Subject: Re: Unable to verify fetched file?
To: Greg Troxel <>
From: Mike M. Volokhov <>
List: tech-pkg
Date: 12/01/2006 18:00:29
Greg Troxel <> wrote:
>   I am looking at
>    pkg/35152: graphics/png: distinfo is wrong
>   I tested and it attempted to download over and over again.
>   Each time saying:
>     fetch: Unable to verify fetched file libpng-1.2.14.tar.bz2
>   This is a different behaviour than we used to have.
> I saw this too, and it's a bit scary.

Works for me here.

>   It used to fail the first time if checksum didn't match and would try next 
>   mirror.
>   I don't think I like this new behaviour. I am not sure when this 
>   changed.... maybe in July.

Just after 2003Q3 was branched. Use MASTER_SORT_RANDOM=NO (see also
pkgsrc guide).

> This is somewhat a tough problem, since the approach has to be ok for
> various combinations of network trouble, wrong distinfo, and bad
> distfile.  But probably the system should only try once per mirror.

IMHO fetching the same file from random mirror should (must?) not led
to wrong checksumming. The mirror list should be reviewed instead.