From: J. L. <vwy...@gm...> - 2011-03-16 01:51:11
|
True but still good to know about patch and what it does and why. You will be using it on your own eventually the further in you get.. Especially the more outside the standard gumstix OE branch. But I am fed 14 using all testing-update repos and I have not had to downgrade patch like you did? I just completed a new build of my image on the Fed Build box to try out some changes in OE and did not run into any issues and both Fed and OE are as up to date as they can be. Well minus going to rawhide repos on Fed. But the missmatch on checksums could be coming from where the repo is for that package and not from patch on your build machines end. TJ the best I can say is keep trying the learning curve here is beyond steep and you will fail a bunch in the beginning until you get the hang of things. Small changes I have found can alter an entire build. But I would think and could be wrong to verify its not a patch issue on the build machine end. Alter the recipe to what OE warning is telling you it should be, and I would think if it builds fine only after that change its from the packages end.. Sorry I cant be of more help with a solid do this and your fixed solution. Another thing I learned is to update your OE sparingly and pay attention to what really got updated. On Tue, Mar 15, 2011 at 6:40 PM, Bob Cochran <bco...@ve...> wrote: > I was going to mention just deleting the ncurses source file, but > bitbake uses patch and I am not certain what the current versions of > patch (to which CVE fixes are applied) are doing to the sources. I > wonder if some source packages are being corrupted by recent versions of > patch. > > I had a similar problem earlier with a different package and I know JL > and others suggested deleting just the source for that package, not the > entire directory. I did that, and it worked fine for bitbaking that one > package. But patch kept rejecting some necessary patches for other > packages that had patched just fine in the past. And I wondered what > patch was doing to other packages that appeared to have a "corrupted > SHA" problem. This kept recurring for me too. > > The fix, for me, was to downgrade to the version of patch that did not > have any fixes for CVE-2010-4651 applied. > > I know that TJ is running an older version of Ubuntu, but if he updated > it recently, his patch utility might have been updated for security > fixes only. The patch utility is used by bitbake. So TJ doesn't have to > "use patch himself"; bitbake is using it for him. > > Bob Cochran > > > > On 03/15/2011 09:17 PM, TJ wrote: > > Yeah I tried that. I first tried deleting just the ncurces files but > > when they downloaded again I got the same thing. Then I tried deleting > > the whole tmp directory and rebuilding - same result. > > > > On 16 March 2011 14:02, J. L.<vwy...@gm...> wrote: > >> Bob, > >> > >> You dont need to delete your sources directory, if you have an issue > during > >> the DL of a package just delete that. Theres no point in DLing each > time. > >> Just delete your /tmp > >> > >> > >> > >> On Tue, Mar 15, 2011 at 5:28 PM, Bob Cochran<bco...@ve...> > wrote: > >>> Hi TJ, > >>> > >>> I had a similar experience and I solved it. You don't mention what > >>> distribution you are using, whether it is Fedora or not, and you do not > >>> mention your version of patch, either. However I believe this failure > is > >>> related to fixes for an identified vulnerability discussed in > >>> CVE-2010-4651 which affect the patch utility. Here is a snippet of the > >>> two most recent changes applied to the Fedora/Redhat flavor of patch: > >>> > >>> * Thu Feb 10 2011 Tim Waugh<tw...@re...> 2.6.1-8 > >>> - Incorporate upstream fix for CVE-2010-4651 patch so that a target > >>> name given on the command line is not validated (bug #667529). > >>> > >>> * Tue Feb 08 2011 Tim Waugh<tw...@re...> 2.6.1-7 > >>> - Applied upstream patch to fix CVE-2010-4651 so that malicious > >>> patches cannot create files above the current directory > >>> (bug #667529). > >>> > >>> If your flavor of patch is similarly patched and rebuilt for the above, > >>> then I believe the solution to the problem is to downgrade patch to the > >>> latest version that does not have CVE-2010-4651 patches applied. In my > >>> case, I did this: > >>> > >>> 'yum downgrade patch' > >>> > >>> ...which got me to patch version 2.6.1-5. > >>> > >>> I got rid of my ~/${OVEROTOP}/tmp and ~/${OVEROTOP}/sources > directories, > >>> and redid the bitbake: > >>> > >>> bitbake omap3-console-image > >>> > >>> and everything worked fine after that. > >>> > >>> I realize that this leaves the patch utility with an exploitable > >>> vulnerability, but the maintainer is going to need to find a fix for > >>> patch that doesn't break legacy uses of patch. > >>> > >>> Bob > >>> > >>> > >>> > >>> On 03/15/2011 05:54 PM, TJ wrote: > >>>> I guess I should mention I'm trying to (re) build a console image with > >>>> > >>>> bitbake omap3-console-image > >>>> > >>>> > >>>> > >>>> On 16 March 2011 10:23, TJ<jor...