pena activesupport # devebuild activesupport-2.0.2.ebuild clean unpack !!! Previously fetched file: 'activesupport-2.0.2.gem' !!! Reason: Failed on RMD160 verification !!! Got: 2b70cf3eb6740121f793c2b9116c74f06c6b08da !!! Expected: 2b1d7c62364c33ddbafa0ba865978d3ffdaf9d41 Refetching... File renamed to '/var/distfiles/activesupport-2.0.2.gem._checksum_failure_.reS2im' >>> Downloading 'http://trumpetti.atm.tut.fi/gentoo/distfiles/activesupport-2.0.2.gem' --2008-03-26 15:23:00-- http://trumpetti.atm.tut.fi/gentoo/distfiles/activesupport-2.0.2.gem Resolving trumpetti.atm.tut.fi... 130.230.54.100 Connecting to trumpetti.atm.tut.fi|130.230.54.100|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 234496 (229K) [text/plain] Saving to: `/var/distfiles/activesupport-2.0.2.gem' 100%[==================================================================================================================================>] 234,496 --.-K/s in 0.05s 2008-03-26 15:23:00 (4.17 MB/s) - `/var/distfiles/activesupport-2.0.2.gem' saved [234496/234496] >>> Unpacking source... >>> Source unpacked. pena activesupport # devebuild activesupport-2.0.2.ebuild clean unpack !!! Previously fetched file: 'activesupport-2.0.2.gem' !!! Reason: Failed on RMD160 verification !!! Got: 2b70cf3eb6740121f793c2b9116c74f06c6b08da !!! Expected: 2b1d7c62364c33ddbafa0ba865978d3ffdaf9d41 Refetching... File renamed to '/var/distfiles/activesupport-2.0.2.gem._checksum_failure_.reS2im' >>> Downloading 'http://trumpetti.atm.tut.fi/gentoo/distfiles/activesupport-2.0.2.gem' --2008-03-26 15:51:22-- http://trumpetti.atm.tut.fi/gentoo/distfiles/activesupport-2.0.2.gem Resolving trumpetti.atm.tut.fi... 130.230.54.100 Connecting to trumpetti.atm.tut.fi|130.230.54.100|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 234496 (229K) [text/plain] Saving to: `/var/distfiles/activesupport-2.0.2.gem' 100%[==================================================================================================================================>] 234,496 --.-K/s in 0.06s 2008-03-26 15:51:22 (3.66 MB/s) - `/var/distfiles/activesupport-2.0.2.gem' saved [234496/234496] >>> Unpacking source... >>> Source unpacked. The Manifest entry is borked and Portage doesn't complain about it when strict is off. When there aren't any problems ebuild does check it: pena activesupport # devebuild activesupport-1.3.1.ebuild clean unpack * activesupport-1.3.1.gem RMD160 SHA1 SHA256 size ;-) ... [ ok ] >>> Unpacking source... >>> Source unpacked.
So, the expected behavior is that it should show a warning message and continue despite the invalid checksum?
(In reply to comment #1) > So, the expected behavior is that it should show a warning message and continue > despite the invalid checksum? > It should fail like it does when the file is not already in DISTDIR.
Hmm, are we talking about behavior with FEATURES=strict enabled or disabled? Perhaps the bug summary should say FEATURES=strict instead of FEATURES=-strict? If you are trying to confuse me then you have succeeded. :P
from make.conf.5: strict Have portage react strongly to conditions that have the potential to be dangerous (like missing or incorrect digests for ebuilds or distfiles). So, shouldn't it ignore an incorrect digest if "strict" is disabled?
Historically "strict" enabled checksum checks for the manifest types EBUILD and AUX (and MISC in some versions), but DIST files were always checked independent of "strict". It doesn't make sense to skip checksum verification of distfiles in this case anyway as it only delays the failure tilll the checksum check before unpack, while for other types the check is skipped completely with "-strict".
Okay, it's fixed in svn r9519 so that distfiles are always checked in any case.
This is fixed in 2.1.5_rc1.