# Broken Pipe on Air-Gapped (and Verifying Your Mirror)

## miroR

EDIT START 2014-11-01 I want to tell the reader upfront that lots of this here is wondering. Read these "EDIT" notes to see what I claim is worth it, though.

The newest, of today, is:

< this same topic >

https://forums.gentoo.org/viewtopic-t-1001706.html#7643508

where I think I found an issue, maybe even a bug, and esp. there is a simple and easy to understand advice for surveillance-aware users.

---

Noooo! But I'm so glad I found it sooner than somebody rubbing my nose with it!

http://dev.gentoo.org/distfile-mirroring/whitelists.xml

It's there, the:

openssh-6.6.1p1-hpnssh14v5.diff.xz

---

But still! It can't be a right package with all the wrong HASHES... So... What do I do?... I most certainly can't install that package!

(This intro obviously will be sorted as I find out the solution, or am given advice.)

EDIT END

---

EDIT START 2014-10-14

While I can't separate the broken pipe syslog-ng issue from Mirror verification without a rewrite, I have posted separately on that issue here:

Syslog-ng from Delay in Logging to Broken Pipe and no Loggin

https://forums.gentoo.org/viewtopic-t-1001994.html

and will keep this topic for only Mirror Verification

{EDIT START 2014-10-25 and the entire reason for me going on this rampage here was for the issue that was solved as I explained there... But who could have known? Still, I won't give up on verification of the mirror. It should be possible to run a relatively simple program and know that all the files in your mirror are Gentoo Engineeriing Team verified... However, not at that level myself, and may never reach that level, to be able to do something of that kind myself.... 

EDIR END}

EDIT END

---

EDIT 2014-10-12 changing the title to:

Broken Pipe on Air-Gapped (and Verifying Your Mirror)

---

EDIT 2014-10-11 START

Just figured out some things, and so part of the suspicions here, about portage snapshots not being there are likely completely wrong. They are just not out in the open for non-experts like me, but I'm figuring out...

Bear this in mind:

(this same topic)

https://forums.gentoo.org/viewtopic-t-1001706.html#7631234

and sorry to have bothered the releng with this.

EDIT END

---

title:

Broken Pipe on Air-Gapped (and Portage Snapshots Unavailable on Mirrors Wordlwide)

---

To be able to follow what we have here, a newbie (I'm always about getting new people into true *niix Gentoo-no-poetteringware-no-spyware), a newbie needs to familiarize with:

Air-Gapped Gentoo Install, Tentative

https://forums.gentoo.org/viewtopic-t-987268.html

Woke up this morning after I fell asleep while a slow bash script was running, and saw this:

```

# tailf messages &

[1] 8966

...[ 7 lines snipped ]...

Oct 10 03:16:09 mybox kernel: grsec: chdir to /usr/portage/app-i18n/jfbterm by /usr/bin/updatedb[updatedb:10093] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/mlocate[mlocate:10085] uid/euid:0/0 gid/egid:0/0

Oct 10 03:16:09 mybox kernel: grsec: chdir to /usr/portage/app-i18n by /usr/bin/updatedb[updatedb:10093] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/mlocate[mlocate:10085] uid/euid:0/0 gid/egid:0/0

Oct 10 03:15:57 mybox syslog-ng[2097]: I/O error occurred while reading; fd='9', error='Broken pipe (32)'

# date

Fri 10 Oct 10:32:48 CEST 2014

# ls -ltr messages

-rw------- 1 root root 61543257 2014-10-10 03:15 messages

# 

```

Obviously the latter ("date") is of my typing. The syslong-ng has not been writing in /var/log/messages for 7 (seven) hours at all. And surely, the error should be indicative to experts (not me, I'm a struggling user).

And, as the issued "date" command of my typing tells, the tailf is not producing any new lines from the messages. And the messages is not written to at all.

LAST EDIT BEFORE POSTING START (upon proofreading):

Yes, that's still almost the entire lot of it in all of these ten (10) hours:

```

# tail -10 messages 

...[ 8 lines snipped ]...

Oct 10 03:15:57 mybox syslog-ng[2097]: I/O error occurred while reading; fd='9', error='Broken pipe (32)'

Oct 10 11:49:15 mybox sudo:     ukrainian : TTY=pts/4 ; PWD=/home/ukrainian ; USER=root ; COMMAND=/bin/bash

#

```

LAST EDIT BEFORE POSTING END

```

# tail -1 messages

Oct 10 03:15:57 mybox syslog-ng[2097]: I/O error occurred while reading; fd='9', error='Broken pipe (32)'

# 

```

That's just the same one hopefully indicative line.

Also the "/usr/bin/updatedb[updatedb ..." lines. You are spared them and see

just those two. But:

```

# tail -9000 messages | grep 'updatedb' | wc -l

8999

# tail -10000 messages | grep 'updatedb' | wc -l

9999

# tail -100000 messages | grep 'updatedb' | wc -l

99999

# tail -1000000 messages | grep 'updatedb' | wc -l

234924

# tail -234930 messages | grep 'updatedb' | wc -l

234920

# 

```

(Sorry for my initial incredulity in trying to see how many of those I was to find). 

```

# tail -234930 messages | grep 'updatedb' | head

Oct 10 03:12:59 mybox kernel: grsec: exec of /usr/bin/updatedb (/usr/bin/updatedb -f  ) by /usr/bin/updatedb[mlocate:10093] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/mlocate[mlocate:10085] uid/euid:0/0 gid/egid:0/0

...[ 8 lines snipped ]...

Oct 10 03:12:59 mybox kernel: grsec: chdir to /Cmn/BAKB1016_dd/dd_B0420/etc_at8-g200/.java by /usr/bin/updatedb[updatedb:10093] uid/euid:0/0 gid/egid:0/0, parent /etc/cron.daily/mlocate[mlocate:10085] uid/euid:0/0 gid/egid:0/0

grep: write error

tail: error writing ‘standard output’: Broken pipe

#

```

Pls. take notice of the line:

```

tail: error writing ‘standard output’: Broken pipe

```

above.

Also, this I think is the first time that I see that stinking rummaging through my machine without me initializing it. Namely I didn't set this looking up through all the files in my box in any way.

I saw it previously, it just rummages through all and any of whatever that is there, or that I mount, or uncompress somewhere, anything whatsoever. It's the kind of rummaging through that I remember first seeing when I tried Red Hat really long time ago, and later on with SuSE all the time, and to some extent recently on Debian, but never, never, never yet on Gentoo.

Exampli gratia, I uncompressed a few of my old portage snapshots, and this freaking not-initialized-by-me-in-any-way updatedb (the snooping that never yet existed in any implementation of any of my Gentoos) went rummaging through all of them:

```

$ ls -ABRgod portage-2014????/

drwxr-xr-x 169 4096 2014-05-28 02:31 portage-20140527/

drwxr-xr-x 169 4096 2014-05-29 02:31 portage-20140528/

drwxr-xr-x 169 4096 2014-05-30 02:31 portage-20140529/

drwxr-xr-x 169 4096 2014-07-12 02:31 portage-20140711/

drwxr-xr-x 169 4096 2014-09-30 02:31 portage-20140929/

drwxr-xr-x 169 4096 2014-10-01 02:31 portage-20140930/

drwxr-xr-x 169 4096 2014-10-02 02:31 portage-20141001/

drwxr-xr-x 169 4096 2014-10-03 02:31 portage-20141002/

drwxr-xr-x 169 4096 2014-10-04 02:31 portage-20141003/

drwxr-xr-x 169 4096 2014-10-05 02:31 portage-20141004/

drwxr-xr-x 169 4096 2014-10-06 02:31 portage-20141005/

drwxr-xr-x 169 4096 2014-10-07 02:31 portage-20141006/

$

```

We are talking here this much:

```

$ du -sh portage-2014????/

826M   portage-20140527/

827M   portage-20140528/

829M   portage-20140529/

835M   portage-20140711/

841M   portage-20140929/

841M   portage-20140930/

841M   portage-20141001/

841M   portage-20141002/

841M   portage-20141003/

841M   portage-20141004/

842M   portage-20141005/

842M   portage-20141006/

$

```

of pure text and only text, so imagine what sense it makes.

While I have no idea yet why the errors in my /var/log/messages above, I know I can tell you that showing you this list of uncompressed portage snaphots does makes some sense, and you'll easily grasp why, next.

Late on 2014-10-06 (or early on 2014-10-07) I rsynced my private mirror. And the sole portage snapshots that I was able to download from, I tried a few mirros' /snapshots/ directories, are the ones shown above, portage-20140929.tar.xz{,.gpgsig,.md5sum,.umd5sum} through portage-20141006.tar.xz{,.gpgsig,.md5sum,.umd5sum} (excluding the old ones before 2014-09).

In other words, if anyone in the world now tried to get the verified portage snapshots other then (it's been days that I work on this, so the last 8 snapshots are different now: portage-20141003 through portage-20141010), they wouldn't be able to.

A month's worth of such great package verifiers that as a method is hard to find so splendid in any FOSS Linux/*nix is around 2GB. Is that an amount worth sparing?

Removing them like this, so very very soon, is like saying, oh well, I can sign my statements, but if you are not around every single freaking week, to ask for them, well then, I don't want you to be able to read my signed statements. Why that attitude?

I will try and ask the releng about this, and who knows, maybe I get this term prolonged for air-gappers like me to at least one month (three months would be really a decent minimum, but this one week is a shame! so anything even a bit longer would be an improvement)... Who knows maybe they'll lend an ear...

But the above is just an impediment to my problem, and not the problem that I am trying to describe and solve.

And to explain the problem to you, id est to eliminate a few possible causes, I need to explain the current Gentoo instance on which it occurs.

In the first place, just as I am a backup-dependent air-gapper and so I had a few previous portage snapshots lying around which the Gentoo devs are not letting its own world of users have for some unknown and obviously puzzling reason, and so I am amongst the tiny few of Gentoo users that could ever even do the following, in the world!...

In the first place, right after my problem showed up upon my research when I had strange events described on:

grsec: halting the system due to suspicious kernel crash

https://forums.grsecurity.net/viewtopic.php?f=3&t=3709&start=15#p14456

and I mean the syslog-ng complaining about the "Broken pipe" and then not logging at all. At all! That sure is _the_ problem...

In the first place, right after my problem showed up, I expected I had to go pretty deep to solve it.

Having just sufficient knowledge to comfortably discuss most of these issues, I decided I needed to first go and see if the issue would go away if I simply just recompiled the system back from when I had no such issue.

And I actually went four (4) months back.

What I mean is, I restored the system partitions to the state they were four months ago, to the bit, yes: to every single bit (

for newbies possibly reading this, some explanation how I did it is here:

Postfix smtp-tls-wrapper, Bkp/Cloning Mthd, A Zerk Provider

https://forums.gentoo.org/viewtopic-t-999436.html

)

, from the backup that I took back then.

Then I updated the system in ways that is, by some unknown and puzzling design and similar sparingliness of 2GB per/month of not-so-terribly used snapshots

(  most of people generally don't care about security, proof being Linus' words how security is not the most important thing [1] seemingly not bringing much reaction from the FOSS Linux crowd:

QA_with_Linus_Torvalds

http://www.youtube.com/watch?v=2mIPPKReeGg

(duration: 1:11:00)

to hear the kind rant of his against real security, go to 1:05:30, six minutes

before end

My take on it you can read:

Why is Gentoo not switching to systemd?

https://forums.gentoo.org/viewtopic-t-998108-start-300.html#7624044

)...

[Then I updated the system] in ways that is not available to almost anyone in the world, and that is, by using portage snapshots from 2014-06, then 2014-07, 2014-08 and 2014-09.

I want to point out here, that I would have needed the previous signed portage snapshots for very exact and very sensible reason, but I need to expand on it in my own next separate post, to keep the presentation a little less complex. Just, it is about verifying the local mirror.

The system was offline all the time since the restore-and-reemerge. And I surely didn't connect the IPTV recording clone of its to it which caused the kernel panic issue, unresolved yet, that I posted about on the Grsecurity Forums topic in the link given above.

It actually is not and does not connect to anything that is in any way online.  This system is, as far as a user can achieve it, air-gapped.

( And, just to tell this much about verifying of what I went to install, and whether there could have been extraneous causes to this problem introduced from unverified packages: there weren't any unverified packages installed, because I checked every single download, and from pretty carefully maintained local mirror!, before emerging any --about that more in the next post that I am yet to write. )

And, upon the update to 2014-09-xx, let me see precisely: 

```

# ls -ABRgo /usr/portage/distfiles/portage-20140910.tar.xz*

-rw-r--r-- 1 61564992 2014-09-11 02:45 /usr/portage/distfiles/portage-20140910.tar.xz

-rw-r--r-- 1      819 2014-09-11 02:55 /usr/portage/distfiles/portage-20140910.tar.xz.gpgsig

-rw-r--r-- 1       58 2014-09-11 02:55 /usr/portage/distfiles/portage-20140910.tar.xz.md5sum

-rw-r--r-- 1       55 2014-09-11 02:55 /usr/portage/distfiles/portage-20140910.tar.xz.umd5sum

#

```

the problem shows up again.

So, while I will try and see if the problem goes away if I try and update the system with, say portage-20141006 snapshot, I still wish to post this, because with this post, I want to also kindly ask the Gentoo Release Engineering Team (the releng) to prolong this term for security-aware users, such as air-gappers like me, to at least one month.  Three months of keeping the portage snapshots on the mirrors would be really a decent minimum, but this one week is a shame! And so anything even a bit longer would be an improvement...

Pls., dear Gentoo releng, lend an ear to this need of I believe many other users as well!

Because, it is, this making unavailable of these great package verifiers that signed portage snaphots are, after just those few days, it is like saying:

 *Quote:*   

> 
> 
> Oh well, I can sign my statements, but if you are not around every single freaking week, to ask for them, well then, then I don't want you to be able to read my signed statements.
> 
> 

 

Why that attitude?

I'm ill these days, so pls., while I will try and respond quickly, allow longer time for me to reply if you post any followups.

Regarding the post in which I intend to explain how I'm trying to verify my local (private) mirror and new downloads from it before installation, allow time for that too. On top of having issues with my health, I really work slowly anyway  :Wink:  .

Miroslav Rovis

Zagreb, Croatia

www.CroatiaFidelis.hr

[1] What Linus says there could be paraphrased: "Security is not the most important thing in the kernel, performance is more important." To which the right reply would be: "Fine. Give me the keys to your apartment and feel free running around the town, "stupid"! [2]". So Linus is wrong! And leaving out the spyware SELinux imposed on all the newbies of FOSS Linux in the world which someone needs to tell them what it is, and less and less information there is in this censored world about its true nature... Leaving the spyware SELinux out, the most important thing for a user with at least some brains, is:

 *Quote:*   

> I want my apartment locked for anyone but who I intend to allow in it, when I'm having my time downtime(, "stupid"!)...

 

Apartment is of course allegory for my computer. 

[2] "stupid" is TM by Linus Torvalds, because that's a reference to that guy's attitude, I don't otherwise like calling people names in public like he does.  My telling him that he is a lier, as I wrote in the link to my post in "Why is Gentoo not switching to systemd?" is not calling him names, it's truth, and it's based on logical reasoning derived from two expert arguments (not mine) that I have not yet seen rejected, and I doubt that anyone can, really reject.

I really wish somebody should at least try and reject those two arguments, instead of this almost silence on them.

Where are you FOSS people from other countries, from Russia, from China, from Brasil, from Africa, from anywhere else? Do none of you at this day and age speak English fluent enough to tell your thoughts? Or what is the reason? FOSS Linux, and Gentoo, belongs to us all, not to any culture in particular, but to all nations and all cultures, because we all contributed to FOSS Linux/*nix and it's ours...Last edited by miroR on Sat Nov 01, 2014 9:50 pm; edited 13 times in total

----------

## miroR

EDIT 2014-10-11 START

I just figured out there must be enough information, so I'm sorry to have bothered the releng, who have certainly more important things to do

See here:

https://forums.gentoo.org/viewtopic-t-1001706-highlight-.html#7631234

EDIT END

EDIT 2014-10-10 START (for clarity)

[ This is not the "second post that I promised in the first post above. It is yet to follow. ]

EDIT END

Just sent this:

 *Quote:*   

> First try failed. (Second to two first listed failed). This is third, to one by one. Humiliating...
> 
> ======================================================
> 
> Trying to send this to the first three listed on:
> ...

 

to releng. Let it be publically.

MiroLast edited by miroR on Sat Oct 11, 2014 2:22 pm; edited 4 times in total

----------

## Ant P.

 *miroR wrote:*   

> Namely I didn't set this looking up through all the files in my box in any way.

