Skip Menu |

This queue is for tickets about the CPAN-Checksums CPAN distribution.

Report information
The Basics
Id: 113615
Status: resolved
Priority: 0/
Queue: CPAN-Checksums
People
Owner: Nobody in particular
Requestors: Ralf.Neubauer [...] wido.bv.aok.de
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Apr 08 05:44:24 2016 Ralf.Neubauer [...] wido.bv.aok.de - Ticket created
Subject: Need option to cope with braindead proxy
Date: Fri, 8 Apr 2016 09:44:10 +0000
To: "bug-CPAN [...] rt.cpan.org" <bug-CPAN [...] rt.cpan.org>
From: "Neubauer, Ralf" <ralf.neubauer [...] wido.bv.aok.de>
Hi, i get the following message: ---- DAGOLDEN/CPAN-Reporter-1.2017.tar.gz ---- Config::Tiny [requires] Running install for module 'Config::Tiny' Checksum mismatch for distribution file. Please investigate. Distribution id = R/RS/RSAVAGE/Config-Tiny-2.23.tgz CPAN_USERID RSAVAGE (Ron Savage <ron@savage.net.au>) CPAN_VERSION 2.23 CALLED_FOR Config::Tiny CHECKSUM_STATUS CONTAINSMODS Config::Tiny UPLOAD_DATE 2015-10-13 incommandcolor 2 localfile C:\strawberry-5.22.1.2-32\cpan\sources\authors\id\R\RS\RSAVAGE\ Config-Tiny-2.23.tgz mandatory 1 negative_prefs_cache 0 prefs HASH(0x3f1775c) reqtype r I'd recommend removing C:\strawberry-5.22.1.2-32\cpan\sources\authors\id\R\RS\RSAVAGE\Config-Tiny- 2.23.tgz. Its checksum is incorrect. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. Problem is, our braindead scanning proxy (required for obvious reasons by company policy) unpacks gzip files, C:\strawberry-5.22.1.2-32\cpan\sources\authors\id\R\RS\RSAVAGE\Config-Tiny-2.23.tgz is a tar file and not gzip-ed. Zip files and Bz2 files are transferred correctly, but the proxy seems to mix up zlib http compression and gz files. The proxy is maintained by our network provider and the contact persons at the provider don't even understand the problem (network experts at work...). I tried to re-gzip the unpacked tar with default settings, but this didn't work -- as expected. To be able to install distributions that happen to come in tgz archives, i patched CPAN::Distribution in sub CHECKSUM_check_file: } else { $CPAN::Frontend->myprint(qq{\nChecksum mismatch for }. qq{distribution file. }. qq{Please investigate.\n\n}. $self->as_string, $CPAN::META->instance( 'CPAN::Author', $self->cpan_userid )->as_string); # work around for braindead proxy return $self->{CHECKSUM_STATUS} = "OK"; my $wrap = qq{I\'d recommend removing $file. Its checksum is incorrect. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry.}; I wanted the checksum to be checked and the message to be printed, but the install process to continue normally, because i obviously want to install distributions, even if i have to rely on the file being magically untampered. A technically better solution (apart from fixing the proxy, which is impossible in this case) would be to calculate the checksum for the _uncompressed_ tar archive or for the unpacked directory tree, but this would surely be overkill. Is it possible to add an appropriately named configuration variable to enable my work around in an 'official' way? Ralf
  Sat Apr 09 01:54:06 2016 ANDK [...] cpan.org - Correspondence added
The checksum for uncompressed is there for all .tar.gz: % grep -A5 Acme-Study-Perl-0.0.2.tar.gz /home/ftp/pub/PAUSE/authors/id/A/AN/ANDK/CHECKSUMS 'Acme-Study-Perl-0.0.2.tar.gz' => { 'md5' => 'c735574da6a9ac575346eb3090c833c8', 'md5-ungz' => 'b2d004c703043308e619dbc42fc01c69', 'mtime' => '2009-01-10', 'sha256' => 'a08b6797caee2e009cd6be6f34a2dec75b9fa8b7d12d75f2745beedf303144a1', 'sha256-ungz' => 'a8bbde36d345bca11276f1835f35a9563d605cb4063d7a5fbc6c0e7377ee5950', But missing for .tgz files. Quick finger pointing: CPAN::Checksum I've uploaded CPAN-Checksums-2.11.tar.gz I'll move this ticket into the CPAN-Checksum queue. I'll deploy it to PAUSE as soon as possible. It will then take a while until all checksum files are updated. Please let me know, whether this solves your problem.
