Digest verification fails for a distfile that has an all-numeric checksum, like in the following Manifest line (I've used SHA1 there, but the problem exists for all hashes):
DIST foo-1 9 SHA1 5938266572196464632409940308852871296620 SHA512 ffa28da4b6f28e8acf076afba7553ab6ca097e8b782e3381027e597a0bfa6583800f4e313c6b9860768305d9f9a84d14f9b74ca92217812c6d5ccd6ec315cc66
$ ebuild foo-1.ebuild fetch
!!! Fetched file: foo-1 VERIFY FAILED!
!!! Reason: Insufficient data for checksum verification
!!! Expected: BLAKE2B BLAKE2S MD5 RMD160 SHA1 SHA256 SHA512 WHIRLPOOL
It should succeed, because all checksums are correct:
$ sha1sum /usr/portage/distfiles/foo-1
$ sha512sum /usr/portage/distfiles/foo-1
Created attachment 504964 [details]
Ebuild to reproduce the problem.
Created attachment 504966 [details]
The bug has been referenced in the following commit(s):
Author: Michał Górny <email@example.com>
AuthorDate: 2017-11-19 16:56:50 +0000
Commit: Michał Górny <firstname.lastname@example.org>
CommitDate: 2017-11-20 18:38:00 +0000
portage.manifest: Fix mis-parsing Manifests with numerical checksums
Fix the regular expression used to parse Manifests not to fail horribly
when one of the checksums accidentally happens to be all-digits.
The previously used regular expression used to greedily take everything
up to the first number as filename. If one of the checksums happened to
be purely numeric, this meant that everything up to that checksum was
taken as filename, and the checksum itself was taken as file size. It
was also capable of accepting an empty filename.
The updated regular expression uses '\S+' to match filenames. Therefore,
the match is terminated on first whitespace character and filenames can
no longer contain spaces. Not that it could ever work reliably.
Spotted by Ulrich Müller.
Reviewed-by: Zac Medico <email@example.com>
pym/portage/manifest.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)}