 

Did the magic NSA fairy install mlocate and cron, leave everything at their defaults, and then add cron to your default runlevel? No. PEBKAC.

----------

## miroR

My promised second post of the still new topic "Broken Pipe on Air-Gapped (And Portage Snapshots Unavailable on Mirrors Worldwide)".

I try and log all my system changes the user way. Such as, and then I get the verification that I trust, I mean I trust when portage tells me:

```

... <some package> ... SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]

```

, [such as,] I use, first, with the emerge command, the "--fetchonly" option, so that when I get only such confirmation, and on every package that I want to install:

```

$ emerge -tuDN --fetchonly world 2>&1 | tee /some-where/emerge-tuDN_world_`date +%s`

```

--Sure that's the user way, because I don't know enough to be able to use the existing logging for that...-- 

I only then really proceed to install those packages which that first command downloaded, id est, I repeat the command but this next time without the '--fetchonly' option.

(

And sure enough I do get a log --the user way-- to remain for my future reference, and that is thanks to the "2>&1 | tee ..." part.

Important, since, and this is another problem, emerge-fetch.log which is not taken at all if --fetchonly option is given in the command, and if it isn't, it seems to not keep any but the current download information, and it simply overwrites that information the next time a new emerge command is issued.  

And that is another sad thing to see, and I intend to expand on that one in the next post too.

)

By the way, it seems to me that that is the only verbose (verbosity is needed for non-expert but security aware users like me) way to easily first check, and then install only verified packages.

Of course, portage wouldn't just install anything that does not verify, but if the problem described in my first post is not some bug in syslog-ng or some related package, then it can only be a result of an intrusion, be it in my system independently from portage itself as released and available from releng, or be it, not less likely I would argue, somewhere in the process of inclusion of the myriad of programs' ebuilds themself into the portage snapshots' releases... 

[But if the problem described in my first post is not some bug in syslog-ng or some related package], what alternative if any am I left with, but to make in the first place certain that the packages I have or am about to install are the ones that Portage Engineering Team has verified. I can't go on without knowing that. Else I had better reinstall Gentoo from scratch...

Prior to this lengthy "if..." above and the surrounding rationale just above, I showed how I keep track of what exactly I install on my system.

That is how I, as you can read in the first post (but let me put a little more clarity into it), installed, on a restored backup old some 120 days, the new packages, in four steps, and the fifth step is next, in consecutive order, using (I'm simplifying) portage snapshots from 2014-06 and "emerge ... world" command above, then 2014-07 and emerge, 2014-08 and emerge and 2014-09 and emerge, and next I will try and first deploy portage snapshot from 2014-10-06 and run the aforesaid "emerge ... world" command.

I really doubt I could otherwise now have a no-dbus, no-kits, no-systemd, no-any-poetteringware system updated if I tried to update straight to 2014-10-06... unless I applied some obsure settings or created my own overlay (which I will probably have to learn to do, but time scarce in my turtle-slow progress) and modify the necessary ebuilds [1].

I wish I was capable to explain things more briefly than I do, but without occasional newbies getting insufficient information for their level, but maybe that would not be possible. Even what I write, a newbie must go for occasional documentation and issue man this and man that command in their terminals.

But I was also saying, in the first post of this topic, about verifying my private, or local, mirror, and how I missed previous signed portage snapshots to be able to do that.

Actually it is more complex than that. The names of the packages, id est say:

Linux-PAM-1.1.8.tar.bz2

(which is Red Hat's and I don't trust it so much, but I had to install it, seems it is practically required for postfix and dovecot which I use) in a Gentoo mirror (it is the same packages on any mirror, be it public or local mirror), don't always correspond with the portage name of the package, id est:

```

*  sys-libs/pam

      Latest version available: 1.1.8-r2

      Latest version installed: 1.1.8-r2

```

and while I checked emerge, portage and equery manpages, I wasn't able to find an easy way to check all the files in my mirror. How is that done, if anyone can teach us?

I'll explain more in detail how I managed to verify, with much certainty, the majority of all of my packages on my mirror, but not all.

However, not to add to the complexity, I think it is better to start a new post, because here I will also need to post my imperfect shell scripts which I used to verify my local mirror.

Miroslav Rovis

Zagreb, Croatia

www.CroatiaFidelis.hr

[1] What I am saying, is I just don't think there I need any special IPC (Inter Process Communication) other that the flaky one that sysvinit is already offering for me to install wireshark, and I would need to change some ebuilds, because, exampli gratia, after first step, when trying to install wireshark with the command:

```

$ emerge -tuDN --fetchonly wireshark 2>&1 | tee /some-where/emerge-tuDN_wireshark_`date +%s`

```

, I got this

```

* Last emerge --sync was 88d 23h 30m 34s ago.

These are the packages that would be merged, in reverse order:

Calculating dependencies  ..... ........ done!

!!! All ebuilds that could satisfy ">=app-accessibility/at-spi2-atk-2.5.3"

have been masked.

!!! One of the following masked packages is required to complete your

request:

- app-accessibility/at-spi2-atk-2.12.1::gentoo (masked by: package.mask)

- app-accessibility/at-spi2-atk-2.10.2::gentoo (masked by: package.mask)

(dependency required by "x11-libs/gtk+-3.12.2[X]" [ebuild])

(dependency required by "net-analyzer/wireshark-1.12.0_rc2-r1[gtk3]"

[ebuild])

(dependency required by "wireshark" [argument])

For more information, see the MASKED PACKAGES section in the emerge

man page or refer to the Gentoo Handbook.

```

And those gnome packages at-spi2-atk-... are blacklisted in my package.mask, because they insist on installing dbus.

Exampli gratia:

```

$ cat /usr/portage/app-accessibility/at-spi2-atk/at-spi2-atk-2.12.1.ebuild

...[snip]...

COMMON_DEPEND="

   >=app-accessibility/at-spi2-core-2.11.2

   >=dev-libs/atk-2.11.90

   >=dev-libs/glib-2.32:2

   >=sys-apps/dbus-1.5

"

...[snip]...

```

with the:

```

$ cat /usr/portage/app-accessibility/at-spi2-core/at-spi2-core-2.12.0.ebuild

RDEPEND="

   >=dev-libs/glib-2.36:2

   >=sys-apps/dbus-1

...[snip]...

```

And yet with the old gtk+ 3.4.4 still installed:

```

mybox ukrainian # emerge -s gtk+

Searching...       

[ Results for search key : gtk+ ]

[ Applications found : 2 ]

*  x11-libs/gtk+

      Latest version available: 3.12.2

      Latest version installed: 3.4.4

      Size of files: 14,664 KiB

      Homepage:      http://www.gtk.org/

      Description:   Gimp ToolKit +

      License:       LGPL-2+

...[snip]...

```

I was able to install wireshark... Just how long more till programs get harder and harder to install just because the frankestein poetteringware packages just want to get into my Gentoo machine

(

pls. have a look at one of my most read topics of late:

Uninstalling dbus and *kits (to Unfacilitate Remote Seats)

https://forums.gentoo.org/viewtopic-t-992146.html

to more fully understand important thing, esp. if you are a newbie

)

?

Or can we still hope to keep the Gentoo bastion a true *nix environment in the face of those windozers on our ground, those windozer of our FOSS Linux taking from underneath of our feet our own ground and replacing it with those One-Ring intrusions?

Pls., good developers, us users depend on you! You who are honest, stay moral and unselfish, play politics if you have to, but remain faithful to FOSS and to the great principles of Unix!

This is my current wireshark install:

```

# emerge -s wireshark

...[snip]...

*  net-analyzer/wireshark

      Latest version available: 1.12.1

     Latest version installed: 1.12.0

...[snip]...

```

and I have no issues.

======================================================================================

 *Ant P. wrote:*   

> ...[snip]...
> 
> PEBKAC.

 

For other users who are certainly not all Anglo-Saxon (just as there are... also... great people in Anglo-Saxon culture), a translation:

PEBKAC =

Problem Exists Between Keyboard And Chair

But I have no desire to discuss there. And I am not talking to this detractor of mine and great supporter of NSA, which is his right, just as mine is to not support it's huge, via spyware SELinux, incursion into FOSS Linux, and just esp. as my right is to care that as many as possible number of newbies learn the truth about it.

Also I would like to call attention of readers and possible contributors to this discussion, that the topic of this discussion is that which is clearly stated and which I dedicate serious time to explain. If in the course of discussion other things are touched, that is fine, but if no substance other than offence against me is provided... it is really not moral, and neither necessary, nor does it benefit anyone. Thanks.

----------

## miroR

I'd like to post my scripts that I used to verify packages on my local mirror.

But they are not only unpolished, they are not sufficiently tested at all. They may contain all kinds of errors, and if the kind reader does not understannd them, they are surely well advised to not come as close as 'u' of using them  :Wink:  . And there are other reasons which I'll explain later, I hope.

On the other hand, lots of people in this hugely expert Gentoo Forums will very well understand all that I am trying to achieve with this script. (Lots of people will, many of them good-naturely, laugh at my low level of competence)...

I used these to check only one type of checksums: SHA256. It is still hugely, immensely, gynormously more than not checking them, isn't it! One day, but that day is surely not within a few months reach, it may be out of reach in fact entirely, because of my slowliness, but I would still wish that one day I will be able to achieve this type of mirror checking with a python script... Aargh... wishes, wishes...

The naming of the scripts can change in the future (and merging them/dividing them in parts is possible), and the variables names could completely change yet. Nothing yet have I decided firmly upon about any of these. I'm providing these scripts as food for thought, not as anything to rely upon in any way.

EDIT 2012-10-12 just updated check-mirror-sums-grep.sh script (and added another below):

```

#!/bin/bash

#

# check-mirror-sums-grep.sh

#

# generally some FOSS license to be

#

# If I make anything useful out of this script I'll pick some artistic license

# to license it under. No way would I use GPL not even 2 (which I still respect

# for all that was done under it in the past though) because RMS 

# has sided against the users by promoting the spyware SELinux on them (see the

# Emacs page on gnu.org for that).

# Sorry.

#

# Copyright Miroslav Rovis, www.CroatiaFidelis.hr

# name and website must be included if any derivatives made from this

#

ARGS=1

test $# -ne $ARGS && echo "Usage: `basename $0` $ARGS argument" && exit $E_BADARGS

#

# arg 1 is the list of new hashes to verify

#

# I got such a list of hashes simply by running sha256sum * > some-file.sum

# on my local mirror, or on the new files downloaded with rsync'ing the mirror

# against some public mirror.

#

# On the entire mirror (which is cca 180GB), and on one of my more powerful

# systems which I run Gentoo on, running a previous tentative of this script

# took some 6 (six) hours...

#

# The alternative is learning more of Gentoo, esp. portage architecture, and

# esp. the Python scripting language and the existing scripts in /usr/lib/portage/

# and elsewhere, but that would probably be measured in weeks or months,

# not days/hours that I employed for writing/running of this script.

#

# Or (another alternative) is some of the Gentoo expert telling us poor users

# how to do it...

#

# If the list of sums to check against a fresh portage snapshot is

# new-mirror-files.sum, then the command to run is:

#

# # ./check-mirror-sums-grep.sh new-mirror-files.sum 

#

# Newer users read here to more easily figure out what this is about:

# https://www.gentoo.org/doc/en/handbook/handbook-amd64.xml?full=1#webrsync-gpg

# or the equivalent arch for your machines,

# on top of other advice given in:

# Broken Pipe on Air-Gapped (and Verifying Your Mirror)

# https://forums.gentoo.org/viewtopic-t-1001706.html

#

echo "A few variables to take by read'ing them from your input next."

echo "Give the directory where the snapshots/ directory with the portage"

echo "snapshot you want to check the sums of your new rsync-downloaded files"

echo "of your mirror against is:"

read mirror_location   # such as /mnt/some-box/some-dir

echo "Give the portage snapshot filename to uncompress in"

echo "`pwd` from $mirror_location/snapshots/:"

read the_snapshot      # such as portage-20141010.tar.xz

# Need to become root to verify the snapshot

echo "gpg --homedir /etc/portage/gpg/ --verify ... is next, as root" 

# We must get something along the following lines.

# gpg: Signature made Sat 04 Oct 2014 02:55:47 CEST using RSA key ID C9189250

# gpg: Good signature from \"Gentoo Portage Snapshot Signing Key \(Automated Signing Key\)\"

# gpg:          There is no indication that the signature belongs to the owner.

# Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D

#      Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250

# Else, we don't proceed.

#

echo "Please see the script, a few lines there like:"

echo "read FAKE"

echo "That's just waiting for user hitting Enter if (s)he sees all is well"

read FAKE

sudo -s gpg --homedir /etc/portage/gpg/ --verify \

   $mirror_location/snapshots/$the_snapshot.gpgsig \

   $mirror_location/snapshots/$the_snapshot

# Next, exampli gratia, we can open, say, an empty dir somewhere, I'm only

# suggesting that because I don't feel confident to mess up with my system,

# and because this clumsy checking of mine still could work.

#

# The rest of the script does not need suid, so I think the above part of

# script should be run separately... unless I get across 

# Figure out for yourself where you want to run this, and then uncomment these.

# mkdir some-dir

# cd sme-dir/ 

#

echo "rm -rf portage/"

rm -rf portage/

echo "tar xJvf <the snapshot> is next"

read FAKE

tar xJvf $mirror_location/snapshots/$the_snapshot -C ./

#

# The latest, manually edited: $the_snapshot

#

file=$1

# However, just in case, we want to check if the file is uniq'ed (it sure is,

# but I won't be writing another script to remove the uniq'ing from my already

# written script) and sort'ed. Actually it's not sorted if we just made it by,

# say, grepping the rsync log un updating our mirror. So best thing to do is

# overwrite the original file when asked by this script:

echo ./sort-sums.sh $file is next

read FAKE

./sort-sums.sh $file

file_no_ext=`echo $file|sed 's/.sum//'`

file_CHECK=${file_no_ext}_CHECK_`date +%s`.sum

# There's unnecessary things that I did here, no time to check it yet, and no

# urgency, because works

touch $file_CHECK

echo \$file_CHECK:

echo $file_CHECK

ls -l $file_CHECK

echo ${file_no_ext}_`date +%s`.log > file_no_ext_name

distfiles_srch=`cat file_no_ext_name`

touch $distfiles_srch

echo \$distfiles_srch:

echo $distfiles_srch

ls -l $distfiles_srch

> $distfiles_srch

> $file_CHECK

> Sums

> Names

ls -ltr | tail -20 # this will show the files created or zapped as above

read FAKE

# Prepare list of files to grep for the sums (it's only Manifest files,

# by and large, and those are by design, in these two levels deep directories):

mv -iv Manifest-ALL Manifest-ALL_PREV_`date +%s`

touch Manifest-ALL

#tailf Manifest-ALL & # uncomment to see what is being cat'ed next

echo "cat portage/*/*/Manifest > Manifest-ALL"

read FAKE

cat portage/*/*/Manifest > Manifest-ALL

echo "for i in \`cat $file|cut -d' ' -f1\` ... (the entire loop) is next"

echo "There won't be any Enter'ing necessary anymore after this last one,"

echo "but you can see how the file that we freshly created"

echo "$file_CHECK, will be"

echo "growing with the hashes lines being added to it.."

read FAKE

tailf $file_CHECK &

for i in `cat $file|cut -d' ' -f1`

   do

# I don't actually remember anymore why I needed this $distfiles_srch,

# just, I know I was able to find out with this loop all the files that

# have the correct SHA256 sum as in the signed portage snapshot.

# Ah, the first line probably is superfluous, but I'm not going to check it

# till in probably some days from now:

#      echo $i > $distfiles_srch

      grep -r $i Manifest-ALL >> $distfiles_srch

      egrep 'SHA256 [0-9a-f]{64}' $distfiles_srch | \

         sed 's/.*\(SHA256 [0-9a-f]\{64\}\).*/\1/' | awk '{ print $2 }'  > Sums

# These lines give the hash found in signed portage

      egrep 'SHA256 [0-9a-f]{64}' $distfiles_srch | awk '{ print $2 }'  > Names

      paste Sums Names | sed 's/\t/  /g' >> $file_CHECK

      > $distfiles_srch

      > Sums

      > Names

   done

#

# So after having run this, I had a new list of files that contained the

# verified hashes for most, but there's usually lot of doubles in there, and

# that needs to be sort'ed and uniq'ed.

echo ./sort-sums.sh $file_CHECK is next

read FAKE

./sort-sums.sh $file_CHECK

# The file with the list of sums taken on

# the files on the mirror (or just downloaded into the mirror) must, after

# sort'ing and uniq'ing, in an ideal world, be completely the same as the file

# with the list of sums grep'ed out from the portage snapshot(s).

ls -l $file $file_CHECK

#cat $file

#cat $file_CHECK

echo diff $file $file_CHECK

read FAKE

diff $file $file_CHECK

# Diff to be 0 is just not usually the case even after all the sort'ing and

# uniq'ing. However, next is investigate are find out about obsure corners if

# any or some less known and uncommon practices with some packages... Next is

# more work, some maybe non-automated work... Don't know yet.

