[gentoo-amd64] !!! Security Violation: A file exists that is not in the manifest.

[gentoo-amd64] !!! Security Violation: A file exists that is not in the manifest.

[Mark Knecht]

>>> clean: No packages selected for removal.

>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to /
!!! Security Violation: A file exists that is not in the manifest.
!!! File: files/digest-baselayout-1.12.0_pre16-r2
lightning ~ #

What's the proper way to take care of this?

Thanks,
Mark

-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] !!! Security Violation: A file exists that is not in the manifest.

[Bob Slawson]

Mark Knecht wrote:
>>>> clean: No packages selected for removal.
>>>>         
>
>   
>>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to /
>>>>         
> !!! Security Violation: A file exists that is not in the manifest.
> !!! File: files/digest-baselayout-1.12.0_pre16-r2
> lightning ~ #
>
> What's the proper way to take care of this?
>
>   
This sort of problem happens occasionally.  It is likely the Portage
tree that you last sync'd with was not in sync perhaps because it was
itself in the process of syncing so...

wait a bit, 4 hours should do, then 'emerge --sync' and the problem
will, in all likelihood, remedy itself.

BobS

-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] !!! Security Violation: A file exists that is not in the manifest.

[Jared Lindsay]

I also had a problem with baselayout today, and I just fixed it by
cd'ing to the directory and running ebuild baselayout-x.x.x-rx digest.
 Maybe not the safest thing to do, but it works, nonetheless.

On 3/2/06, Bob Slawson <bslawson@frontiernet.net> wrote:
> Mark Knecht wrote:
> >>>> clean: No packages selected for removal.
> >>>>
> >
> >
> >>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to /
> >>>>
> > !!! Security Violation: A file exists that is not in the manifest.
> > !!! File: files/digest-baselayout-1.12.0_pre16-r2
> > lightning ~ #
> >
> > What's the proper way to take care of this?
> >
> >
> This sort of problem happens occasionally.  It is likely the Portage
> tree that you last sync'd with was not in sync perhaps because it was
> itself in the process of syncing so...
>
> wait a bit, 4 hours should do, then 'emerge --sync' and the problem
> will, in all likelihood, remedy itself.
>
> BobS
>
> --
> gentoo-amd64@gentoo.org mailing list
>
>

-- 
gentoo-amd64@gentoo.org mailing list

[gentoo-amd64] Re: !!! Security Violation: A file exists that is not in the manifest.

[Duncan]

Mark Knecht posted
<5bdc1c8b0603021524m572eedf7x18e22e51a1274d08@mail.gmail.com>, excerpted
below,  on Thu, 02 Mar 2006 15:24:07 -0800:

>>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to /
> !!! Security Violation: A file exists that is not in the manifest.
> !!! File: files/digest-baselayout-1.12.0_pre16-r2
> lightning ~ #
> 
> What's the proper way to take care of this?

Depends on how paranoid you are.  While it could be someone trying to
crack the Gentoo ecosystem, it's far more likely to be a simple mis-sync
-- either you or the upstream rsync server you used happened to sync at
just the wrong moment and get a modification in progress, with the file
there but the manifest not yet updated to reflect it.  It could also be
due to a dev partial-syncing, with the same results.

If you are willing to play the odds, you can just ebuild digest (see
the ebuild manpage if necessary) the thing and it'll fix the issue on your
system.  If you are security conscious enough to not be comfortable doing
that (I certainly wouldn't be -- those manifests are there for a reason,
and it /could/ be a cracker trying something, even if rather unlikely),
wait a minimum 90 minutes between syncs, and try another emerge --sync. 
Hopefully by then the problem will have corrected itself, or you'll get a
different sync server assigned that doesn't have the problem.

If the issue still exists several hours later, after a resync, check the
logs and verify the servers you are syncing with, then file a bug on
either the rsync server or baselayout, as it's something that needs fixed,
still most likely a dev accident, but getting more likely it's a real
security issue.

That assumes nothing irregular at your end, like you added that subdir in
your rsync-excludes file or something, but then again, if you'd done that,
you'd likely know that was the reason without asking.  That would be a bit
hard to do by accident. =8^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman in
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html


-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] Re: !!! Security Violation: A file exists that is not in the manifest.

[Mark Knecht]

Redoing eix-sync a few times over the last couple of hours and now
it's cleaned up.

cheers,
Mark

On 3/2/06, Duncan <1i5t5.duncan@cox.net> wrote:
> Mark Knecht posted
> <5bdc1c8b0603021524m572eedf7x18e22e51a1274d08@mail.gmail.com>, excerpted
> below,  on Thu, 02 Mar 2006 15:24:07 -0800:
>
> >>>> emerge (4 of 6) sys-apps/baselayout-1.11.14-r6 to /
> > !!! Security Violation: A file exists that is not in the manifest.
> > !!! File: files/digest-baselayout-1.12.0_pre16-r2
> > lightning ~ #
> >
> > What's the proper way to take care of this?
>
> Depends on how paranoid you are.  While it could be someone trying to
> crack the Gentoo ecosystem, it's far more likely to be a simple mis-sync
> -- either you or the upstream rsync server you used happened to sync at
> just the wrong moment and get a modification in progress, with the file
> there but the manifest not yet updated to reflect it.  It could also be
> due to a dev partial-syncing, with the same results.
>
> If you are willing to play the odds, you can just ebuild digest (see
> the ebuild manpage if necessary) the thing and it'll fix the issue on your
> system.  If you are security conscious enough to not be comfortable doing
> that (I certainly wouldn't be -- those manifests are there for a reason,
> and it /could/ be a cracker trying something, even if rather unlikely),
> wait a minimum 90 minutes between syncs, and try another emerge --sync.
> Hopefully by then the problem will have corrected itself, or you'll get a
> different sync server assigned that doesn't have the problem.
>
> If the issue still exists several hours later, after a resync, check the
> logs and verify the servers you are syncing with, then file a bug on
> either the rsync server or baselayout, as it's something that needs fixed,
> still most likely a dev accident, but getting more likely it's a real
> security issue.
>
> That assumes nothing irregular at your end, like you added that subdir in
> your rsync-excludes file or something, but then again, if you'd done that,
> you'd likely know that was the reason without asking.  That would be a bit
> hard to do by accident. =8^)
>
> --
> Duncan - List replies preferred.   No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman in
> http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html
>
>
> --
> gentoo-amd64@gentoo.org mailing list
>
>

-- 
gentoo-amd64@gentoo.org mailing list