Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 659250 - 'Manifest mismatch for metadata/glsa/Manifest' after `emaint sync -r gentoo --sync-submodule glsa`
Summary: 'Manifest mismatch for metadata/glsa/Manifest' after `emaint sync -r gentoo -...
Status: CONFIRMED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Unclassified (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
: 663962 (view as bug list)
Depends on:
Blocks: 650144
  Show dependency tree
 
Reported: 2018-06-26 16:07 UTC by Nuno
Modified: 2018-08-19 08:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info (emerge.info,7.35 KB, text/plain)
2018-06-26 16:07 UTC, Nuno 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nuno 2018-06-26 16:07:22 UTC 
Created attachment 537284 [details]
emerge --info

When running `emaint sync -r gentoo --sync-submodule glsa`, the following message appears (if the portage tree is not already up-to-date):

```
 * Verifying /usr/portage ...!!! Manifest verification failed:
Manifest mismatch for metadata/glsa/Manifest
  BLAKE2B: expected: fda02a1ae593b985b50b2f5c6da01d8d7ac30d00fe0520a79e3d3eb092a2cda0a9632d6ae689f43cfe653ae5c07a3caa14aa89faca63d1a07e64a74b2e540fae, have: d34241568d14c06cac92ce77948773230fd22dabceac7b07978f672d051e7b72f9cb9d64150e6687a60945509461230718b5d85b35c6b5710313650338681835
  SHA512: expected: 2e5ed1b1d1b75237e52c230cc0a7f799cd7319626c05766d76d0d45f257576f23b94e3dc606ef2c67865734481e820e1dd633efa5cd03674c4ede7fd9041fb8d, have: c2f458eeaa1807c9db1a77256070a850df012a7c2ad06fd4b7d09f214d8027021488b1382cef483182f51effe5c66d68f3016cd73a28e937069b4dc542deaea6
```

This happens because the hashes for 'metadata/glsa/Manifest' are in 'metadata/Manifest.gz', which (I guess) is not updated by `--sync-submodule glsa`. However, simply syncing the parent Manifests (e.g. 'metadata/Manifest.gz', 'Manifest.files.gz' and 'Manifest') would not work since it would mess up the hashes of other files in the portage tree which were not synced.

Using sys-apps/portage-2.3.40-r1 with USE="ipc native-extensions rsync-verify xattr" PYTHON_TARGETS="python3_6"
Comment 1 Zac Medico gentoo-dev 2018-06-27 15:09:53 UTC 
GLEP 74 says "The sub-Manifest can also be signed using OpenPGP armored cleartext format" here:

https://www.gentoo.org/glep/glep-0074.html#manifest-file-locations-and-nesting

In fact, the glsa subdirectory does have a signed Manifest file, so we can make gemato verify it independently.
Comment 2 Jonas Stein gentoo-dev 2018-08-19 08:58:45 UTC 
*** Bug 663962 has been marked as a duplicate of this bug. ***