Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 81824 - No /usr/portage/metadata/glsa dir?
Summary: No /usr/portage/metadata/glsa dir?
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Lance Albertson (RETIRED)
Depends on:
Reported: 2005-02-12 22:49 UTC by Evgeny Stambulchik
Modified: 2005-02-14 05:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Evgeny Stambulchik 2005-02-12 22:49:02 UTC
I was surprised to not be hit by any GLSA lately. It turns out the /usr/portage/metadata/glsa directory is absent, as not contained in portage snapshots (I use emerge-webrsync).

Reproducible: Always
Steps to Reproduce:
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-02-13 17:40:54 UTC
I confirm that the most recent snapshot with GLSA data is 20050203.
Comment 2 Lance Albertson (RETIRED) gentoo-dev 2005-02-13 17:59:15 UTC
shoot! I've moved the snapshots to the new staging mirror and thought it was working correctly. Apparently its not. Let me look into that!
Comment 3 Lance Albertson (RETIRED) gentoo-dev 2005-02-13 18:07:18 UTC
Nick: Could you take a look at osprey and make sure I didn't miss something for regenerating the portage tree? Looks like its missing the metadata/dtd and glsa dirs. 
Comment 4 Lance Albertson (RETIRED) gentoo-dev 2005-02-13 18:29:41 UTC
Ok, i think I know what happened. Apparently when I created the first sync on the new mirror box, I had to manually create those directories and checkout that information. I just did all that and in the process of creating a new snapshot to be put on the mirrors. Give it about 3-4 hours, or in about an hour you should see it on I'm so sorry about this! :( 
Comment 5 Evgeny Stambulchik 2005-02-13 22:29:40 UTC
While we're at this - can any reasonable sophistics be added to the (automated) process of snapshot creating/signing? In my history of Gentoo usage (~ 1.5 year), it happened a few times that snapshots were malformed (NOT corrupted - ms5sums were ok). Like checks for total size not deviating from previous tarball for more than some per cent, presence of a few key file/directories,... ?

More importantly - glsa-check should shout loudly about missing data instead of calmly re-assuring the system is not vulnerable...
Comment 6 Lance Albertson (RETIRED) gentoo-dev 2005-02-13 23:02:52 UTC
I have been wanting to get such a check in place, I just haven't found the time yet. I might have one of our devs look into it. It seems to be some kind of race condition that is hard to replicate. I will try my best to get this implemented.

About the glsa-check, might post a bug about that, but what happened here was a very rare case since one small step was looked over on this move and didn't get caught in time (my apologies). There's so many damn things I have to look out for when making such a switch in hardware. Best to post a bug for this to the portage devs, but like I said, this was a very rare case.

Btw, did this latest snapshot have the appropriate glsa dirs and files?
Comment 7 Evgeny Stambulchik 2005-02-13 23:45:23 UTC
> About the glsa-check, might post a bug about that


> Btw, did this latest snapshot have the appropriate glsa dirs and files?

Yes, thanks!
Comment 8 Lance Albertson (RETIRED) gentoo-dev 2005-02-14 05:09:23 UTC
Great, I'll look into it!