@gm...> wrote: > >>>>> I built a dev mchine from scratch about a week ago and didn't have > any > >>>>> problems. Now however, when I repeat the process, I get this error: > >>>>> > >>>>> ERROR: TaskFailed event exception, aborting > >>>>> ERROR: Build of > >>>>> > >>>>> > virtual:native:/home/trev/overo-oe/org.openembedded.dev/recipes/ncurses/ > ncurses_5.7.bb > >>>>> do_fetch failed > >>>>> NOTE: Preparing runqueue > >>>>> NOTE: Executing runqueue > >>>>> ERROR: Task 2541 > >>>>> > >>>>> > (virtual:native:/home/trev/overo-oe/org.openembedded.dev/recipes/ncurses/ > ncurses_5.7.bb, > >>>>> do_fetch) failed with 256 > >>>>> ERROR: > >>>>> > 'virtual:native:/home/trev/overo-oe/org.openembedded.dev/recipes/ncurses/ > ncurses_5.7.bb' > >>>>> failed > >>>>> NOTE: Running task 101 of 4972 (ID: 2541, > >>>>> > >>>>> > virtual:native:/home/trev/overo-oe/org.openembedded.dev/recipes/ncurses/ > ncurses_5.7.bb, > >>>>> do_fetch) > >>>>> NOTE: package ncurses-native-5.7-r15: task do_fetch: Started > >>>>> NOTE: The checksums for > >>>>> '/home/trev/overo-oe/sources/ncurses-5.7-20100501.patch.gz' did not > >>>>> match. > >>>>> Expected MD5: '6518cfa5d45e9069a1e042468161448b' and Got: > >>>>> 'b2a4bc176e9f29b0c439ef9a53a62a1a' > >>>>> Expected SHA256: > >>>>> 'a97ccc30e4bd6fbb89564f3058db0fe84bd35cfefee831556c500793b477abde' > and > >>>>> Got: > '7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73' > >>>>> NOTE: Your checksums: > >>>>> SRC_URI[p20100501.md5sum] = "b2a4bc176e9f29b0c439ef9a53a62a1a" > >>>>> SRC_URI[p20100501.sha256sum] = > >>>>> "7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73" > >>>>> > >>>>> FATAL: ncurses-native-5.7: > >>>>> ftp://invisible-island.net/ncurses/5.7/ncurses-5.7-20100501.patch.gz > >>>>> cannot check archive integrity > >>>>> ERROR: > >>>>> > 'virtual:native:/home/trev/overo-oe/org.openembedded.dev/recipes/ncurses/ > ncurses_5.7.bb' > >>>>> failed > >>>>> trev@trev-laptop:~/overo-oe$ > >>>>> > >>>>> Can anyone shed some light on this? Has something changed upstream or > >>>>> something in the last few days? I've tried redownloading the ncurces > >>>>> files but get the same thing so it's not a data transmission error. > >>>>> > >>>> > ------------------------------------------------------------------------------ > >>>> Colocation vs. Managed Hosting > >>>> A question and answer guide to determining the best fit > >>>> for your organization - today and in the future. > >>>> http://p.sf.net/sfu/internap-sfd2d > >>>> _______________________________________________ > >>>> gumstix-users mailing list > >>>> gum...@li... > >>>> https://lists.sourceforge.net/lists/listinfo/gumstix-users > >>>> > >>> > >>> > ------------------------------------------------------------------------------ > >>> Colocation vs. Managed Hosting > >>> A question and answer guide to determining the best fit > >>> for your organization - today and in the future. > >>> http://p.sf.net/sfu/internap-sfd2d > >>> _______________________________________________ > >>> gumstix-users mailing list > >>> gum...@li... > >>> https://lists.sourceforge.net/lists/listinfo/gumstix-users > >> > >> > ------------------------------------------------------------------------------ > >> Colocation vs. Managed Hosting > >> A question and answer guide to determining the best fit > >> for your organization - today and in the future. > >> http://p.sf.net/sfu/internap-sfd2d > >> _______________________________________________ > >> gumstix-users mailing list > >> gum...@li... > >> https://lists.sourceforge.net/lists/listinfo/gumstix-users > >> > >> > > > ------------------------------------------------------------------------------ > > Colocation vs. Managed Hosting > > A question and answer guide to determining the best fit > > for your organization - today and in the future. > > http://p.sf.net/sfu/internap-sfd2d > > _______________________________________________ > > gumstix-users mailing list > > gum...@li... > > https://lists.sourceforge.net/lists/listinfo/gumstix-users > > > > > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d > _______________________________________________ > gumstix-users mailing list > gum...@li... > https://lists.sourceforge.net/lists/listinfo/gumstix-users > |