```

sort-sums.sh:

```

#!/bin/bash

#

# sort-sums.sh

#

# generally some FOSS license to be

#

# If I make anything useful out of this script I'll pick some artistic license

# to license it under. No way would I use GPL not even 2 (which I still respect

# for all that was done under it in the past though) because RMS 

# has sided against the users by promoting the spyware SELinux on them (see the

# Emacs page on gnu.org for that).

# Sorry.

# Copyright Miroslav Rovis, www.CroatiaFidelis.hr

# name and website must be included if any derivatives made from this

#

# Arg 1 is the list of some files sums to sort and drop doubles from.

# The sorting is done *not* by the hashes but *by the filenames*

# If you have a file

# some-file.sum

# Then this sript is run as:

# $ ./sort-sums.sh some-file.sum

#

# This function is from Advanced Bash Scripting Guide:

function ask()

{

    echo -n "$@" '[y/n] ' ; read ans

    case "$ans" in

        y*|Y*) return 0 ;;

        *) return 1 ;;

    esac

}

# I sure have it as sole content of ~ukrainian/.bashrc.ask called from

# ~ukrainian/.bashrc but a reader might not have it available. It'll be called

# later in the script.

#

# The 'r' in end of names is for 'reverse' and the 'u' is for 'uniq' ans 's' is

# for 'sorted.

#

ARGS=1

test $# -ne $ARGS && echo \

   "Usage: `basename $0` $ARGS the file to sort and uniq" && \

   exit $E_BADARGS

# this will be needed for renaming at the end

file=$1

file_no_ext=`echo $file|sed 's/.sum//'`

# I like to have lots of backup around, DEL is for very likely not needed,

# JIC is for just in case, a little more likely

mkdir -p DEL/ JIC/

# It needs to be reversed, in the sense that the right becomes left in the

# sums two columns list, because we need to sort these sums by the name and

# not by the value of the sum itself.

cat ${1} | cut -d' ' -f3 > ${1}_Names

cat ${1} | cut -d' ' -f1 > ${1}_Sums

paste ${1}_Names ${1}_Sums | sed 's/\t/  /' | sort -u > ${1}rus

#read FAKE

# If you uncomment the line above (a fake read), you'll see that the lines may

# already reduced for some (or even all) of the doubles in the original

#

# Next we need to reverse and uniq the correctly ordered list (so no sort'ing

# anymore) back to Sums the first column, Names the second column

cat ${1}rus | cut -d' ' -f3 > ${1}rus_Sums

cat ${1}rus | cut -d' ' -f1 > ${1}rus_Names

paste ${1}rus_Sums ${1}rus_Names | sed 's/\t/  /' > ${1}rusru

#read FAKE

# The ${1}rusru does not have the doubles anymore (or just a few in some rare

# cases).

# We need to give it a name to reflect that it's the "real" file to use in some

# next work for which this script is needed.

# (I can't think of anything shorter than just R before the extension)

if [ -e "${file_no_ext}R.sum" ]

   then

   mv -v ${file_no_ext}R.sum JIC/${file_no_ext}.sum_`date +%s`

fi

mv -v ${1}rusru ${file_no_ext}R.sum

#read FAKE 

# and clean the temp files

mv -v ${1}rus ${1}rus_Sums ${1}rus_Names DEL/

#

echo "The sort'ed and uniq'ed $i, named:

   ${file_no_ext}R.sum

   has been created"

#cat ${file_no_ext}R.sum

echo diff $file ${file_no_ext}R.sum

touch the_diff

> the_diff

diff $file ${file_no_ext}R.sum > the_diff

#read FAKE 

if [ -s "./the_diff" ] ;

      then

      echo "The original file and the sort-uniq'ed file differ."

      echo "See the diff?"

      ask ;

      if [ "$?" == 0 ] ; 

         then cat the_diff

      fi

      echo "Overwrite the original file?"

      ask;

      if [ "$?" == 0 ] ; then

         mv -v ${file_no_ext}.sum JIC/${file_no_ext}.sum_`date +%s`

         echo "The original file is in JIC, renamed ${file_no_ext}.sum_`date +%s`"

         mv ${file_no_ext}R.sum $file

      fi

      else echo "Diff is size 0, files are same, no action needed."

fi

```

To se how the two above scripts are used, see

(same topic you're on)

https://forums.gentoo.org/viewtopic-t-1001706.html#7631822

And there's more scripts coming. Remember, slow and of poor health I am... Patience,

Miroslav Rovis

Zagreb, Croatia

www.CroatiaFidelis.hrLast edited by miroR on Sun Oct 12, 2014 3:39 pm; edited 3 times in total

----------

## miroR

With the mirrors and the portage snapshots, tt's different then I thought. I found outthere must be a different mechanism there that I don't see that it is documented, and I still have too hard time reading sources and other higher tech references/pointers/other.

This is what the some-mirror/snapshots/ directory looks like:

```

Oct 11 00:58  Directory        snapshots/deltas>deltas

Oct 04 00:45  bzip2            portage-20141003.tar.bz2  69518Kb

Oct 04 00:55  text/plain       portage-20141003.tar.bz2.gpgsig  819 bytes

Oct 04 00:55  text/plain       portage-20141003.tar.bz2.md5sum  59 bytes

Oct 04 00:55  text/plain       portage-20141003.tar.bz2.umd5sum  55 bytes

Oct 04 00:45  text/plain       portage-20141003.tar.xz  60525Kb

Oct 04 00:55  text/plain       portage-20141003.tar.xz.gpgsig  819 bytes

Oct 04 00:55  text/plain       portage-20141003.tar.xz.md5sum  58 bytes

Oct 04 00:55  text/plain       portage-20141003.tar.xz.umd5sum  55 bytes

Oct 05 00:45  bzip2            portage-20141004.tar.bz2  69556Kb

Oct 05 00:55  text/plain       portage-20141004.tar.bz2.gpgsig  819 bytes

Oct 05 00:55  text/plain       portage-20141004.tar.bz2.md5sum  59 bytes

Oct 05 00:55  text/plain       portage-20141004.tar.bz2.umd5sum  55 bytes

Oct 05 00:45  text/plain       portage-20141004.tar.xz  60542Kb

Oct 05 00:55  text/plain       portage-20141004.tar.xz.gpgsig  819 bytes

Oct 05 00:55  text/plain       portage-20141004.tar.xz.md5sum  58 bytes

Oct 05 00:55  text/plain       portage-20141004.tar.xz.umd5sum  55 bytes

Oct 06 00:45  bzip2            portage-20141005.tar.bz2  69547Kb

Oct 06 00:55  text/plain       portage-20141005.tar.bz2.gpgsig  819 bytes

Oct 06 00:55  text/plain       portage-20141005.tar.bz2.md5sum  59 bytes

Oct 06 00:55  text/plain       portage-20141005.tar.bz2.umd5sum  55 bytes

Oct 06 00:45  text/plain       portage-20141005.tar.xz  60568Kb

Oct 06 00:55  text/plain       portage-20141005.tar.xz.gpgsig  819 bytes

Oct 06 00:55  text/plain       portage-20141005.tar.xz.md5sum  58 bytes

Oct 06 00:55  text/plain       portage-20141005.tar.xz.umd5sum  55 bytes

Oct 07 00:45  bzip2            portage-20141006.tar.bz2  69544Kb

Oct 07 00:55  text/plain       portage-20141006.tar.bz2.gpgsig  819 bytes

Oct 07 00:55  text/plain       portage-20141006.tar.bz2.md5sum  59 bytes

Oct 07 00:55  text/plain       portage-20141006.tar.bz2.umd5sum  55 bytes

Oct 07 00:45  text/plain       portage-20141006.tar.xz  60581Kb

Oct 07 00:55  text/plain       portage-20141006.tar.xz.gpgsig  819 bytes

Oct 07 00:55  text/plain       portage-20141006.tar.xz.md5sum  58 bytes

Oct 07 00:55  text/plain       portage-20141006.tar.xz.umd5sum  55 bytes

Oct 08 00:45  bzip2            portage-20141007.tar.bz2  69609Kb

Oct 08 00:56  text/plain       portage-20141007.tar.bz2.gpgsig  819 bytes

Oct 08 00:56  text/plain       portage-20141007.tar.bz2.md5sum  59 bytes

Oct 08 00:56  text/plain       portage-20141007.tar.bz2.umd5sum  55 bytes

Oct 08 00:45  text/plain       portage-20141007.tar.xz  60608Kb

Oct 08 00:56  text/plain       portage-20141007.tar.xz.gpgsig  819 bytes

Oct 08 00:56  text/plain       portage-20141007.tar.xz.md5sum  58 bytes

Oct 08 00:56  text/plain       portage-20141007.tar.xz.umd5sum  55 bytes

Oct 09 00:45  bzip2            portage-20141008.tar.bz2  69564Kb

Oct 09 00:55  text/plain       portage-20141008.tar.bz2.gpgsig  819 bytes

Oct 09 00:55  text/plain       portage-20141008.tar.bz2.md5sum  59 bytes

Oct 09 00:55  text/plain       portage-20141008.tar.bz2.umd5sum  55 bytes

Oct 09 00:45  text/plain       portage-20141008.tar.xz  60608Kb

Oct 09 00:55  text/plain       portage-20141008.tar.xz.gpgsig  819 bytes

Oct 09 00:55  text/plain       portage-20141008.tar.xz.md5sum  58 bytes

Oct 09 00:55  text/plain       portage-20141008.tar.xz.umd5sum  55 bytes

Oct 10 00:45  bzip2            portage-20141009.tar.bz2  69642Kb

Oct 10 00:55  text/plain       portage-20141009.tar.bz2.gpgsig  819 bytes

Oct 10 00:55  text/plain       portage-20141009.tar.bz2.md5sum  59 bytes

Oct 10 00:55  text/plain       portage-20141009.tar.bz2.umd5sum  55 bytes

Oct 10 00:45  text/plain       portage-20141009.tar.xz  60629Kb

Oct 10 00:55  text/plain       portage-20141009.tar.xz.gpgsig  819 bytes

Oct 10 00:55  text/plain       portage-20141009.tar.xz.md5sum  58 bytes

Oct 10 00:55  text/plain       portage-20141009.tar.xz.umd5sum  55 bytes

Oct 11 00:45  bzip2            portage-20141010.tar.bz2  69689Kb

Oct 11 00:55  text/plain       portage-20141010.tar.bz2.gpgsig  819 bytes

Oct 11 00:55  text/plain       portage-20141010.tar.bz2.md5sum  59 bytes

Oct 11 00:55  text/plain       portage-20141010.tar.bz2.umd5sum  55 bytes

Oct 11 00:45  text/plain       portage-20141010.tar.xz  60647Kb

Oct 11 00:55  text/plain       portage-20141010.tar.xz.gpgsig  819 bytes

Oct 11 00:55  text/plain       portage-20141010.tar.xz.md5sum  58 bytes

Oct 11 00:55  text/plain       portage-20141010.tar.xz.umd5sum  55 bytes

Oct 11 00:58  Symbolic Link    portage-latest.tar.bz2 -> portage-20141010.tar.bz2

Oct 11 00:58  Symbolic Link    portage-latest.tar.bz2.gpgsig -> portage-20141010.tar.bz2.gpgsig

Oct 11 00:58  text/plain       portage-latest.tar.bz2.md5sum  57 bytes

Oct 11 00:58  Symbolic Link    portage-latest.tar.xz -> portage-20141010.tar.xz

Oct 11 00:58  Symbolic Link    portage-latest.tar.xz.gpgsig -> portage-20141010.tar.xz.gpgsig

Oct 11 00:58  text/plain       portage-latest.tar.xz.md5sum  56 bytes

Mar 24  2014  Directory        snapshots/squashfs

```

And in the deltas directory there are probably archives of all the previous portage snapshots, but not each in their entirety but rather the deltas of each one with the previous. And that was not so easy to figure out...

Also, I don't yet know how to use those deltas. I'll ask for help if I don't figure it out on my own.

And the deltas looks like:

```

Jan 15  2014  bzip2            snapshot-20140113-20140114.patch.bz2  613Kb

Jan 15  2014  text/plain       snapshot-20140113-20140114.patch.bz2.md5sum  71 bytes

Jan 16  2014  bzip2            snapshot-20140114-20140115.patch.bz2  322Kb

Jan 16  2014  text/plain       snapshot-20140114-20140115.patch.bz2.md5sum  71 bytes

Jan 17  2014  bzip2            snapshot-20140115-20140116.patch.bz2  231Kb

...[snipped 490 lines ]...

Sep 21 05:04  text/plain       snapshot-20140918-20140919.patch.bz2.md5sum  71 bytes

Sep 21 05:27  bzip2            snapshot-20140919-20140920.patch.bz2  17Kb

Sep 21 05:27  text/plain       snapshot-20140919-20140920.patch.bz2.md5sum  71 bytes

Sep 22 00:57  bzip2            snapshot-20140920-20140921.patch.bz2  79Kb

Sep 22 00:57  text/plain       snapshot-20140920-20140921.patch.bz2.md5sum  71 bytes

Sep 23 00:58  bzip2            snapshot-20140921-20140922.patch.bz2  165Kb

Sep 23 00:58  text/plain       snapshot-20140921-20140922.patch.bz2.md5sum  71 bytes

Sep 24 00:58  bzip2            snapshot-20140922-20140923.patch.bz2  172Kb

Sep 24 00:58  text/plain       snapshot-20140922-20140923.patch.bz2.md5sum  71 bytes

Sep 25 00:57  bzip2            snapshot-20140923-20140924.patch.bz2  106Kb

Sep 25 00:57  text/plain       snapshot-20140923-20140924.patch.bz2.md5sum  71 bytes

Sep 26 01:01  bzip2            snapshot-20140924-20140925.patch.bz2  85Kb

Sep 26 01:01  text/plain       snapshot-20140924-20140925.patch.bz2.md5sum  71 bytes

Sep 27 00:58  bzip2            snapshot-20140925-20140926.patch.bz2  167Kb

Sep 27 00:58  text/plain       snapshot-20140925-20140926.patch.bz2.md5sum  71 bytes

Sep 28 00:58  bzip2            snapshot-20140926-20140927.patch.bz2  130Kb

Sep 28 00:58  text/plain       snapshot-20140926-20140927.patch.bz2.md5sum  71 bytes

Sep 29 00:58  bzip2            snapshot-20140927-20140928.patch.bz2  117Kb

Sep 29 00:58  text/plain       snapshot-20140927-20140928.patch.bz2.md5sum  71 bytes

Sep 30 00:58  bzip2            snapshot-20140928-20140929.patch.bz2  106Kb

Sep 30 00:58  text/plain       snapshot-20140928-20140929.patch.bz2.md5sum  71 bytes

Oct 01 00:58  bzip2            snapshot-20140929-20140930.patch.bz2  140Kb

Oct 01 00:58  text/plain       snapshot-20140929-20140930.patch.bz2.md5sum  71 bytes

Oct 02 00:58  bzip2            snapshot-20140930-20141001.patch.bz2  88Kb

Oct 02 00:58  text/plain       snapshot-20140930-20141001.patch.bz2.md5sum  71 bytes

Oct 03 01:00  bzip2            snapshot-20141001-20141002.patch.bz2  122Kb

Oct 03 01:00  text/plain       snapshot-20141001-20141002.patch.bz2.md5sum  71 bytes

Oct 04 00:58  bzip2            snapshot-20141002-20141003.patch.bz2  67Kb

Oct 04 00:58  text/plain       snapshot-20141002-20141003.patch.bz2.md5sum  71 bytes

Oct 05 00:58  bzip2            snapshot-20141003-20141004.patch.bz2  122Kb

Oct 05 00:58  text/plain       snapshot-20141003-20141004.patch.bz2.md5sum  71 bytes

Oct 06 00:58  bzip2            snapshot-20141004-20141005.patch.bz2  142Kb

Oct 06 00:58  text/plain       snapshot-20141004-20141005.patch.bz2.md5sum  71 bytes

Oct 07 00:58  bzip2            snapshot-20141005-20141006.patch.bz2  122Kb

Oct 07 00:58  text/plain       snapshot-20141005-20141006.patch.bz2.md5sum  71 bytes

Oct 08 00:58  bzip2            snapshot-20141006-20141007.patch.bz2  114Kb

Oct 08 00:58  text/plain       snapshot-20141006-20141007.patch.bz2.md5sum  71 bytes

Oct 09 00:58  bzip2            snapshot-20141007-20141008.patch.bz2  128Kb

Oct 09 00:58  text/plain       snapshot-20141007-20141008.patch.bz2.md5sum  71 bytes

Oct 10 00:58  bzip2            snapshot-20141008-20141009.patch.bz2  196Kb

Oct 10 00:58  text/plain       snapshot-20141008-20141009.patch.bz2.md5sum  71 bytes

Oct 11 00:58  bzip2            snapshot-20141009-20141010.patch.bz2  329Kb

Oct 11 00:58  text/plain       snapshot-20141009-20141010.patch.bz2.md5sum  71 bytes

```

I don't yet know how or what I can do with these. Or if this is sufficient... Because there is also the squashfs directory there.

