Date: Sat, 24 Jan 2015 22:03:23 -0500 From: Garrett Wollman <wollman@bimajority.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: Strange package checksum report Message-ID: <21700.23803.911745.834275@hergotha.csail.mit.edu> In-Reply-To: <868ugrr5r3.fsf@nine.des.no> References: <21698.32224.747971.146491@khavrinen.csail.mit.edu> <868ugrr5r3.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 25 Jan 2015 02:47:12 +0100, Dag-Erling Sm=C3=B8rgrav <des@des= .no> said: > Garrett Wollman <wollman@csail.mit.edu> writes: >> Checking for packages with mismatched checksums: >> p5-XML-SAX-0.99_2: /usr/local/lib/perl5/site_perl/XML/SAX/ParserDeta= ils.ini > This file is updated whenever you install or remove a SAX parser, so > this is expected. There are at least half a dozen different Perl SAX= > implementations in the ports tree. So perhaps this file should be treated as, um, whatever our equivalent of a "conffile" is from dpkg-land. > These are Pyhon bytecode files. They are automatically regenerated if= > you have write access to them and Python thinks they are stale when i= t > tries to load them. Apparently, Python's definition of "stale" is > slightly more complex than just comparing timestamps; they are one of= > the reasons why Baptiste gave up reproducible package builds. That's unfortunate. Perhaps either Python can be trained to write updated copies somewhere else? Or maybe we can generate them at package installation rather than shipping pregenerated versions? (Would slow down builds of dependent packages, but those are the breaks.) > Is your clock synchronized with NTP? Is this a VM? What is the > underlying filesystem? Yes, on all machines; no; and ZFS. -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21700.23803.911745.834275>