[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] [opam-devel] Fwd: ounit dependency failing for mirage-xen package

There was news from malicious uploads on the forge from Sylvain yesterday:
  https://forge.ocamlcore.org/forum/forum.php?forum_id=930

On Mon, Mar 28, 2016 at 3:46 PM, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
Does anyone have time to check the forge distfiles to see if they've been altered maliciously?

I see this in some builds:

        /home/opam/.opam/packages.dev/ounit.2.0.0/ounit-2.0.0.tar.gz:
          - 2e0a24648c55005978d4923eb4925b28 [expected result]
          - 0f4f7cf8741d98cb419e45cc69962600 [actual result]
        This may be fixed by running `opam update`.

and the below spyware warning is very concerning indeed.

-a


> Begin forwarded message:
>
> From: Aaron Cornelius <aaron.cornelius@xxxxxxxxxxxxxxx>
> Subject: Re: [MirageOS-devel] ounit dependency failing for mirage-xen package
> Date: 28 March 2016 at 14:08:11 BST
> To: <talex5@xxxxxxxxx>
> Cc: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
>
> On 3/26/2016 7:05 AM, Thomas Leonard wrote:
>> On 23 March 2016 at 16:25, Aaron Cornelius
>> <aaron.cornelius@xxxxxxxxxxxxxxx> wrote:
>>> I am setting up a new cubieboard today with mirage, but when attempting to
>>> install the necessary opam packages I get the following md5sum error on the
>>> downloaded package:
>>>
>>> [ERROR] Bad checksum for
>>> /home/mirage/.opam/packages.dev/ounit.2.0.0/ounit-2.0.0.tar.gz:
>>>          - 2e0a24648c55005978d4923eb4925b28 [expected result]
>>>          - db53f6fe7559ddf572f672cbe2983f13 [actual result]
>>>        This may be fixed by running `opam update`.
>>>
>>> I have tried 4 times and received 4 different md5sums for the downloaded package.
>>>
>>> Anyone have an idea what might be going on here?  I don't remember having this
>>> much trouble in the past.
>>
>> It works for me. Try downloading the archive manually and checking to
>> see what's inside it (I'm guessing some kind of server error message).
>>
>>  http://forge.ocamlcore.org/frs/download.php/1258/ounit-2.0.0.tar.gz
>
> I discovered the problem, it appears that forge.ocamlcore.org is now on some
> sort of spam/virus/spyware list and where I work is blocking access to it.  When
> I try to download the file directly in chrome I get a google warning as well.
>
> For the moment I created my own development opam repo and patched the ounit
> requirement out of the xen-evtchn/xen-gnt/xenstore packages.
>
> _______________________________________________
> MirageOS-devel mailing list
> MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
> http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

_______________________________________________
opam-devel mailing list
opam-devel@xxxxxxxxxxxxxxx
http://lists.ocaml.org/listinfo/opam-devel

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.