It looks like this:

```

Mar 22  2014  text/plain       gentoo-20140322.sqfs  103816Kb

Mar 22  2014  text/plain       gentoo-20140322.sqfs.gpgsig  860 bytes

Mar 24  2014  text/plain       gentoo-20140323-20140324.sqdelta 121Kb

Mar 24  2014  text/plain       gentoo-20140323-20140324.sqdelta.gpgsig  860 bytes

Mar 24  2014  text/plain       gentoo-20140323.sqfs.gpgsig  860 bytes

Mar 24  2014  text/plain       gentoo-20140324.sqfs  103820Kb

Mar 24  2014  text/plain       gentoo-20140324.sqfs.gpgsig  860 bytes

```

and I need to figure out how to use that information.

EDIT Just found:

TIP: Compressing portage tree using squashfs

https://forums.gentoo.org/viewtopic-t-401647.html

EDIT START Sun 18 Jan 22:16:36 CET 2015

And the, if I remember well at this time (only glancing back here today):

TIP: Compressing portage using squashfs: initscript method

https://forums.gentoo.org/viewtopic-t-465367.html

EDIT ENDLast edited by miroR on Sun Jan 18, 2015 9:18 pm; edited 1 time in total

----------

## miroR

I've been working/doing my researching in two main directions in this topic.  I'll go for the scripts to verify just the very newest rsync-downloads into my mirror. The squashfs and deltas, which must wait yet, is the other directions.  Eventually it all is needed for mirror verification.

To use the script given, I need to prepare the list of checksums for the the new downloaded files.

From some of the public mirrors, the command:

```

rsync -av --delete rsync://some-mirror/gentoo/distfiles/ distfiles/ 2>&1 | \

   tee rsync_some-mirror-av-delete_`date +%y%m%d_%H%M`.log

```

saved for me in the file:

rsync_some-mirror-av-delete_141011_1144.log

all that it did:

```

...[snip the logo of the public mirror and intros]...

deleting youtube-dl-2014.09.16.tar.gz

deleting youtube-dl-2014.09.16.1.tar.gz

deleting youtube-dl-2014.09.15.1.tar.gz

deleting xmlstarlet-1.4.0.tar.gz

...[snipped 280 lines]...

deleting Fabric-1.4.0.tar.gz

deleting Fabric-1.2.2.tar.gz

deleting Fabric-1.1.1.tar.gz

deleting Django-1.6.6.tar.gz

deleting Django-1.5.9.tar.gz

deleting Django-1.4.14.tar.gz

deleting BackupPC-3.2.1.tar.gz

deleting BackupPC-2.1.2.tar.gz

deleting 02-fix-config.pl-formatting.patch

./

CGI-FormBuilder-3.09.tgz

CGI.pm-3.65.tar.gz

Devel-NYTProf-5.06.tar.gz

FileZilla_3.9.0.5_src.tar.bz2

Fiona-1.1.6.tar.gz

Fiona-1.4.1.tar.gz

Geo-IP-1.45.tar.gz

Glances-2.1.1.tar.gz

ImageMagick-6.8.9-8.tar.xz

Joomla_3.3.6-Stable-Full_Package.zip

Markdown-2.5.1.tar.gz

Net-IDN-Encode-2.201.tar.gz

Net-IPv4Addr-0.10.tar.gz

Net_CheckIP-1.2.2.tgz

Numdifftools-0.6.0.zip

OOoFBTools-2.30.zip

OpenSceneGraph-3.2.1.zip

PyGithub-1.25.2.tar.gz

Spreadsheet_Excel_Writer-0.9.3.tgz

Test-Warnings-0.016.tar.gz

Unicode-Normalize-1.18.tar.gz

XML-Entities-1.0001.tar.gz

ZendFramework-1.12.9-apidoc.tar.gz

ZendFramework-1.12.9-manual-en.tar.gz

ZendFramework-1.12.9-minimal.tar.gz

ZendFramework-1.12.9.tar.gz

abcMIDI-2014-09-28.zip

analysis2.4.1.tar.gz

ansifilter-1.10.tar.bz2

apt-cacher-ng_0.8.0~rc4.orig.tar.xz

apulse-0.1.1.tar.gz

aufs-headers-3.16_p20141006.tar.xz

aufs-sources-3.10.x_p20141006.tar.xz

aufs-sources-3.12.x_p20141006.tar.xz

aufs-sources-3.14_p20141006.tar.xz

aufs-sources-3.16_p20141006.tar.xz

aufs-util-3.16_p20141006.tar.xz

aufs3-standalone-3_p20141006.tar.xz

autogen-5.18.4.tar.xz

autossh-1.4d.tgz

bash31-023

bash32-057

bash40-044

bash41-017

bash42-053

bash43-030

bfg-1.11.8.jar

bfgminer-4.7.2.tar.xz

bfgminer-4.9.0.tar.xz

biplist-0.8.tar.gz

bitlbee-3.2.2.tar.gz

btrfs-progs-v3.16.2.tar.xz

byacc-20141006.tgz

c++-gtk-utils-2.2.9.tar.gz

checkpolicy-2.4-rc4.tar.gz

childprocess-0.5.5.gem

chirp-0.4.1.tar.gz

chromium-38.0.2125.101.tar.xz

chromium-39.0.2171.13-lite.tar.xz

clint-0.3.1.tar.gz

clint-0.3.7.tar.gz

commander-4.2.1.gem

compass-1.0.1.gem

compass-core-1.0.1.gem

compass-import-once-1.0.5.gem

cppcheck-1.66.tar.bz2

cracklib-2.9.2.tar.gz

crmsh-2.1.0.tar.gz

cryptography_vectors-0.6.tar.gz

ddrescue-1.19.tar.lz

debhelper_9.20141003.tar.gz

deblob-3.17

dhcpcd-6.5.0.tar.bz2

dialog-1.2-20140911.tgz

django-auth-ldap-1.2.2.tar.gz

dnsmasq-2.72.tar.xz

dnsruby-1.55.gem

dokuwiki-2014-05-05b.tgz

dokuwiki-2014-09-29.tgz

dos2unix-7.1.tar.gz

dpkg_1.17.15.tar.xz

dpkg_1.17.16.tar.xz

easytag-2.2.4.tar.xz

efl-1.11.2.tar.bz2

elementary-1.11.2.tar.bz2

eric4-4.5.25.tar.gz

eric4-i18n-cs-4.5.25.tar.gz

eric4-i18n-de-4.5.25.tar.gz

eric4-i18n-en-4.5.25.tar.gz

eric4-i18n-es-4.5.25.tar.gz

eric4-i18n-fr-4.5.25.tar.gz

eric4-i18n-it-4.5.25.tar.gz

eric4-i18n-ru-4.5.25.tar.gz

eric4-i18n-tr-4.5.25.tar.gz

eric4-i18n-zh_CN.GB2312-4.5.25.tar.gz

eric5-5.4.7.tar.gz

eric5-i18n-cs-5.4.7.tar.gz

eric5-i18n-de-5.4.7.tar.gz

eric5-i18n-en-5.4.7.tar.gz

eric5-i18n-es-5.4.7.tar.gz

eric5-i18n-fr-5.4.7.tar.gz

eric5-i18n-it-5.4.7.tar.gz

eric5-i18n-ru-5.4.7.tar.gz

eric5-i18n-tr-5.4.7.tar.gz

eric5-i18n-zh_CN.GB2312-5.4.7.tar.gz

espresso++-1.9.2.tar.bz2

ethtool-3.16.tar.xz

fakeroot_1.20.2.orig.tar.bz2

fff9217fb1acda132702730b66b10981ea9d4cac.tar.gz

ffi-git-1.9.6.tgz

ffmpeg-1.2.9.tar.bz2

ffmpeg-2.2.8.tar.bz2

ffmpeg-2.2.9.tar.bz2

ffmpeg-2.3.4.tar.bz2

ffmpeg-2.4.1.tar.bz2

ffmpeg-2.4.2.tar.bz2

file-5.20.tar.gz

flickcurl-1.26.tar.gz

freeciv-2.4.3.tar.bz2

gajim-0.16.tar.bz2

geary-0.8.1.tar.xz

genpatches-3.10-63.base.tar.xz

genpatches-3.10-63.experimental.tar.xz

genpatches-3.10-63.extras.tar.xz

genpatches-3.10-64.base.tar.xz

genpatches-3.10-64.experimental.tar.xz

genpatches-3.10-64.extras.tar.xz

genpatches-3.12-32.base.tar.xz

genpatches-3.12-32.experimental.tar.xz

genpatches-3.12-32.extras.tar.xz

genpatches-3.14-24.base.tar.xz

genpatches-3.14-24.experimental.tar.xz

genpatches-3.14-24.extras.tar.xz

genpatches-3.14-25.base.tar.xz

genpatches-3.14-25.experimental.tar.xz

genpatches-3.14-25.extras.tar.xz

genpatches-3.16-5.base.tar.xz

genpatches-3.16-5.experimental.tar.xz

genpatches-3.16-5.extras.tar.xz

genpatches-3.16-6.base.tar.xz

genpatches-3.16-6.experimental.tar.xz

genpatches-3.16-6.extras.tar.xz

genpatches-3.16-7.base.tar.xz

genpatches-3.16-7.experimental.tar.xz

genpatches-3.16-7.extras.tar.xz

genpatches-3.17-1.base.tar.xz

genpatches-3.17-1.experimental.tar.xz

genpatches-3.17-1.extras.tar.xz

geoclue-2.1.10.tar.xz

ghostscript-9.15.tar.bz2

git-annex-5.20140927.tar.gz

glossaries-4.11.zip

glusterfs-3.5.2.tar.gz

gnome-integration-spotify-20140907.tar.gz

gnupg-2.1.0-beta864.tar.bz2

go1.3.3.src.tar.gz

gpac-0.5.1_pre5456.tar.xz

graph-tool-2.2.35.tar.bz2

haproxy-1.5.5.tar.gz

hardened-patches-3.14.20-1.extras.tar.bz2

hardened-patches-3.14.20-2.extras.tar.bz2

hardened-patches-3.16.4-1.extras.tar.bz2

hardened-patches-3.16.4-2.extras.tar.bz2

hardened-patches-3.2.63-4.extras.tar.bz2

help2man-1.46.4.tar.xz

hiawatha-9.8.tar.gz

hjsmin-0.1.4.7.tar.gz

hoe-3.13.0.gem

hostapd-2.3.tar.gz

hugin-2014.0.0.tar.bz2

hwids-20141010.tar.gz

icedtea-2.4-corba-58b31c5bf14e.tar.gz

icedtea-2.4-hotspot-6f93cec20d27.tar.gz

icedtea-2.4-jaxp-95d394340fda.tar.gz

icedtea-2.4-jaxws-bce4362b2996.tar.gz

icedtea-2.4-jdk-22d79652f370.tar.gz

icedtea-2.4-langtools-43cdaf529543.tar.gz

icedtea-2.4-openjdk-2b38d8f0e43f.tar.gz

icedtea-2.4.8.tar.xz

icedtea6-1.13.4.tar.xz

ikiwiki_3.20140916.tar.gz

iperf-3.0.8.tar.gz

jansson-2.7.tar.gz

jsonpatch-1.8.tar.gz

jsonpickle-0.8.0.tar.gz

kanyremote-6.3.4.tar.gz

kcm-touchpad-1.1.tar.gz

kio-mtp-0.75_p20131020.tar.gz

kramdown-1.4.2.gem

krop-0.4.6.tar.gz

laptop-mode-tools_1.66.tar.gz

lcdf-typetools-2.104.tar.gz

lensfun-0.3.0.tar.bz2

less-470.tar.gz

lftp-4.5.5.20141003.tar.gz

libassuan-2.1.2.tar.bz2

libgaminggear-0.5.0.tar.bz2

libksba-1.3.1.tar.bz2

liblastfm-1.0.9.tar.gz

libmicrohttpd-0.9.38.tar.gz

libntlm-1.4.tar.gz

liboping-1.7.0.tar.bz2

libsbsms-2.0.2.tar.gz

libselinux-2.4-rc4.tar.gz

libsemanage-2.4-rc4.tar.gz

libsepol-2.4-rc4.tar.gz

libsolv-0.6.6.tar.gz

libzypp-14.29.4.tar.gz

linux-3.17.tar.xz

lldpd-0.7.11.tar.gz

make-4.1.tar.bz2

man-pages-3.74.tar.xz

mariadb-5.5.40.tar.gz

markdown2-2.3.0.zip

mawk-1.3.4-20140914.tgz

meld-3.12.0.tar.xz

mg-20141007.tar.gz

mime-types-2.4.1.gem

mime-types-2.4.gem

minfx-1.0.11.tar.gz

minitest-5.4.2.gem

mixlib-shellout-1.6.0.tar.gz

mksh-R50d.tgz

moc-2.6-alpha1.tar.xz

moreutils_0.52.tar.gz

mpv-0.6.0.tar.gz

multipledispatch-0.4.7.tar.gz

mysql-extras-20141009-1450Z.tar.bz2

ncmpcpp-0.6_beta5.tar.bz2

netlib-0.10.1.tar.gz

networkx-1.9.1.tar.gz

npth-1.0.tar.bz2

numactl-2.0.10.tar.gz

obs-build-20140918.tar.gz

openclonk-5.5.1-src.tar.bz2

opengl-0.9.1.gem

openjdk-6-src-b32-15_jul_2014.tar.xz

opera-beta_25.0.1614.35_amd64.deb

opera-developer_26.0.1646.0_amd64.deb

optparse-applicative-0.9.1.1.tar.gz

osgearth-2.6.tar.gz

p11-kit-0.22.0.tar.gz

paludis-2.2.0.tar.bz2

pam_yubico-2.17.tar.gz

parcellite-1.1.9.tar.gz

parse-1.6.4.tar.gz

parser-2.2.0.pre.5.gem

passenger-4.0.53.tar.gz

patch-3.10.56.xz

patch-3.10.57.xz

patch-3.12.30.xz

patch-3.14.20.xz

patch-3.14.21.xz

patch-3.16.4.xz

patch-3.16.5.xz

phing-2.8.2.phar

phpDocumentor-2.7.0.tgz

phpunit-4.3.1.phar

pianobar-2014.09.28.tar.bz2

pinentry-0.8.4.tar.bz2

policycoreutils-2.4-rc4.tar.gz

poppler-0.26.5.tar.xz

postfix-2.12-20141006.tar.gz

postgresql-9.4beta3.tar.bz2

prawn-1.3.0.tar.gz

prawn-table-0.2.0.gem

procenv-0.36.tar.gz

protobuf-c-1.0.2.tar.gz

py3status-1.6.tar.gz

pyparted-3.10.0.tar.gz

python-nbxmpp-0.5.1.tar.gz

pytools-2014.3.1.tar.gz

radvd-2.8.tar.gz

rawdog-2.20.tar.gz

razercfg-0.30.tar.bz2

redis-2.8.17.tar.gz

redoflacs-0.30.tar.gz

relax-3.3.1.src.tar.bz2

renpy-6.18.2-source.tar.bz2

robotframework-2.8.6.tar.gz

robotframework-sshlibrary-2.1.1.tar.gz

roccat-tools-2.2.0.tar.bz2

rofi-0.14.9.tar.xz

roundcubemail-1.0.3.tar.gz

rrdtool-1.4.9.tar.gz

ruby2ruby-2.1.3.gem

s3ql-2.11.1.tar.bz2

salt-2014.1.11.tar.gz

salt-2014.1.12.tar.gz

scala-2.10.3-maven-deps-2.tar.gz

scala-2.10.4-maven-deps.tar.gz

scala-2.11.1-maven-deps.tar.gz

scala-2.11.2-annotations.jar

scala-2.11.2-ant-contrib.jar

scala-2.11.2-ant-dotnet-1.0.jar

scala-2.11.2-ant.jar

scala-2.11.2-code.jar

scala-2.11.2-enums.jar

scala-2.11.2-forkjoin.jar

scala-2.11.2-genericNest.jar

scala-2.11.2-gentoo-binary.tar.bz2

scala-2.11.2-instrumented.jar

scala-2.11.2-jsoup-1.3.1.jar

scala-2.11.2-jsr166_and_extra.jar

scala-2.11.2-macro210.jar

scala-2.11.2-maven-ant-tasks-2.1.1.jar

scala-2.11.2-maven-deps.tar.gz

scala-2.11.2-methvsfield.jar

scala-2.11.2-nest.jar

scala-2.11.2-push.jar

scala-2.11.2-vizant.jar

scala-2.11.2.tar.gz

seamonkey-2.29.1-be.xpi

seamonkey-2.29.1-ca.xpi

seamonkey-2.29.1-cs.xpi

seamonkey-2.29.1-de.xpi

seamonkey-2.29.1-en-GB.xpi

seamonkey-2.29.1-es-AR.xpi

seamonkey-2.29.1-es-ES.xpi

seamonkey-2.29.1-fi.xpi

seamonkey-2.29.1-fr.xpi

seamonkey-2.29.1-gl.xpi

seamonkey-2.29.1-hu.xpi

seamonkey-2.29.1-it.xpi

seamonkey-2.29.1-ja.xpi

seamonkey-2.29.1-lt.xpi

seamonkey-2.29.1-nb-NO.xpi

seamonkey-2.29.1-nl.xpi

seamonkey-2.29.1-pl.xpi

seamonkey-2.29.1-pt-PT.xpi

seamonkey-2.29.1-ru.xpi

seamonkey-2.29.1-sk.xpi

seamonkey-2.29.1-sv-SE.xpi

seamonkey-2.29.1-tr.xpi

seamonkey-2.29.1-uk.xpi

seamonkey-2.29.1-zh-CN.xpi

seamonkey-2.29.1-zh-TW.xpi

seamonkey-2.29.1.source.tar.bz2

sepolgen-1.2.2-rc4.tar.gz

signing-party_1.1.9.orig.tar.gz

simple_oauth-0.3.0.gem

simplejson-3.6.4.tar.gz

sleekxmpp-1.3.1.tar.gz

spatialindex-src-1.8.4.tar.bz2

sudo-1.8.11p1.tar.gz

suhosin-0.9.36.tgz

sxhkd-0.5.4.tar.gz

synergy-1.5.1-r2398-Source.tar.gz

sysklogd-1.5.1.tar.gz

t-prot-3.3.tar.gz

tcpdf_6_0_096.zip

tcpreplay-4.0.5.tar.gz

texlive-20140523-source.tar.xz

texlive-module-kpathsea-2014.tar.xz

texlive-module-kpathsea.doc-2014.tar.xz

thin-1.6.3.tar.gz

timestamp.dev-local

timestamp.mirmon

tintii-2.9.0.tar.gz

tinyxml2-2.2.0.tar.gz

tkispell-0.18.tar.gz

tnef-1.4.12.tar.gz

toybox-0.5.0.tar.bz2

ttfunk-1.4.0.tar.gz

umockdev-0.8.8.tar.xz

urlwatch-1.17.tar.gz

uwsgi-2.0.7.tar.gz

varnish-4.0.2.tar.gz

vdr-dvdswitch-0.2.2.tgz

vimb-2.7.tar.gz

webkitgtk-2.2.6a.tar.xz

webkitgtk-2.4.4a.tar.xz

webkitgtk-2.4.6.tar.xz

webmock-1.19.0.gem

wine-1.7.22.tar.bz2

wine-1.7.28.tar.bz2

wine-compholio-1.7.22.tar.gz

wine-compholio-1.7.28.tar.gz

wireless-regdb-2014.10.06.tar.xz

wireshark-1.99.0.tar.bz2

wpa_supplicant-2.3.tar.gz

wxPython-demo-3.0.1.1.tar.bz2

wxPython-docs-3.0.1.1.tar.bz2

wxPython-src-3.0.1.1.tar.bz2

x2goserver-4.0.1.17.tar.gz

x2goserver-4.0.1.18.tar.gz

xautomation-1.09.tar.gz

xen-4.2.5-upstream-patches-0.tar.xz

xen-4.3.3-upstream-patches-0.tar.xz

xen-4.4.1-upstream-patches-1.tar.xz

xmlsec1-1.2.20.tar.gz

ykclient-2.13.tar.gz

ykpers-1.16.0.tar.gz

yodl_3.04.00.orig.tar.gz

yoshimi-1.2.4.tar.bz2

youtube-dl-2014.10.05.2.tar.gz

yubikey-personalization-gui-3.1.16.tar.gz

zim-0.62.tar.gz

zopfli-1.0.0_p20141006.tar.gz

zsh-5.0.7-doc.tar.bz2

zsh-5.0.7.tar.bz2

zypper-1.11.14.tar.gz

sent 7,817 bytes  received 2,342,280,696 bytes  503,014.82 bytes/sec

total size is 190,878,605,259  speedup is 81.49

