Context Navigation

← Previous Ticket
Next Ticket →

#54442 closed defect (fixed)

exiv2 @0.26: checksum mismatch due to stealth update

Reported by:	ryandesign (Ryan Carsten Schmidt)	Owned by:	mf2k (Frank Schima)
Priority:	Normal	Milestone:
Component:	ports	Version:
Keywords:		Cc:
Port:	exiv2

Description

--->  Computing dependencies for exiv2
--->  Fetching distfiles for exiv2
--->  Attempting to fetch exiv2-0.26-trunk.tar.gz from https://distfiles.macports.org/exiv2
--->  Attempting to fetch exiv2-0.26-trunk.tar.gz from http://www.exiv2.org/builds/
--->  Verifying checksums for exiv2                                                  
Error: Checksum (rmd160) mismatch for exiv2-0.26-trunk.tar.gz
Error: Checksum (sha256) mismatch for exiv2-0.26-trunk.tar.gz
Error: Failed to checksum exiv2: Unable to verify file checksums
Error: See /opt/local/var/macports/logs/_Users_rschmidt_macports_macports-ports-svn-trunk_graphics_exiv2/exiv2/main.log for details.
Error: Unable to execute port: upgrade exiv2 failed

See PortfileRecipes#stealth-updates.

Change History (6)

comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

I've found three different versions of "exiv2-0.26-trunk.tar.gz" so far. I put the tarball whose checksums match the Portfile on the distfiles server.

The contents of the files inside all three tarballs is the same, there are just unimportant differences in the metadata (e.g. the modification date of the configure script differs, or in some tarballs all of the files have the user:_spotlight attribute). So there's no point to modifying the checksums of the Portfile and making anyone fetch a different distfile. We can force the port to fetch from the MacPorts mirrors, and not upstream, by setting master_sites macports_distfiles.

The developers should be made aware of the problems stealth-updating their distfile is causing; hopefully they will then stop doing so.

comment:2 Changed 7 years ago by ctreleaven (Craig Treleaven)

The project web site says that they have moved to GitHub. Perhaps that should be taken as the authoritative source?

http://www.exiv2.org/whatsnew.html

Important Project Changes following v0.26
We are moving to GitHUB:
$ git clone https://github.com/Exiv2/exiv2.git

comment:3 Changed 7 years ago by kurthindenburg (Kurt Hindenburg)

Owner:	changed from tcurdt@… to \
Status:	new → assigned

comment:4 Changed 6 years ago by magicgoose (magicgoose)

FYI, there is a relatively quick workaround for now: block connections to www.exiv2.org:80 in a firewall, then macports will use a mirror (distfiles.macports.org) and fetch the correct tarball.

comment:5 Changed 6 years ago by mf2k (Frank Schima)

Owner:	\ deleted

comment:6 Changed 6 years ago by mf2k (Frank Schima)

Owner:	set to mf2k
Resolution:	→ fixed
Status:	assigned → closed

In ef5970963d8586093f90cce06c3cfc2265ed5e9a/macports-ports:

exiv2: Switch to GitHub

Fixes: #54442

Note: See TracTickets for help on using tickets.

Download in other formats: