Ticket #15269 (closed defect: fixed)
checksum phase sometimes skipped!
|Reported by:||ryandesign@…||Owned by:||raimue@…|
The checksum phase is sometimes skipped, allowing the extract, configure, build, etc. phases to complete even though the checksums have never been checked and maybe don't match. Clearly this is bad. The revision that introduced this problem is r35806.
The incorrect behavior can be triggered by explicitly requesting the fetch phase, then proceeding to another later phase without cleaning the work area. To test the issue, go to a port's directory (for example the zlib port) and make its checksum invalid (e.g. set its checksum to "x") and do this:
sudo port clean --work && sudo port fetch && sudo port checksum
The correct behavior (which is seen before r35806) is:
---> Cleaning zlib ---> Fetching zlib ---> Verifying checksum(s) for zlib Error: Checksum (md5) mismatch for zlib-1.2.3.tar.bz2 Error: Checksum (sha1) mismatch for zlib-1.2.3.tar.bz2 Error: Checksum (rmd160) mismatch for zlib-1.2.3.tar.bz2 Error: Target org.macports.checksum returned: Unable to verify file checksums Error: Status 1 encountered during processing.
The incorrect behavior (seen in r35806 and after) is:
---> Cleaning zlib ---> Fetching zlib ---> Verifying checksum(s) for zlib
Priority is high because this is a regression and a potential security issue.
- Milestone changed from MacPorts base bugs to MacPorts Future