```

And I want to do something that new air-gappers, who want to check their private mirror can see for themselves how well I have figured it out or not. I have, can't grow tired of repeating it, no doubt whatsoever that a more capable Gentooer possibly can do this kind of verification in a breeze with some of the scripts already there in /usr/lib/portage or the like, and sure it would be great if somebody teach us to do better, but I only see, at this time, how to do this verification in this my own primitive way.

So what I want to do, is take just those new downloads out of the list above, calculate sums (SHA256) on them, take the latest portage-snapshot that I also rsync downloaded (as can be seen in the previous post of this topic it was portage-20141010 the latest from that particular mirror, and every single sum must be findable in that new portage snapshots, as least I reckon it should, (in which case, and only in which case I can proceed to update my system, given that the all the previously downloaded files have been checked in this way), else I'll have to figure out why they don't match or whatever else that might be the case.

So I take the above rsync log

```

grep -A2000 CGI-FormBuilder-3.09.tgz rsync_some-mirror-av-delete_141011_1144.log \

   | grep -B2000 zypper-1.11.14.tar.gz > new-mirror-files.ls-1 

```

I moved just those new files in a separate directory, moved into it and ran:

```

$ for i in `cat some-where/new-mirror-files.ls-1` ; do sha256sum $i >> \

   some-where-else/new-mirror-files.sum ; done ;

$ cd some-where-else

$ ./check-mirror-sums-grep.sh new-mirror-files.sum

```

I think I have to keep the script right there where I posted the first tentative, else there'll be too much repeating if I post them everytime I (possibly) change them.

Most of the files verify fine. Some are left, and it's these:

```

$ ls -l new-mirror-files.sum.ORIG new-mirror-files_CHECK_1413124216.sum

-rw-r--r-- 1 miro miro 39291 2014-10-12 16:30 new-mirror-files_CHECK_1413124216.sum

-rw-r--r-- 1 miro miro 36737 2014-10-12 04:02 new-mirror-files.sum.ORIG

```

I gave the new-mirror-files.sum.ORIG file above because that is what I backed up the original new-mirror-files.sum into. The script overwrites it with a sorted file (--by calling the sort-sums.sh script-- the original is sorted the rsync way, which is not the same as bash's sorting order).

That's less than 7% of all the files left unverified.

And the diff btwn the two sorted files (the other is the new-mirror-files_CHECK_1413124216.sum that the script sorted), the unverified 7%:

```

$ diff new-mirror-files.sum  new-mirror-files_CHECK_1413124216.sum

2a3

> f2d057a006bba4253d069795284a7610f1c837af6a80c0057736099962e24bcc  annotations.jar

3a5,7

> be33a69818310b5c55e41dc11d48cd895f5f129da4b0d28c2f4c6c3e1cbcf3fc  ant-contrib.jar

> 40c18fcfb8c28e4ee82e53f72a3257db43bcba01e16ebd5a4550fc419edf30c1  ant-dotnet-1.0.jar

> 0251dbb938740ace07a53675113eee753ba389db65aebc814b175af50321620e  ant.jar

37a42

> 4a03a08954e6b912a469b5e0db898247ea3ebc25b641f328e80f19163a0d908a  code.jar

51d55

< d054766fba3dac828851f1c9852e5992eb824fd0a0dd26d87ee517242027bafc  dialog-1.2-20140911.tgz

54d57

< 5c80d3885a4dc793775cf99a8e2ec93dfc0dc2d8552a8d712f135d0ffe96a4ee  dnsruby-1.55.gem

58d60

< aa564dd60b5d9ac5ee15ffe8c7786daeb798de2eea9b9bf2228317938771eebb  dpkg_1.17.15.tar.xz

62a65

> 95c53606c7113333ef95b4efbd3ae08af715ca49f71845a5d33150e6b7e9a072  enums.jar

98a102

> 4007ca649f037ed5ecc87c74529f499b75ed1a0f3f78e8f82cd97a71f5d2d5c7  forkjoin.jar

101a106

> c2c23341eec9fb379b57d7bf1156fedb3e2b9f97d2d5729fbfc7d766fd390faa  genericNest.jar

117,119d121

< 7013f6d4e37b7862d412399647b1f9814098321fdbadd6359b148ac2edac2e47  genpatches-3.16-5.base.tar.xz

< 67bac7645788d5f56e9243349d0ccf50ef249e0cd8acfdbdf37ad691435aaa89  genpatches-3.16-5.experimental.tar.xz

< 4c4fc3529ca4e195e610e7d90e441d94c84b4fc8f7092eaa9a54cf7390a50aec  genpatches-3.16-5.extras.tar.xz

142d143

< 244537da62218b8b69a14fd560b63584aed1fa6b50651019d2bba36ba8fca0b0  hardened-patches-3.14.20-1.extras.tar.bz2

144d144

< 78a5c8f4f3c04b70cdb8976370c8089a43bedec8c96d3b07be9614d5d4d24412  hardened-patches-3.16.4-1.extras.tar.bz2

164a165

> 8a424c8bd5805ec429a9477cbd0f44bf65a2b79b720d438bfd347dba8da06484  instrumented.jar

169a171

> e33a59e291bae8dbd2b37c6a4d5eae459a313db3a588f42c59ac5fd8edf6e13b  jsr166_and_extra.jar

171d172

< 48faca2ab3f5e77fcfa44ff777d002f1b02393c139032884fdcb9181c5a9dff2  kcm-touchpad-1.1.tar.gz

199a201

> b8891b4a90aca2793ad385ab57216f51c4879c6ab7e927354f407b46510cab51  maven-ant-tasks-2.1.1.jar

201a204

> 730b33d098319d969760f2250dc6924c9f85f94a8a2eb2b2a025dcf05378d9c6  methvsfield.jar

214a218

> 3c7cf1a1b9fe9ad2abf3bfcedaa17a976c72f4bccb0e0c7dbcf7ecf27bc20aa5  nest.jar

216d219

< 1045df339283008974890d6f3db35b9a140b8d09e5182828c2b1cd8ca92ae22f  Net-IDN-Encode-2.201.tar.gz

240d242

< 7cd2b165938be773d24a8da32b506150246db643b77131b7e088105270e54f48  patch-3.10.56.xz

243d244

< b01ba521cce12d3b9e8c25807567837dd88878b861f27c453c29cee80b6cb84b  patch-3.14.20.xz

245d245

< bfd65be726f596c0e46f472efa33c46c01be5d44ed93ef645c313a6823e6e6fb  patch-3.16.4.xz

259a260

> 58eb2b8c501bbff0e78074a058e3fc160012a80952c1cc96ed301d8a08d7e98d  push.jar

266d266

< 0a63b26cc111b0deca441f498177b49be0330760c5c0e24584cdb9ba1e7fd5a6  rawdog-2.20.tar.gz

282a283,293

> f2d057a006bba4253d069795284a7610f1c837af6a80c0057736099962e24bcc  scala-2.10.4-annotations.jar

> be33a69818310b5c55e41dc11d48cd895f5f129da4b0d28c2f4c6c3e1cbcf3fc  scala-2.10.4-ant-contrib.jar

> 40c18fcfb8c28e4ee82e53f72a3257db43bcba01e16ebd5a4550fc419edf30c1  scala-2.10.4-ant-dotnet-1.0.jar

> 0251dbb938740ace07a53675113eee753ba389db65aebc814b175af50321620e  scala-2.10.4-ant.jar

> 4a03a08954e6b912a469b5e0db898247ea3ebc25b641f328e80f19163a0d908a  scala-2.10.4-code.jar

> 95c53606c7113333ef95b4efbd3ae08af715ca49f71845a5d33150e6b7e9a072  scala-2.10.4-enums.jar

> 4007ca649f037ed5ecc87c74529f499b75ed1a0f3f78e8f82cd97a71f5d2d5c7  scala-2.10.4-forkjoin.jar

> c2c23341eec9fb379b57d7bf1156fedb3e2b9f97d2d5729fbfc7d766fd390faa  scala-2.10.4-genericNest.jar

> 8a424c8bd5805ec429a9477cbd0f44bf65a2b79b720d438bfd347dba8da06484  scala-2.10.4-instrumented.jar

> e33a59e291bae8dbd2b37c6a4d5eae459a313db3a588f42c59ac5fd8edf6e13b  scala-2.10.4-jsr166_and_extra.jar

> b8891b4a90aca2793ad385ab57216f51c4879c6ab7e927354f407b46510cab51  scala-2.10.4-maven-ant-tasks-2.1.1.jar

283a295,311

> 730b33d098319d969760f2250dc6924c9f85f94a8a2eb2b2a025dcf05378d9c6  scala-2.10.4-methvsfield.jar

> 3c7cf1a1b9fe9ad2abf3bfcedaa17a976c72f4bccb0e0c7dbcf7ecf27bc20aa5  scala-2.10.4-nest.jar

> 58eb2b8c501bbff0e78074a058e3fc160012a80952c1cc96ed301d8a08d7e98d  scala-2.10.4-push.jar

> a54e19093725d0d085544553246e48607c1e6ab65575ae0ff721b788118461d6  scala-2.10.4-vizant.jar

> f2d057a006bba4253d069795284a7610f1c837af6a80c0057736099962e24bcc  scala-2.11.1-annotations.jar

> be33a69818310b5c55e41dc11d48cd895f5f129da4b0d28c2f4c6c3e1cbcf3fc  scala-2.11.1-ant-contrib.jar

> 40c18fcfb8c28e4ee82e53f72a3257db43bcba01e16ebd5a4550fc419edf30c1  scala-2.11.1-ant-dotnet-1.0.jar

> 0251dbb938740ace07a53675113eee753ba389db65aebc814b175af50321620e  scala-2.11.1-ant.jar

> 4a03a08954e6b912a469b5e0db898247ea3ebc25b641f328e80f19163a0d908a  scala-2.11.1-code.jar

> 95c53606c7113333ef95b4efbd3ae08af715ca49f71845a5d33150e6b7e9a072  scala-2.11.1-enums.jar

> 4007ca649f037ed5ecc87c74529f499b75ed1a0f3f78e8f82cd97a71f5d2d5c7  scala-2.11.1-forkjoin.jar

> c2c23341eec9fb379b57d7bf1156fedb3e2b9f97d2d5729fbfc7d766fd390faa  scala-2.11.1-genericNest.jar

> 8a424c8bd5805ec429a9477cbd0f44bf65a2b79b720d438bfd347dba8da06484  scala-2.11.1-instrumented.jar

> 5695a4351412dbb21cfc9f09a31d66df5da94bd9bf2777325ff22916bbb32cb0  scala-2.11.1-jsoup-1.3.1.jar

> e33a59e291bae8dbd2b37c6a4d5eae459a313db3a588f42c59ac5fd8edf6e13b  scala-2.11.1-jsr166_and_extra.jar

> c0796c2defec3dcf2f786945fbdced0448a958bb68eaef71efcf5c14184f28ff  scala-2.11.1-macro210.jar

> b8891b4a90aca2793ad385ab57216f51c4879c6ab7e927354f407b46510cab51  scala-2.11.1-maven-ant-tasks-2.1.1.jar

284a313,316

> 730b33d098319d969760f2250dc6924c9f85f94a8a2eb2b2a025dcf05378d9c6  scala-2.11.1-methvsfield.jar

> 3c7cf1a1b9fe9ad2abf3bfcedaa17a976c72f4bccb0e0c7dbcf7ecf27bc20aa5  scala-2.11.1-nest.jar

> 58eb2b8c501bbff0e78074a058e3fc160012a80952c1cc96ed301d8a08d7e98d  scala-2.11.1-push.jar

> a54e19093725d0d085544553246e48607c1e6ab65575ae0ff721b788118461d6  scala-2.11.1-vizant.jar

350,351d381

< 16ae016af4508e381901c9e04cc0a090146326515b08d887b4a7238048baaa4d  timestamp.dev-local

< e3c6a8f2d8d42a10be7d8749b79f76af8242636c637890733d733144159aa557  timestamp.mirmon

354d383

< 45c3cc1fd08af220ca0b841293a2f0eb46d5050e369447583cc63f76211a6bc1  tkispell-0.18.tar.gz

360d388

< c3058b55f77f648af9f3557f6e66d328ced8e0e211a7d633ff97c21e94da6874  Unicode-Normalize-1.18.tar.gz

365a394

> a54e19093725d0d085544553246e48607c1e6ab65575ae0ff721b788118461d6  vizant.jar

```

Very probably a lot of thoese would be found in previous or next portage snapshots... Some might doubles (I have seen files having new version names but same hashes... or other.

