NetBSD Problem Report #55277

From www@netbsd.org  Tue May 19 04:23:28 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id D07F91A9217
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 19 May 2020 04:23:27 +0000 (UTC)
Message-Id: <20200519042326.C88601A921E@mollari.NetBSD.org>
Date: Tue, 19 May 2020 04:23:26 +0000 (UTC)
From: joaopaulo1511@hotmail.com
Reply-To: joaopaulo1511@hotmail.com
To: gnats-bugs@NetBSD.org
Subject: textproc/icu The International Components for Unicode
X-Send-Pr-Version: www-1.0

>Number:         55277
>Category:       pkg
>Synopsis:       textproc/icu The International Components for Unicode
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 19 04:25:00 +0000 2020
>Originator:     Joćo Paulo Vinha Bittar
>Release:        pkgsrc 2020Q1
>Organization:
home user
>Environment:
NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020 mkrepro@mkrepro@NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
Pkgsrc 2020Q1 introduced this problem which did not exist on pkgsrc 2019Q4:

Checksum SHA1 mismatch for icu4c-64_2-src.tgz.
>How-To-Repeat:
Just build any package that depends on textproc/icu or build textproc/icu directly: "[b]make -C /usr/pkgsrc/textproc".  Then when fetching icu4c-64_2-src.tgz it will show these error messages:

checksum: Checksum SHA1 mismatch for icu4c-64_2-src.tgz
ERROR: Make sure the Makefile and checksum file (/usr/pkgsrc/textproc/icu/distinfo)
ERROR: are up to date.  If you want to override this check, type
ERROR: "/home/user/pkg/bin/bmake NO_CHECKSUM=yes [other args]".
>Fix:
One workaround is building with "NO_CHECKSUM=yes" as an argument, but it will make the system vulnerable to a man-in-the-middle attack while building the package.

The correct way to fix it is editing textproc/icu/distinfo on the pkgsrc tree to have the correct hashes for icu4c-64_2-src.tgz, as this file will be protected by the checksum files at https://ftp.netbsd.org/pub/pkgsrc/stable/*.SHA1.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.