Changes between Version 139 and Version 140 of FAQ


Ignore:
Timestamp:
Apr 20, 2015, 3:10:37 AM (9 years ago)
Author:
Ionic (Mihai Moldovan)
Comment:

Typo fixes

Legend:

Unmodified
Added
Removed
Modified

  • FAQ

    v139 v140  
    6161However, having MacPorts under `/usr/local` would be error-prone for precisely that reason. 
    6262Many other software packages and packaging systems install into `/usr/local`,
    63 and could accidentaly overwrite what MacPorts has installed, or vice versa.
     63and could accidentally overwrite what MacPorts has installed, or vice versa.
    6464
    6565While this could be dismissed as the user's own error, it is a fact that
     
    120120=== I get `Error: checksum (md5/sha1/rmd160) mismatch for port`. What can I do about it? === #checksums
    121121
    122 MacPorts computes checksums of downloaded files to ensure they aren't corrupted and haven't been tampered with. Each portfile lists the checksums for the files that the port will download (using md5, sha1 and/or rmd160). If the computed checksum of the downloaded file doesn't match the one listed in the portfile, that means the file you downloaded is not the one the port designer used when creating the port, and so MacPorts stops the installation.
     122MacPorts computes checksums of downloaded files to ensure they aren't corrupted and haven't been tampered with. Each Portfile lists the checksums for the files that the port will download (using md5, sha1 and/or rmd160). If the computed checksum of the downloaded file doesn't match the one listed in the Portfile, that means the file you downloaded is not the one the port designer used when creating the port, and so MacPorts stops the installation.
    123123
    124124First aid, download the file again:
     
    136136
    137137 1. ''The file is corrupt''. If it was corrupted by the transfer, download it again (as shown above). If it is corrupted on the server, there is not much you can do about it. Open a bug in [http://trac.macports.org/newticket Trac] and assign it to the port's maintainer. As for solving the problem: if there are other mirrors, try one of them. You can also ask if someone has a complete file they can send you on the [http://lists.macosforge.org/mailman/listinfo/macports-users MacPorts users' mailing list].
    138  2. ''The developer has performed a "stealth upgrade"''. Sometimes upstream developers make "stealth upgrades" in which they change the contents of their distribution archive but not its version number, without informing MacPorts of this change. Perhaps the developer has repackaged the distribution with a different archiving program, or has fixed typos in the included documentation or made other presumably minor changes that did not warrant a regular release. This practice is not recommended because of the obvious difficulties it presents to MacPorts and other port systems that compute package checksums. Attempt to get confirmation from the developer of the software that this has occurred. If the developer cannot be reached, attempt to determine yourself whether a stealth upgrade has happened. [http://www.google.com/ Search the Internet] and try to locate the older version of the archive that matches the checksum in the portfile. Also download the version currently available on the developer's site, extract both, and compare the contents (for example with `diff -r -u <old> <new>`). If the changes look minor and benign, or there are no changes at all, then it is safe for you to update the checksum in the portfile, and the port maintainer should be informed of this so that they can make the change official. If you cannot determine whether a stealth upgrade has taken place, ask for help on the [http://lists.macosforge.org/mailman/listinfo/macports-users users' mailing list].
     138 2. ''The developer has performed a "stealth upgrade"''. Sometimes upstream developers make "stealth upgrades" in which they change the contents of their distribution archive but not its version number, without informing MacPorts of this change. Perhaps the developer has repackaged the distribution with a different archiving program, or has fixed typos in the included documentation or made other presumably minor changes that did not warrant a regular release. This practice is not recommended because of the obvious difficulties it presents to MacPorts and other port systems that compute package checksums. Attempt to get confirmation from the developer of the software that this has occurred. If the developer cannot be reached, attempt to determine yourself whether a stealth upgrade has happened. [http://www.google.com/ Search the Internet] and try to locate the older version of the archive that matches the checksum in the Portfile. Also download the version currently available on the developer's site, extract both, and compare the contents (for example with `diff -r -u <old> <new>`). If the changes look minor and benign, or there are no changes at all, then it is safe for you to update the checksum in the Portfile, and the port maintainer should be informed of this so that they can make the change official. If you cannot determine whether a stealth upgrade has taken place, ask for help on the [http://lists.macosforge.org/mailman/listinfo/macports-users users' mailing list].
    139139 3. ''The file has been tampered with''. It is perhaps somewhat unlikely yet theoretically possible (and it has happened a few times in practice) that the archive being distributed by the developer (or by a mirror) has been genuinely compromised. If a hacker was able to manipulate the developer's (or the mirror's) server, the hacker could have uploaded a revised archive containing malware (a virus, a trojan horse, a spam-sending platform, etc.) of the hacker's choosing, and you would certainly not want to install such software. You must attempt to determine, as above, whether this has occurred by contacting the developer, or by locating an older version of the archive and comparing them. You can also contact the port maintainer or the [http://lists.macosforge.org/mailman/listinfo/macports-users users' mailing list].
    140140 4. ''A proxy is blocking your request''.  Some internet connections are protected by a proxy which may not allow file downloads, tar/zip downloads, or may not allow your particular computer to access the internet without being specifically allowed.  In that case, the proxy may return a simple "disallowed" message (with an erroneous 200 status), which MacPorts mistakes for the file that should be downloaded.  Examining the content of the downloaded file will determine if this is the case.  If so, contact your network administrator for access.