So some of the work that I intend to do every time I sync my local mirror is done. It's pretty complex actually, and not just for those files that don't verify, and which I have to investigate every time, but also because every single day brings new files into the public mirrors, and so this work is multiplied by 30 a month, although sure there must be ways to automate it all...

However, to be owned (and I was, see Grsecurity Forums), to any extent, is not an alternative. Therefore the need for this verification.

Miroslav Rovis

Zagreb, Croatia

www.CroatiaFidelis.hr

----------

## miroR

I will be regularly always fetching-and-verifying first with --fetchonly, up until I find or devise a way to verify the entire local mirror.

Have a look. Portage is very talkative it you learn to know it, and finds the wrong package in a multitude.

Let me single it out beforehand for you:

 *Portage wrote:*   

> >>> Fetching (78 of 78) net-misc/openssh-6.6.1_p1-r4::gentoo
> 
>  * openssh-6.6p1.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]
> 
> >>> Downloading 'http://192.168.3.2/gentoo/distfiles/openssh-6.6.1p1-hpnssh14v5.diff.xz'
> ...

 

---

(I updated my mirror these days, and want to update my Gentoo machine.)

First the command, then the output (which is, BTW, permanently saved, which wouldn't get saved, not in this fashion, or at least not that I know of to be this useable for straight insight and checking at any time during the install, or whenever later on you might want to look the details of it. What I am saying is, emerge-fetch.log e.g., gets overwritten by default on every new fetch, and don't know where else to look that tells me, and saves for me, this much.

The only drawback of this script is, it's not in the system. I'm sure it can be attached in /etc/portage/bashrc somehow, and that would be best really.

So, first the command, than the output (which is also saved simultaneosly in the log). Pls. notice the important detail, the "-f" option for "--fetchonly". It is called that, but it really should be called "--fetch-and-verify" if it weren't too long.

```

# emerge -avtuDNf world 2>&1 | tee /some-where/emerge-avtuDNf_world_`date +%s`

