shouldn't be any differences between these
checksums, right? OK, as of comment #2 in bug #66178 reload is a bad idea.
I agree. But what if emerge would fail as it does now, but gives the option to
reload the files? This would require a change in the portage itself...

But... why does samba have these problems and other packages don't???


Reproducible: Always
Steps to Reproduce:
1. emerge net-fs/samba with old files already loaded...
Actual Results:  
emerge does not continue due to wrong checksums.


Expected Results:  
emerge should install as usual.


Portage 2.0.50-r11 (default-x86-2004.0, gcc-3.3.4, glibc-2.3.3.20040420-r2,
2.6.8-gentoo-r7)
=================================================================
System uname: 2.6.8-gentoo-r7 i686 Pentium III (Coppermine)
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium3 -O3 -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium3 -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
http://gentoo.tiscali.nl/gentoo/ http://gentoo.mirror.sdv.fr
http://www.gigaload.org/gentoo.org/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="X Xaw3d acl apache2 apm avi bitmap-fonts cdr crypt cups dbm divx4linux dvd
dvdr emacs encode f77 fbcon flac foomaticdb ftp gd gdbm ggi gif gnutls gpm gtk
gtk2 imagemagick imap imlib jpeg lcms ldap leim libg++ libwww mad mikmod milter
mime mng mozilla mpeg mysql mysqli ncurses nls odbc oggvorbis opengl oss pam
pdflib perl php png posix ppds python quicktime readline recode samba sasl sdl
shared sharedmem simplexml slang slp sndfile soap sockets socks5 spl ssl svga
tcpd tetex theora tiff truetype unicode usb x86 xml2 xmlrpc xmms xpm xprint xsl
xv xvid zlib"

Comment 1 Lindsay Haisley 2004-10-08 11:50:11 UTC

Same problem here.

# emerge info
Portage 2.0.50-r11 (default-x86-1.4, gcc-3.3.4, glibc-2.3.3.20040420-r2, 2.4.20-gentoo-r9)
=================================================================
System uname: 2.4.20-gentoo-r9 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz
Gentoo Base System version 1.4.16
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -mcpu=pentium4 -march=pentium4 -fprefetch-loop-arrays -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.1/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mcpu=pentium4 -march=pentium4 -fprefetch-loop-arrays -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp://gentoo.noved.org/ http://gentoo.noved.org/ ftp://ftp.ussg.iu.edu/pub/linux/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X Xaw3d acl acpi alsa apache2 apm arts avi berkdb bindist bitmap-fonts bonobo cdr crypt cups curl doc dvd dvdr encode esd evo f77 fastcgi flash foomaticdb gdbm gif gnome gpm gps gstreamer gtk gtk2 gtkhtml guile imap imlib ipv6 java jikes jpeg libg++ libwww mad maildir mcal mikmod motif mozilla mpeg mysql nas ncurses nls oggvorbis opengl oss pam pdflib perl plotutils png ppds python quicktime readline samba sasl scanner sdl slang slp snmp spell sse ssl svga tcltk tcpd tetex tiff truetype usb x86 xml xml2 xmms xosd xprint xv zeo zlib"

Comment 2 jason wohlgemuth 2004-10-08 16:18:48 UTC

Yup..

>>> emerge (1 of 1) net-fs/samba-3.0.7-r1 to /
>>> Downloading http://mirror.tucdemonic.org/gentoo/distfiles/samba-3.0.7.tar.gz
--17:47:51--  http://mirror.tucdemonic.org/gentoo/distfiles/samba-3.0.7.tar.gz
           => `/usr/portage/distfiles/samba-3.0.7.tar.gz'
Resolving mirror.tucdemonic.org... 128.196.95.10
Connecting to mirror.tucdemonic.org[128.196.95.10]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15,012,667 [application/x-tar]

100%[====================================>] 15,012,667   171.51K/s    ETA 00:00

17:49:09 (188.00 KB/s) - `/usr/portage/distfiles/samba-3.0.7.tar.gz' saved [15012667/15012667]


!!! File is corrupt or incomplete. (Digests do not match)
>>> our recorded digest: a3e74c3cbb3303dcc92f037fdb35ff20
>>>  your file's digest: 5906341429e64214909865a4be92e4ab
!!! File does not exist: /usr/portage/distfiles/samba-3.0.7.tar.gz

Comment 3 Richard Unger 2004-10-08 16:57:33 UTC

Also have this one...