  Sat Apr 09 01:54:06 2016 The RT System itself - Status changed from 'new' to 'open'
  Sat Apr 09 01:54:38 2016 ANDK [...] cpan.org - Status changed from 'open' to 'patched'
  Sat Apr 09 01:54:39 2016 ANDK [...] cpan.org - Queue changed from CPAN to CPAN-Checksums
  Mon May 30 12:53:40 2016 Ralf.Neubauer [...] wido.bv.aok.de - Correspondence added
Subject: RE: [rt.cpan.org #113615] Need option to cope with braindead proxy
Date: Mon, 30 May 2016 16:45:44 +0000
To: "bug-CPAN-Checksums [...] rt.cpan.org" <bug-CPAN-Checksums [...] rt.cpan.org>
From: "Neubauer, Ralf" <ralf.neubauer [...] wido.bv.aok.de>
Hi, this partially solves my problem. Apparently cpan Config::Tiny uses Digest::SHA and finds the sha256-ungz entries, but PPM::Make still uses md5 (which can easily be extended to md5-ungz as shown in [rt.cpan.org #114769]) and md5-ungz is present for e.g. Spreadsheet-Read-0.64.tgz DBD-CSV-0.49.tgz but missing for e.g. Config-Tiny-2.23.tgz Text-CSV_XS-1.23.tgz Spreadsheet-Read-0.62.tgz All CHECKSUMS files I looked at were apparently written by CPAN::Checksums 2.11 -- e.g. the one used by Spreadsheet-Read contains the line: # CHECKSUMS file written on Thu May 12 11:53:01 2016 GMT by CPAN::Checksums (v2.11) I'll try to patch my local installation of PPM::Make to support sha256 and to suggest it to the author, but maybe md5-ungz can still be added where it is missing. Ralf Show quoted text
> -----Original Message----- > From: Andreas Koenig via RT [mailto:bug-CPAN@rt.cpan.org] > Sent: Saturday, April 09, 2016 7:54 AM > To: Neubauer, Ralf > Subject: [rt.cpan.org #113615] Need option to cope with braindead proxy > > <URL: https://rt.cpan.org/Ticket/Display.html?id=113615 > > > The checksum for uncompressed is there for all .tar.gz: > > % grep -A5 Acme-Study-Perl-0.0.2.tar.gz /home/ftp/pub/PAUSE/authors/id/A/AN/ANDK/CHECKSUMS > 'Acme-Study-Perl-0.0.2.tar.gz' => { > 'md5' => 'c735574da6a9ac575346eb3090c833c8', > 'md5-ungz' => 'b2d004c703043308e619dbc42fc01c69', > 'mtime' => '2009-01-10', > 'sha256' => 'a08b6797caee2e009cd6be6f34a2dec75b9fa8b7d12d75f2745beedf303144a1', > 'sha256-ungz' => 'a8bbde36d345bca11276f1835f35a9563d605cb4063d7a5fbc6c0e7377ee5950', > > But missing for .tgz files. > > Quick finger pointing: CPAN::Checksum > > I've uploaded CPAN-Checksums-2.11.tar.gz > > I'll move this ticket into the CPAN-Checksum queue. I'll deploy it to PAUSE as soon as possible. It will then take a while > until all checksum files are updated. > > Please let me know, whether this solves your problem.
  Mon Jun 13 22:59:15 2016 andreas.koenig.7os6VVqR [...] franz.ak.mind.de - Correspondence added
Subject: Re: [rt.cpan.org #113615] Need option to cope with braindead proxy
Date: Tue, 14 Jun 2016 04:58:55 +0200
To: "Neubauer\, Ralf via RT" <bug-CPAN-Checksums [...] rt.cpan.org>
From: Andreas Koenig <andreas.koenig.7os6VVqR [...] franz.ak.mind.de>
Thanks for the analysis! CPAN-Checksums-2.12 is released and deployed. As always, it will take a while to run through all directories on CPAN, but the version and the calc date are in the CHECKSUMs files. Thanks again&&Regards, -- andreas
  Tue Jun 14 14:47:36 2016 ANDK [...] cpan.org - Correspondence added
Looks like it is now working as requested. Thanks!
  Tue Jun 14 14:47:38 2016 ANDK [...] cpan.org - Status changed from 'patched' to 'resolved'