```

```

These are the packages that would be fetched, in order:

Calculating dependencies  .. ....... done!

[nomerge       ] virtual/ssh-0  USE="-minimal" 

[ebuild     U  ]  net-misc/openssh-6.6.1_p1-r4 [6.6.1_p1-r3] USE="X bindist hpn tcpd -X509 -kerberos -ldap -ldns -libedit -pam (-selinux) -skey -static" 21 KiB

[ebuild     U  ] media-video/mkvtoolnix-7.3.0 [7.2.0] USE="-debug (-pch) (-qt5) -wxwidgets" 0 KiB

[ebuild     U  ] www-client/firefox-33.0 [32.0] USE="gstreamer hardened minimal system-libvpx%* -bindist -custom-cflags -custom-optimization -dbus -debug -jit (-pgo) -pulseaudio (-selinux) -startup-notification -system-cairo -system-icu -system-jpeg -system-sqlite {-test} -wifi" LINGUAS="-af -ar -as -ast -be -bg -bn_BD -bn_IN -br -bs -ca -cs -csb -cy -da -de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES -es_MX -et -eu -fa -fi -fr -fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -id -is -it -ja -kk -km -kn -ko -ku -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa_IN -pl -pt_BR -pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -tr -uk -vi -xh -zh_CN -zh_TW -zu" 0 KiB

[ebuild     U  ] app-portage/layman-2.2.0-r5 [2.2.0] USE="git subversion -bazaar -cvs -darcs -g-sorcery -mercurial -squashfs {-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4" 0 KiB

[ebuild     UD ] media-video/mplayer-1.2_pre20130729 [1.2_pre20141011] USE="X a52 alsa cdio doc dts dvb dvd dvdnav enca encode faac gif iconv ipv6 jack jpeg jpeg2k libass libcaca libmpeg2 mad md5sum mmx mng mp3 network opengl osdmenu png sdl shm sse sse2 toolame truetype twolame unicode v4l vorbis x264 xscreensaver xv xvid -3dnow -3dnowext -aalib (-altivec) (-aqua) -bidi -bindist -bl -bluray -bs2b -cddb -cdparanoia -cpudetection -debug -dga -directfb -dv -faad -fbcon -ftp -ggi -gsm -joystick -ladspa -lirc -live -lzo -mmxext -nas -nut -openal -oss -pnm -pulseaudio -pvr -radio -rar -rtc -rtmp -samba (-selinux) -speex -ssse3 -tga -theora -tremor -vdpau (-vidix) -xanim -xinerama -xvmc -zoran" VIDEO_CARDS="-mga -s3virge -tdfx" 0 KiB

[ebuild     U  ] app-editors/gvim-7.4.488 [7.4.430] USE="acl cscope nls session (-aqua) -debug -gnome -gtk -lua -luajit -motif -neXt -netbeans -perl -python -racket -ruby (-selinux) -tcl" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4 (-python3_2%)" PYTHON_TARGETS="python2_7 python3_3 -python3_4 (-python3_2%)" 0 KiB

[ebuild  NS    ] sys-kernel/hardened-sources-3.17.1-r1:3.17.1-r1 [3.16.2:3.16.2, 3.16.3-r1:3.16.3-r1, 3.16.4-r1:3.16.4-r1] USE="-build -deblob -symlink" 0 KiB

[ebuild     U  ] x11-drivers/xf86-input-mouse-1.9.1 [1.9.0] 0 KiB

[ebuild     U  ] x11-drivers/xf86-video-ati-7.5.0 [7.4.0] USE="-glamor -udev" 0 KiB

[ebuild     U  ] net-misc/wget-1.16 [1.15-r1] USE="gnutls ipv6 nls pcre ssl zlib -debug -idn -ntlm -static -uuid" 0 KiB

[ebuild     U  ] sys-apps/man-pages-3.75 [3.74] USE="nls" LINGUAS="-da -de -fr -it -ja -nl -pl -ro -ru -zh_CN" 0 KiB

[ebuild     U  ] sys-apps/grep-2.20-r1 [2.20] USE="nls pcre -static" 0 KiB

[ebuild     U  ] app-editors/emacs-24.4:24 [24.3-r6:24] USE="X acl%* alsa gif gnutls gpm gtk3 imagemagick inotify%* jpeg pax_kernel png sound svg tiff xpm zlib%* -Xaw3d (-aqua) -athena -dbus -games -gconf -gfile% -gsettings -gtk -gzip-el -hesiod -kerberos -libxml2 -livecd -m17n-lib -motif (-selinux) -source -toolkit-scroll-bars -wide-int -xft" 0 KiB

[ebuild     U  ]  media-gfx/imagemagick-6.8.9.9:0/6.8.9.9 [6.8.9.8:0/6.8.9.8] USE="X bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr openexr openmp pango perl png postscript svg tiff truetype webp wmf xml zlib -autotrace -lzma -opencl -q32 -q64 -q8 -raw -static-libs {-test}" 0 KiB

[nomerge       ] app-crypt/jacksum-1.7.0 

[nomerge       ]  virtual/jre-1.7.0:1.7 

[nomerge       ]   virtual/jdk-1.7.0:1.7 

[nomerge       ]    dev-java/icedtea-bin-7.2.4.7-r1:7  USE="X alsa cups -cjk -doc -examples -nsplugin (-selinux) -source -webstart" 

[ebuild     U  ]     net-print/cups-2.0.0-r2 [1.7.5] USE="X acl ssl threads -dbus -debug -java -kerberos -lprng-compat -pam -python (-selinux) -static-libs -systemd -usb -xinetd -zeroconf (-gnutls%*)" ABI_X86="(64) -32 (-x32)" LINGUAS="es (-ca%*) (-fr%*) (-it%*) (-ja%*) (-pt_BR%*) (-ru%*)" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" 0 KiB

[nomerge       ] virtual/man-0-r1 

[nomerge       ]  sys-apps/man-db-2.6.7.1  USE="berkdb gdbm nls zlib (-selinux) -static-libs" 

[ebuild     U  ]   app-text/po4a-0.45-r1 [0.45] USE="{-test}" 0 KiB

[nomerge       ] media-video/ffmpeg-2.2.9:0/52.55.55  USE="3dnow 3dnowext X aac aacplus alsa amr avx bzip2 cdio cpudetection encode faac fontconfig frei0r gnutls gsm hardcoded-tables iconv ieee1394 jack jpeg2k libass libcaca libsoxr mmx mmxext modplug mp3 network opengl openssl oss pic rtmp schroedinger sdl speex sse sse2 ssse3 theora threads truetype twolame v4l vaapi vdpau vorbis vpx x264 xvid zlib (-altivec) -amrenc (-armv5te) (-armv6) (-armv6t2) (-armvfp) -avx2 -bindist -bluray -celt -debug -doc -examples -fdk -flite -fma3 -fma4 -gme -iec61883 -ladspa -libv4l (-mips32r2) (-mipsdspr1) (-mipsdspr2) (-mipsfpu) (-neon) -openal -opus -pulseaudio -quvi -sse3 -sse4 -sse4_2 -ssh -static-libs {-test} -wavpack -webp -x265 -zvbi" ABI_X86="(64) -32 (-x32)" FFTOOLS="aviocat cws2fws ffescape ffeval ffhash fourcc2pixfmt graph2dot ismindex pktdumper qt-faststart trasher" 

[ebuild     U  ]  x11-libs/libva-1.4.1 [1.3.1] USE="X drm opengl -egl -vdpau -wayland" ABI_X86="(64) -32 (-x32)" VIDEO_CARDS="-dummy -fglrx -intel (-nvidia)" 0 KiB

[ebuild     U  ] sys-apps/portage-2.2.14 [2.2.14_rc1] USE="doc (ipc) (xattr) -build -epydoc (-selinux)" LINGUAS="-ru" PYTHON_TARGETS="python2_7 python3_3 -pypy (-python3_2) -python3_4" 0 KiB

[nomerge       ] media-gfx/imagemagick-6.8.9.9:0/6.8.9.9 [6.8.9.8:0/6.8.9.8] USE="X bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr openexr openmp pango perl png postscript svg tiff truetype webp wmf xml zlib -autotrace -lzma -opencl -q32 -q64 -q8 -raw -static-libs {-test}" 

[ebuild     U  ]  gnome-base/librsvg-2.40.5:2 [2.40.4:2] USE="-introspection -tools -vala" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] x11-libs/gtk+-2.24.25:2 [2.24.24:2] USE="vim-syntax (-aqua) -cups -debug -examples -introspection {-test} -xinerama" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] media-libs/mesa-10.3.1 [10.3.0] USE="classic dri3 egl gallium gbm llvm nptl pax_kernel pic -bindist -debug -gles1 -gles2 -opencl -openmax -openvg -osmesa -r600-llvm-compiler (-selinux) -vdpau -wayland -xa -xvmc" ABI_X86="(64) -32 (-x32)" VIDEO_CARDS="radeon (-freedreno) -i915 -i965 -ilo -intel -nouveau -r100 -r200 -r300 -r600 -radeonsi -vmware" 0 KiB

[ebuild     U  ] sys-fs/eudev-2.1.1 [1.10-r2] USE="hwdb keymap kmod modutils rule-generator -doc -gudev -introspection (-selinux) -static-libs {-test} (-openrc%*)" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] dev-vcs/subversion-1.8.10-r1 [1.8.10] USE="apache2 berkdb http nls perl sasl vim-syntax -ctypes-python -debug -doc -dso -extras -gnome-keyring -java -kde -python -ruby {-test}" PYTHON_TARGETS="python2_7" 0 KiB

[nomerge       ] net-misc/wget-1.16 [1.15-r1] USE="gnutls ipv6 nls pcre ssl zlib -debug -idn -ntlm -static -uuid" 

[ebuild     U  ]  net-libs/gnutls-3.3.9 [3.3.8] USE="crywrap cxx nls zlib -dane -doc -examples -guile -pkcs11 -static-libs {-test}" ABI_X86="(64) -32 (-x32)" LINGUAS="-cs -de -en -fi -fr -it -ms -nl -pl -sv -uk -vi -zh_CN" 0 KiB

[ebuild     U  ] app-editors/vim-7.4.488 [7.4.430] USE="X acl cscope gpm nls -debug -lua -luajit -minimal -perl -python -racket -ruby (-selinux) -tcl -vim-pager" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4 (-python3_2%)" PYTHON_TARGETS="python2_7 python3_3 -python3_4 (-python3_2%)" 0 KiB

[ebuild     U  ] sys-apps/util-linux-2.25.2 [2.25.1] USE="caps cramfs ncurses nls suid unicode -fdformat -pam -python (-selinux) -slang -static-libs {-test} -tty-helpers -udev" ABI_X86="(64) -32 (-x32)" PYTHON_SINGLE_TARGET="python2_7 (-python3_2) -python3_3 -python3_4" PYTHON_TARGETS="python2_7 python3_3 (-python3_2) -python3_4" 0 KiB

[ebuild     U  ] sys-devel/make-4.1-r1 [4.1] USE="nls -guile -static" 0 KiB

[ebuild     U  ]  sys-devel/gettext-0.19.3 [0.19.2] USE="acl cxx git ncurses nls openmp -cvs -doc -emacs -java -static-libs" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] mail-mta/postfix-2.11.3 [2.11.1-r1] USE="berkdb doc hardened pam sasl sqlite ssl -cdb -dovecot-sasl -ldap -ldap-bind -lmdb -mbox -memcached -mysql -nis -postgres (-selinux) -vda" 0 KiB

[ebuild     U  ] net-mail/dovecot-2.2.15 [2.2.13-r1] USE="bzip2 caps doc imapc ipv6 maildir pam sqlite ssl tcpd zlib -cydir -kerberos -ldap -lucene -lz4 -lzma -managesieve -mbox -mdbox -mysql -pop3c -postgres -sdbox (-selinux) -sieve -solr -static-libs -suid -vpopmail" 0 KiB

[ebuild     U  ] x11-apps/xrandr-1.4.3 [1.4.1] 0 KiB

[nomerge       ] dev-vcs/git-2.1.2  USE="blksha1 cgi curl doc gpg gtk highlight iconv nls pcre perl python subversion threads tk webdav -cvs -emacs -gnome-keyring -mediawiki (-ppcsha1) {-test} -xinetd" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" 

[nomerge       ]  dev-perl/libwww-perl-6.50.0  USE="ssl" 

[ebuild     U  ]   dev-perl/LWP-Protocol-https-6.60.0 [6.40.0] 0 KiB

[nomerge       ] media-video/vlc-2.1.5:0/5-7  USE="X a52 alsa avcodec avformat dts dvb dvbpsi dvd encode ffmpeg flac fontconfig gcrypt gnutls jack libcaca matroska mmx mpeg ncurses ogg opengl png postproc qt4 sdl sse svg swscale theora truetype v4l vlm vorbis x264 xcb xv -aalib (-altivec) -atmo (-audioqueue) -avahi -bidi -bluray -cdda -cddb -chromaprint -dbus -dc1394 -debug -dirac -directfb (-directx) (-dxva2) -egl -faad -fdk -fluidsynth -gme -gnome -growl -httpd -ieee1394 (-ios-vout) -kate -kde -libass -libnotify -libsamplerate -libtar -libtiger -linsys -lirc -live -lua (-macosx) (-macosx-audio) (-macosx-dialog-provider) (-macosx-eyetv) (-macosx-qtkit) (-macosx-quartztext) (-macosx-vout) (-media-library) -modplug -mp3 -mtp -musepack (-neon) -omxil -opencv -optimisememory -opus -projectm -pulseaudio (-qt5) -rdp -rtsp -run-as-root -samba -schroedinger -sdl-image -sftp -shout -sid -skins -speex -taglib {-test} -tremor -twolame -udev -upnp -vaapi -vcdx -vdpau -vnc -wma-fixed -xml -zvbi" 

[nomerge       ]  x11-libs/xcb-util-0.4.0 [0.3.9-r1] USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 

[nomerge       ]   x11-libs/xcb-util-cursor-0.1.1-r1  USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 

[ebuild     U  ]    x11-libs/xcb-util-image-0.4.0 [0.3.9-r1] USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild  N     ]   x11-libs/xcb-util-cursor-0.1.1-r1  USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ]  x11-libs/xcb-util-0.4.0 [0.3.9-r1] USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB

[nomerge       ] dev-ruby/racc-1.4.12  USE="-doc {-test}" RUBY_TARGETS="ruby19 ruby20 ruby21 (-jruby)" 

[nomerge       ]  dev-lang/ruby-2.0.0_p594:2.0 [2.0.0_p576:2.0] USE="berkdb gdbm ipv6 ncurses rdoc readline ssl -debug -doc -examples -rubytests -socks5 -xemacs" 

[nomerge       ]   dev-ruby/rdoc-4.1.2  USE="-doc {-test}" RUBY_TARGETS="ruby19 ruby20 ruby21" 

[nomerge       ]    dev-ruby/json-1.8.1  USE="-doc {-test}" RUBY_TARGETS="ruby19 ruby20 ruby21 (-jruby)" 

[nomerge       ]     virtual/rubygems-7:ruby21  RUBY_TARGETS="(ruby21)" 

[nomerge       ]      dev-ruby/rubygems-2.2.2  USE="-server {-test}" RUBY_TARGETS="ruby19 ruby20 ruby21" 

[ebuild     U  ]       dev-lang/ruby-1.9.3_p550:1.9 [1.9.3_p547:1.9] USE="berkdb gdbm ipv6 ncurses rdoc readline ssl yaml -debug -doc -examples -rubytests -socks5 -xemacs" 0 KiB

[ebuild     U  ]       dev-lang/ruby-2.0.0_p594:2.0 [2.0.0_p576:2.0] USE="berkdb gdbm ipv6 ncurses rdoc readline ssl -debug -doc -examples -rubytests -socks5 -xemacs" 0 KiB

[ebuild     U  ]       dev-lang/ruby-2.1.4:2.1 [2.1.3:2.1] USE="berkdb gdbm ipv6 ncurses rdoc readline ssl -debug -doc -examples -rubytests -socks5 -xemacs" 0 KiB

[ebuild     U  ] sys-apps/openrc-0.13.2 [0.13.1] USE="ncurses netifrc unicode -debug -newnet -pam (-prefix) (-selinux) -static-libs -tools" 0 KiB

[nomerge       ] app-editors/emacs-24.4:24 [24.3-r6:24] USE="X acl%* alsa gif gnutls gpm gtk3 imagemagick inotify%* jpeg pax_kernel png sound svg tiff xpm zlib%* -Xaw3d (-aqua) -athena -dbus -games -gconf -gfile% -gsettings -gtk -gzip-el -hesiod -kerberos -libxml2 -livecd -m17n-lib -motif (-selinux) -source -toolkit-scroll-bars -wide-int -xft" 

[ebuild     U  ]  app-admin/eselect-emacs-1.17 [1.16] 0 KiB

[ebuild     U  ]   app-admin/eselect-ctags-1.17 [1.16] 0 KiB

[nomerge       ] x11-misc/obconf-2.0.4  USE="nls" 

[nomerge       ]  x11-libs/startup-notification-0.12-r1  USE="-static-libs" 

[nomerge       ]   x11-libs/xcb-util-0.4.0 [0.3.9-r1] USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 

[ebuild     U  ]    x11-libs/xcb-util-keysyms-0.4.0 [0.3.9-r1] USE="-doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB

[nomerge       ] app-portage/layman-2.2.0-r5 [2.2.0] USE="git subversion -bazaar -cvs -darcs -g-sorcery -mercurial -squashfs {-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4" 

[nomerge       ]  dev-python/ssl-fetch-0.2.1  PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4" 

[nomerge       ]   dev-python/ndg-httpsclient-0.3.2  PYTHON_TARGETS="python2_7 -pypy" 

[nomerge       ]    dev-python/pyopenssl-0.14  USE="-doc -examples" PYTHON_TARGETS="python2_7 python3_3 -pypy (-python3_2) -python3_4" 

[ebuild     U  ]     dev-python/cryptography-0.6.1 [0.5.4] USE="{-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 0 KiB

[nomerge       ] dev-python/cryptography-0.6.1 [0.5.4] USE="{-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 

[nomerge       ]  dev-python/cffi-0.8.6:0/0.8.6  USE="-doc" PYTHON_TARGETS="python2_7 python3_3 -pypy (-python3_2) -python3_4" 

[ebuild     U  ]   dev-python/pytest-2.6.4 [2.6.3] USE="-doc {-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 0 KiB

[ebuild     U  ]    dev-python/py-1.4.26 [1.4.25] USE="-doc {-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 0 KiB

[nomerge       ] dev-python/ssl-fetch-0.2.1  PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4" 

[ebuild     U  ]  dev-python/requests-2.4.3 [2.4.1] PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 0 KiB

[nomerge       ] media-gfx/imagemagick-6.8.9.9:0/6.8.9.9 [6.8.9.8:0/6.8.9.8] USE="X bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr openexr openmp pango perl png postscript svg tiff truetype webp wmf xml zlib -autotrace -lzma -opencl -q32 -q64 -q8 -raw -static-libs {-test}" 

[nomerge       ]  media-libs/libwebp-0.4.0:0/5  USE="gif jpeg opengl png tiff -experimental -static-libs -swap-16bit-csp" ABI_X86="(64) -32 (-x32)" 

[nomerge       ]   media-libs/freeglut-2.8.1-r1  USE="-debug -static-libs" ABI_X86="(64) -32 (-x32)" 

[nomerge       ]    x11-libs/libXi-1.7.4  USE="-doc -static-libs" ABI_X86="(64) -32 (-x32)" 

[ebuild     U  ]     x11-libs/libXext-1.3.3 [1.3.2] USE="-doc -static-libs" ABI_X86="(64) -32 (-x32)" 0 KiB

[nomerge       ] media-video/vlc-2.1.5:0/5-7  USE="X a52 alsa avcodec avformat dts dvb dvbpsi dvd encode ffmpeg flac fontconfig gcrypt gnutls jack libcaca matroska mmx mpeg ncurses ogg opengl png postproc qt4 sdl sse svg swscale theora truetype v4l vlm vorbis x264 xcb xv -aalib (-altivec) -atmo (-audioqueue) -avahi -bidi -bluray -cdda -cddb -chromaprint -dbus -dc1394 -debug -dirac -directfb (-directx) (-dxva2) -egl -faad -fdk -fluidsynth -gme -gnome -growl -httpd -ieee1394 (-ios-vout) -kate -kde -libass -libnotify -libsamplerate -libtar -libtiger -linsys -lirc -live -lua (-macosx) (-macosx-audio) (-macosx-dialog-provider) (-macosx-eyetv) (-macosx-qtkit) (-macosx-quartztext) (-macosx-vout) (-media-library) -modplug -mp3 -mtp -musepack (-neon) -omxil -opencv -optimisememory -opus -projectm -pulseaudio (-qt5) -rdp -rtsp -run-as-root -samba -schroedinger -sdl-image -sftp -shout -sid -skins -speex -taglib {-test} -tremor -twolame -udev -upnp -vaapi -vcdx -vdpau -vnc -wma-fixed -xml -zvbi" 

[ebuild     U  ]  x11-libs/libxcb-1.11:0/1.11 [1.10:0/0] USE="-doc (-selinux) -static-libs -xkb" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ]   x11-proto/xcb-proto-1.11 [1.10] ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7 python3_3 (-python3_2) -python3_4%" 0 KiB

[nomerge       ] dev-python/ssl-fetch-0.2.1  PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4" 

[nomerge       ]  dev-python/pyopenssl-0.14  USE="-doc -examples" PYTHON_TARGETS="python2_7 python3_3 -pypy (-python3_2) -python3_4" 

[ebuild     U  ]   dev-python/six-1.8.0 [1.7.3] USE="-doc {-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 0 KiB

[nomerge       ] dev-vcs/git-2.1.2  USE="blksha1 cgi curl doc gpg gtk highlight iconv nls pcre perl python subversion threads tk webdav -cvs -emacs -gnome-keyring -mediawiki (-ppcsha1) {-test} -xinetd" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" 

[nomerge       ]  dev-python/pygtk-2.24.0-r4:2  USE="-doc -examples {-test}" PYTHON_TARGETS="python2_7" 

[ebuild     U  ]   dev-python/numpy-1.9.0-r1 [1.8.2] USE="-doc -lapack {-test}" PYTHON_TARGETS="python2_7 python3_3 (-python3_2) -python3_4" 0 KiB

[ebuild     U  ]    dev-python/setuptools-7.0 [6.0.2] USE="{-test}" PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 0 KiB

[ebuild     U  ] dev-libs/libxml2-2.9.2:2 [2.9.1-r5:2] USE="ipv6 python readline -debug -examples -icu -lzma -static-libs {-test}" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7 python3_3 (-python3_2) -python3_4" 0 KiB

[nomerge       ] dev-python/requests-2.4.3 [2.4.1] PYTHON_TARGETS="python2_7 python3_3 -pypy -python3_4 (-python3_2%)" 

[ebuild     U  ]  app-misc/ca-certificates-20140927.3.17.2 [20140325.3.16.3] USE="cacert" 0 KiB

[nomerge       ] www-client/firefox-33.0 [32.0] USE="gstreamer hardened minimal system-libvpx%* -bindist -custom-cflags -custom-optimization -dbus -debug -jit (-pgo) -pulseaudio (-selinux) -startup-notification -system-cairo -system-icu -system-jpeg -system-sqlite {-test} -wifi" LINGUAS="-af -ar -as -ast -be -bg -bn_BD -bn_IN -br -bs -ca -cs -csb -cy -da -de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES -es_MX -et -eu -fa -fi -fr -fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -id -is -it -ja -kk -km -kn -ko -ku -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa_IN -pl -pt_BR -pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -tr -uk -vi -xh -zh_CN -zh_TW -zu" 

[ebuild     U  ]  dev-libs/nss-3.17.2 [3.17.1] USE="cacert nss-pem -utils" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] app-shells/bash-4.3_p30 [4.2_p53] USE="net nls (readline) -afs -bashlogger -examples -mem-scramble -plugins -vanilla" 0 KiB

[nomerge       ] net-mail/dovecot-2.2.15 [2.2.13-r1] USE="bzip2 caps doc imapc ipv6 maildir pam sqlite ssl tcpd zlib -cydir -kerberos -ldap -lucene -lz4 -lzma -managesieve -mbox -mdbox -mysql -pop3c -postgres -sdbox (-selinux) -sieve -solr -static-libs -suid -vpopmail" 

[ebuild     U  ]  dev-db/sqlite-3.8.7:3 [3.8.6:3] USE="readline -debug -doc -icu -secure-delete -static-libs -tcl {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB

[nomerge       ] app-editors/gvim-7.4.488 [7.4.430] USE="acl cscope nls session (-aqua) -debug -gnome -gtk -lua -luajit -motif -neXt -netbeans -perl -python -racket -ruby (-selinux) -tcl" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4 (-python3_2%)" PYTHON_TARGETS="python2_7 python3_3 -python3_4 (-python3_2%)" 

[ebuild     U  ]  app-editors/vim-core-7.4.488 [7.4.430] USE="acl nls -minimal" 0 KiB

[nomerge       ] dev-vcs/git-2.1.2  USE="blksha1 cgi curl doc gpg gtk highlight iconv nls pcre perl python subversion threads tk webdav -cvs -emacs -gnome-keyring -mediawiki (-ppcsha1) {-test} -xinetd" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" 

[nomerge       ]  net-misc/curl-7.38.0  USE="ipv6 ssl -adns -idn -kerberos -ldap -metalink -rtmp -ssh -static-libs {-test} -threads" ABI_X86="(64) -32 (-x32)" CURL_SSL="openssl -axtls -gnutls -nss -polarssl (-winssl)" 

[ebuild     U  ]   dev-libs/openssl-1.0.1j [1.0.1i] USE="bindist (sse2) tls-heartbeat zlib -gmp -kerberos -rfc3779 -static-libs {-test} -vanilla" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] net-misc/dhcpcd-6.6.0 [6.5.0] USE="ipv6 -udev" 0 KiB

[nomerge       ] sys-apps/man-db-2.6.7.1  USE="berkdb gdbm nls zlib (-selinux) -static-libs" 

[ebuild     U  ]  dev-libs/libpipeline-1.4.0 [1.3.1] USE="-static-libs {-test}" 0 KiB

[nomerge       ] x11-base/xorg-drivers-1.16  INPUT_DEVICES="keyboard mouse -acecad -aiptek -elographics -evdev -fpit -hyperpen -joystick -mutouch -penmount -synaptics -tslib -vmmouse -void -wacom" VIDEO_CARDS="radeon vesa -apm -ast -chips -cirrus -dummy -epson -fbdev -fglrx (-freedreno) (-geode) -glint -i128 (-i740) -intel -mach64 -mga -modesetting -neomagic -nouveau -nv (-nvidia) (-omap) (-omapfb) -qxl -r128 -radeonsi -rendition -s3 -s3virge -savage -siliconmotion -sisusb (-sunbw2) (-suncg14) (-suncg3) (-suncg6) (-sunffb) (-sunleo) (-suntcx) -tdfx -tga -trident -tseng -v4l -via -virtualbox -vmware (-voodoo)" 