Calculating world dependencies ...done!
>>> emerge (1 of 1) net-fs/samba-3.0.7-r1 to /
>>> Downloading http://gentoo.inode.at/distfiles/samba-3.0.7.tar.gz
--01:30:53--  http://gentoo.inode.at/distfiles/samba-3.0.7.tar.gz
           => `/usr/portage/distfiles/samba-3.0.7.tar.gz'
Resolving gentoo.inode.at... 81.223.20.162
Connecting to gentoo.inode.at[81.223.20.162]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15,012,667 [text/plain]

100%[====================================>] 15,012,667    79.22K/s    ETA 00:00

01:34:11 (74.12 KB/s) - `/usr/portage/distfiles/samba-3.0.7.tar.gz' saved [15012667/15012667]


!!! File is corrupt or incomplete. (Digests do not match)
>>> our recorded digest: a3e74c3cbb3303dcc92f037fdb35ff20
>>>  your file's digest: 5906341429e64214909865a4be92e4ab
!!! File does not exist: /usr/portage/distfiles//samba-3.0.7.tar.gz

zot root # rm /usr/portage/distfiles//samba-3.0.7.tar.gz


Richie

Comment 4 veurits 2004-10-08 17:38:06 UTC

a workaround :

cd /usr/portage/net-fs/samba/
rm files/digest-samba-3.0.7*
ebuild ./digest-samba-3.0.7 ebuild
ebuild ./digest-samba-3.0.7-r1 ebuild

now your md5sum will be correct again , had same problem on many systems overhere.

Comment 5 Jesse Adelman 2004-10-08 21:44:46 UTC

Same here. Adding CC.

Comment 6 Oliver Schoett 2004-10-09 02:29:09 UTC

Confirming the problem:
>>> emerge (1 of 3) net-fs/samba-3.0.7-r1 to /

!!! File is corrupt or incomplete. (Digests do not match)
>>> our recorded digest: a3e74c3cbb3303dcc92f037fdb35ff20
>>>  your file's digest: 5906341429e64214909865a4be92e4ab
!!! File does not exist: /usr/portage/distfiles//samba-3.0.7.tar.gz

Googling for the md5sums, I get the impression that my file (59063) is genuine. If that is true, the person creating the ebuild digest has used a wrong/corrupt samba source file.  This may be an innocent mistake, but it might also mean that someone somewhere has managed to insert a manipulated samba source archive into an FTP archive, sufficient to fool the digest author.

The digest author should do a forensic investigation of the (a3e74) samba source file he/she has used.  It is imperative that the community finds out
 - which way the file has been altered,
 - whether the alteration was an accident or intentional,
 - how this altered file has found its way to the gentoo ebuild author.

There have been cases of source archives on FTP servers altered with evil intent  before; this might be such a case.

(I would like to escalate by setting keyword SECURITY and severity critical, but the bug system does not let me.)

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2004-10-09 02:55:31 UTC

I confirm that the samba-3.0.7.tar.gz should be :
5906341429e64214909865a4be92e4ab  samba-3.0.7.tar.gz

samba team, please elaborate...

Comment 8 Michael Glauche (RETIRED) gentoo-dev

2004-10-09 02:58:39 UTC

dupe of bug #64202, fixed in cvs.

christians's hd had problems, distfiles got corrupted, he committed a bad md5sum ...

*** This bug has been marked as a duplicate of 64202 ***

Comment 9 Christian Andreetta (RETIRED) gentoo-dev

2004-10-09 03:22:29 UTC

This was due to my faulty HD, which I'm burying now, I swear...
_many_ thanks to mglauche who fixed it, and _many_ excuses to you all :-(

Comment 10 Oliver Schoett 2004-10-09 05:24:18 UTC

Yeah, I would have guessed (95%) that there was a technical explanation instead of something sinister.

Wouldn't it be nice if the ebuild production process would use the (presumably verified) checksums of the source files to warn you about your files being corrupted, instead of silently replacing the good checksums with bad ones!?