[nomerge       ]  x11-drivers/xf86-video-vesa-2.3.3 

[nomerge       ]   x11-base/xorg-server-1.16.1:0/1.16.1  USE="ipv6 nptl suid xorg -dmx -doc -glamor -kdrive -minimal (-selinux) -static-libs -systemd -tslib -udev -unwind -wayland -xnest -xvfb" 

[ebuild     U  ]    x11-libs/pixman-0.32.6 [0.32.4] USE="sse2 (-altivec) (-iwmmxt) (-loongson2f) -mmxext (-neon) -ssse3 -static-libs" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ]    x11-libs/libdrm-2.4.58 [2.4.56] USE="-libkms -static-libs" ABI_X86="(64) -32 (-x32)" VIDEO_CARDS="radeon (-exynos) (-freedreno) -intel -nouveau (-omap) -vmware" 0 KiB

[ebuild     U  ]    x11-libs/xtrans-1.3.5 [1.3.4] USE="-doc" 0 KiB

[nomerge       ] dev-libs/nss-3.17.2 [3.17.1] USE="cacert nss-pem -utils" ABI_X86="(64) -32 (-x32)" 

[ebuild     U  ]  dev-libs/nspr-4.10.7-r1 [4.10.7] USE="-debug" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ]   sys-devel/libtool-2.4.3:2 [2.4.2-r1:2] USE="-static-libs {-test} -vanilla" ABI_X86="(64) -32 (-x32)" 0 KiB

[ebuild     U  ] sys-apps/busybox-1.22.1-r1 [1.22.1] USE="ipv6 mdev static -debug% -livecd -make-symlinks -math -pam -savedconfig (-selinux) -sep-usr -syslog -systemd" 0 KiB

[ebuild     U  ]  sys-kernel/linux-headers-3.17 [3.16] 0 KiB

[nomerge       ] dev-perl/LWP-Protocol-https-6.60.0 [6.40.0]

[nomerge       ]  dev-perl/libwww-perl-6.50.0  USE="ssl" 

[nomerge       ]   dev-perl/HTTP-Daemon-6.10.0-r1 

[nomerge       ]    dev-lang/perl-5.20.1-r2:0/5.20 [5.20.1:0/5.20] USE="berkdb gdbm -debug -doc -ithreads" 

[ebuild     U  ]     virtual/perl-File-Temp-0.230.400-r2 [0.230.400-r1] 0 KiB

[ebuild  N     ]      perl-core/File-Temp-0.230.400-r1  0 KiB

[ebuild     U  ]       dev-lang/perl-5.20.1-r2:0/5.20 [5.20.1:0/5.20] USE="berkdb gdbm -debug -doc -ithreads" 0 KiB

[ebuild     U  ] media-fonts/unifont-7.0.05 [7.0.03] USE="X -fontforge -utils" 0 KiB

[nomerge       ] media-gfx/imagemagick-6.8.9.9:0/6.8.9.9 [6.8.9.8:0/6.8.9.8] USE="X bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr openexr openmp pango perl png postscript svg tiff truetype webp wmf xml zlib -autotrace -lzma -opencl -q32 -q64 -q8 -raw -static-libs {-test}" 

[ebuild     U  ]  media-libs/lcms-2.6-r1:2 [2.6:2] USE="jpeg threads tiff zlib -doc -static-libs {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB

[nomerge       ] sys-boot/grub-2.02_beta2-r2:2  USE="multislot nls sdl truetype -debug -device-mapper -doc -efiemu -libzfs -mount -static {-test}" GRUB_PLATFORMS="multiboot pc -coreboot -efi-32 -efi-64 -emu -ieee1275 -loongson -qemu -qemu-mips -xen" 

[ebuild     U  ]  app-misc/pax-utils-0.9.1 [0.8.1] USE="caps -python" 0 KiB

[ebuild     U  ] sys-apps/file-5.20-r1 [5.20] USE="zlib -python -static-libs" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7 python3_3 (-python3_2) -python3_4" 0 KiB

[ebuild     U  ] sys-apps/net-tools-1.60_p20141019041918 [1.60_p20130513023548-r1] USE="nls -old-output (-selinux) -static" 0 KiB

[nomerge       ] sys-apps/openrc-0.13.2 [0.13.1] USE="ncurses netifrc unicode -debug -newnet -pam (-prefix) (-selinux) -static-libs -tools" 

[nomerge       ]  sys-libs/glibc-2.19-r1:2.2  USE="hardened (multilib) -debug -gd -nscd -profile (-selinux) -suid -systemtap -vanilla" 

[ebuild     U  ]   sys-libs/timezone-data-2014i-r1 [2014g] USE="nls -right_timezone" 0 KiB

[nomerge       ] sys-apps/portage-2.2.14 [2.2.14_rc1] USE="doc (ipc) (xattr) -build -epydoc (-selinux)" LINGUAS="-ru" PYTHON_TARGETS="python2_7 python3_3 -pypy (-python3_2) -python3_4" 

[ebuild     U  ]  sys-apps/install-xattr-0.4 [0.3] 0 KiB

Total: 78 packages (74 upgrades, 1 downgrade, 2 new, 1 in new slot), Size of downloads: 21 KiB

!!! The following update has been skipped due to unsatisfied dependencies:

x11-libs/gtk+:3

!!! All ebuilds that could satisfy ">=app-accessibility/at-spi2-atk-2.5.3" have been masked.

!!! One of the following masked packages is required to complete your request:

- app-accessibility/at-spi2-atk-2.12.1::gentoo (masked by: package.mask)

- app-accessibility/at-spi2-atk-2.10.2::gentoo (masked by: package.mask)

(dependency required by "x11-libs/gtk+-3.12.2[X]" [ebuild])

For more information, see the MASKED PACKAGES section in the emerge

man page or refer to the Gentoo Handbook.

Would you like to fetch the source files for these packages? [Yes/No] 

>>> Fetching (1 of 78) sys-apps/install-xattr-0.4::gentoo

 * install-xattr-0.4.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (2 of 78) sys-libs/timezone-data-2014i-r1::gentoo

 * tzdata2014i.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...               [ ok ]

 * tzcode2014i.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...               [ ok ]

>>> Fetching (3 of 78) sys-apps/net-tools-1.60_p20141019041918::gentoo

 * net-tools-1.60_p20141019041918.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...    [ ok ]

 * net-tools-1.60_p20141019041918-patches-1.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (4 of 78) sys-apps/file-5.20-r1::gentoo

 * file-5.20.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (5 of 78) app-misc/pax-utils-0.9.1::gentoo

 * pax-utils-0.9.1.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

>>> Fetching (6 of 78) media-libs/lcms-2.6-r1::gentoo

 * lcms2-2.6.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (7 of 78) media-fonts/unifont-7.0.05::gentoo

 * unifont-7.0.05.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (8 of 78) dev-lang/perl-5.20.1-r2::gentoo

 * perl-5.20.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

 * perl-5.20.1-patches-1.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...     [ ok ]

>>> Fetching (9 of 78) perl-core/File-Temp-0.230.400-r1::gentoo

 * File-Temp-0.2304.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...          [ ok ]

>>> Fetching (10 of 78) virtual/perl-File-Temp-0.230.400-r2::gentoo

>>> Fetching (11 of 78) sys-kernel/linux-headers-3.17::gentoo

 * gentoo-headers-base-3.17.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]

 * gentoo-headers-3.17-1.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...     [ ok ]

>>> Fetching (12 of 78) sys-apps/busybox-1.22.1-r1::gentoo

 * busybox-1.22.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

>>> Fetching (13 of 78) sys-devel/libtool-2.4.3::gentoo

 * libtool-2.4.3.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]

>>> Fetching (14 of 78) dev-libs/nspr-4.10.7-r1::gentoo

 * nspr-4.10.7.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...               [ ok ]

>>> Fetching (15 of 78) x11-libs/xtrans-1.3.5::gentoo

 * xtrans-1.3.5.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]

>>> Fetching (16 of 78) x11-libs/libdrm-2.4.58::gentoo

 * libdrm-2.4.58.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (17 of 78) x11-libs/pixman-0.32.6::gentoo

 * pixman-0.32.6.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (18 of 78) dev-libs/libpipeline-1.4.0::gentoo

 * libpipeline-1.4.0.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...         [ ok ]

>>> Fetching (19 of 78) net-misc/dhcpcd-6.6.0::gentoo

 * dhcpcd-6.6.0.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]

>>> Fetching (20 of 78) dev-libs/openssl-1.0.1j::gentoo

 * openssl-1.0.1j.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

 * openssl-c_rehash.sh.1.7 SHA256 SHA512 WHIRLPOOL size ;-) ...          [ ok ]

>>> Fetching (21 of 78) app-editors/vim-core-7.4.488::gentoo

 * vim-7.4.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...                  [ ok ]

 * vim-patches-7.4.488.patch.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...    [ ok ]

 * vim-7.4-gentoo-patches.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (22 of 78) dev-db/sqlite-3.8.7::gentoo

 * sqlite-autoconf-3080700.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (23 of 78) app-shells/bash-4.3_p30::gentoo

 * bash-4.3.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                  [ ok ]

 * bash43-001 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-002 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-003 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-004 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-005 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-006 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-007 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-008 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-009 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-010 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-011 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-012 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-013 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-014 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-015 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-016 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-017 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-018 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-019 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-020 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-021 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-022 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-023 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-024 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-025 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-026 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-027 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-028 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-029 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

 * bash43-030 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

>>> Fetching (24 of 78) dev-libs/nss-3.17.2::gentoo

 * nss-3.17.2.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                [ ok ]

 * nss-3.14.1-add_spi+cacerts_ca_certs.patch SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

 * nss-pem-015ae754dd9f6fbcd7e52030ec9732eb27fc06a8.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...                       [ ok ]

>>> Fetching (25 of 78) app-misc/ca-certificates-20140927.3.17.2::gentoo

 * ca-certificates_20140927.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]

 * nss-3.17.2.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                [ ok ]

 * nss-3.14.1-add_spi+cacerts_ca_certs.patch SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (26 of 78) dev-libs/libxml2-2.9.2::gentoo

 * libxml2-2.9.2.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]

>>> Fetching (27 of 78) dev-python/setuptools-7.0::gentoo

 * setuptools-7.0.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (28 of 78) dev-python/numpy-1.9.0-r1::gentoo

 * numpy-1.9.0.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...               [ ok ]

>>> Fetching (29 of 78) dev-python/six-1.8.0::gentoo

 * six-1.8.0.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (30 of 78) x11-proto/xcb-proto-1.11::gentoo

 * xcb-proto-1.11.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

>>> Fetching (31 of 78) x11-libs/libxcb-1.11::gentoo

 * libxcb-1.11.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (32 of 78) x11-libs/libXext-1.3.3::gentoo

 * libXext-1.3.3.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (33 of 78) dev-python/requests-2.4.3::gentoo

 * requests-2.4.3.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (34 of 78) dev-python/py-1.4.26::gentoo

 * py-1.4.26.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (35 of 78) dev-python/pytest-2.6.4::gentoo

 * pytest-2.6.4.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (36 of 78) dev-python/cryptography-0.6.1::gentoo

 * cryptography-0.6.1.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (37 of 78) x11-libs/xcb-util-keysyms-0.4.0::gentoo

 * xcb-util-keysyms-0.4.0.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (38 of 78) app-admin/eselect-ctags-1.17::gentoo

 * eselect-emacs-1.17.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (39 of 78) app-admin/eselect-emacs-1.17::gentoo

 * eselect-emacs-1.17.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (40 of 78) sys-apps/openrc-0.13.2::gentoo

 * openrc-0.13.2.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (41 of 78) dev-lang/ruby-2.1.4::gentoo

 * ruby-2.1.4.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                [ ok ]

 * ruby-patches-2.1.4.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...       [ ok ]

>>> Fetching (42 of 78) dev-lang/ruby-2.0.0_p594::gentoo

 * ruby-2.0.0-p594.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

 * ruby-patches-2.0.0_p594.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]

>>> Fetching (43 of 78) dev-lang/ruby-1.9.3_p550::gentoo

 * ruby-1.9.3-p550.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...          [ ok ]

 * ruby-patches-1.9.3_p550.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]

>>> Fetching (44 of 78) x11-libs/xcb-util-0.4.0::gentoo

 * xcb-util-0.4.0.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

>>> Fetching (45 of 78) x11-libs/xcb-util-cursor-0.1.1-r1::gentoo

 * xcb-util-cursor-0.1.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...    [ ok ]

>>> Fetching (46 of 78) x11-libs/xcb-util-image-0.4.0::gentoo

 * xcb-util-image-0.4.0.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...     [ ok ]

>>> Fetching (47 of 78) dev-perl/LWP-Protocol-https-6.60.0::gentoo

 * LWP-Protocol-https-6.06.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

 * LWP-Protocol-https_ca-cert-r1.patch.gz SHA256 SHA512 WHIRLPOOL size ;-) ...     [ ok ]

>>> Fetching (48 of 78) x11-apps/xrandr-1.4.3::gentoo

 * xrandr-1.4.3.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]

>>> Fetching (49 of 78) net-mail/dovecot-2.2.15::gentoo

 * dovecot-2.2.15.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (50 of 78) mail-mta/postfix-2.11.3::gentoo

 * postfix-2.11.3.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (51 of 78) sys-devel/gettext-0.19.3::gentoo

 * gettext-0.19.3.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (52 of 78) sys-devel/make-4.1-r1::gentoo

 * make-4.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (53 of 78) sys-apps/util-linux-2.25.2::gentoo

 * util-linux-2.25.2.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...         [ ok ]

>>> Fetching (54 of 78) app-editors/vim-7.4.488::gentoo

 * vim-7.4.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...                  [ ok ]

 * vim-patches-7.4.488.patch.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...    [ ok ]

 * vim-7.4-gentoo-patches.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (55 of 78) net-libs/gnutls-3.3.9::gentoo

 * gnutls-3.3.9.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (56 of 78) dev-vcs/subversion-1.8.10-r1::gentoo

 * subversion-1.8.10.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (57 of 78) sys-fs/eudev-2.1.1::gentoo

 * eudev-2.1.1.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...               [ ok ]

>>> Fetching (58 of 78) media-libs/mesa-10.3.1::gentoo

 * MesaLib-10.3.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

>>> Fetching (59 of 78) x11-libs/gtk+-2.24.25::gentoo

 * gtk+-2.24.25.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (60 of 78) gnome-base/librsvg-2.40.5::gentoo

 * librsvg-2.40.5.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (61 of 78) sys-apps/portage-2.2.14::gentoo

 * portage-2.2.14.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...           [ ok ]

>>> Fetching (62 of 78) x11-libs/libva-1.4.1::gentoo

 * libva-1.4.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (63 of 78) app-text/po4a-0.45-r1::gentoo

 * po4a_0.45.orig.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

>>> Fetching (64 of 78) net-print/cups-2.0.0-r2::gentoo

 * cups-2.0.0-source.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]

>>> Fetching (65 of 78) media-gfx/imagemagick-6.8.9.9::gentoo

 * ImageMagick-6.8.9-9.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...       [ ok ]

>>> Fetching (66 of 78) app-editors/emacs-24.4::gentoo

 * emacs-24.4.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                [ ok ]

 * emacs-24.4-patches-1.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...      [ ok ]

>>> Fetching (67 of 78) sys-apps/grep-2.20-r1::gentoo

 * grep-2.20.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (68 of 78) sys-apps/man-pages-3.75::gentoo

 * man-pages-3.75.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...            [ ok ]

 * man-pages-gentoo-2.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...       [ ok ]

>>> Fetching (69 of 78) net-misc/wget-1.16::gentoo

 * wget-1.16.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                 [ ok ]

>>> Fetching (70 of 78) x11-drivers/xf86-video-ati-7.5.0::gentoo

 * xf86-video-ati-7.5.0.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...     [ ok ]

>>> Fetching (71 of 78) x11-drivers/xf86-input-mouse-1.9.1::gentoo

 * xf86-input-mouse-1.9.1.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (72 of 78) sys-kernel/hardened-sources-3.17.1-r1::gentoo

 * linux-3.17.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                [ ok ]

 * hardened-patches-3.17.1-2.extras.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...       [ ok ]

 * genpatches-3.17-3.base.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...    [ ok ]

>>> Fetching (73 of 78) app-editors/gvim-7.4.488::gentoo

 * vim-7.4.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...                  [ ok ]

 * vim-patches-7.4.488.patch.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...    [ ok ]

 * vim-7.4-gentoo-patches.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (74 of 78) media-video/mplayer-1.2_pre20130729::gentoo

 * mplayer-1.2_pre20130729.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...   [ ok ]

>>> Fetching (75 of 78) app-portage/layman-2.2.0-r5::gentoo

 * layman-2.2.0.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...              [ ok ]

>>> Fetching (76 of 78) www-client/firefox-33.0::gentoo

 * firefox-31.0-patches-0.2.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]

 * firefox-33.0.source.tar.bz2 SHA256 SHA512 WHIRLPOOL size ;-) ...      [ ok ]

>>> Fetching (77 of 78) media-video/mkvtoolnix-7.3.0::gentoo

 * mkvtoolnix-7.3.0.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...          [ ok ]

>>> Fetching (78 of 78) net-misc/openssh-6.6.1_p1-r4::gentoo

 * openssh-6.6p1.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...             [ ok ]

>>> Downloading 'http://192.168.3.2/gentoo/distfiles/openssh-6.6.1p1-hpnssh14v5.diff.xz'

!!! Fetched file: openssh-6.6.1p1-hpnssh14v5.diff.xz VERIFY FAILED!

!!! Reason: Failed on SHA256 verification

!!! Got:      674de88b158c3b305f720ad86f917be79cd6bd9b47cf33f56b1d92eee9440b8e

!!! Expected: fe31dfbc934be7c7c07ddcd2aef01083c62f225ee8097622aec23d536e118053

Refetching... File renamed to '/usr/portage/distfiles/openssh-6.6.1p1-hpnssh14v5.diff.xz._checksum_failure_.rfSWHm'

>>> Downloading 'http://dev.gentoo.org/~polynomial-c/openssh-6.6.1p1-hpnssh14v5.diff.xz'

!!! Couldn't download 'openssh-6.6.1p1-hpnssh14v5.diff.xz'. Aborting.

 * Fetch failed for 'net-misc/openssh-6.6.1_p1-r4'

>>> Failed to emerge net-misc/openssh-6.6.1_p1-r4

 * 

 * The following package has failed to build or install:

 * 

 *  (net-misc/openssh-6.6.1_p1-r4:0/0::gentoo, ebuild scheduled for merge)

 * 

```

And I'd like it someone could notice this failure. 

It happened to me a few weeks ago as well, with the same package, and there was nowhere that I could get that particular file from any mirror (I tried a few) with the right hashes.

It nobody gives advice to the contrary, and I will try and wait for longer, because I don't want to bother the releng without a necessary reason like I did already before, I'll try and see if I can file a bug against this failure.

e could notice this failure. 

It happened to me a few weeks ago as well, with the same package, and there was nowhere that I could get that particular file from any mirror (I tried a few) with the right hashes.

It nobody gives advice to the contrary, and I will try and wait for longer (pls. tell me if you know this is not worth filing a bug), because I don't want to bother the releng (I guess it'd be their bug) without a necessary reason as it was unnecessary before in this topic... If I don't get information to the contrary I'll try and see if I can file a bug against this failure, because to me this does look like something out of order.

----------

