openssl @1.0.0f checksum mismatch

[pablo@…]

Hi there,

First of all I did check ​https://trac.macports.org/wiki/FAQ#checksums

I'm having the following error when trying to install openssl. I'm actually trying to install bind9, however the error happens of course if I try to just install openssl.

sudo port install openssl
Password:
--->  Computing dependencies for openssl
--->  Verifying checksum(s) for openssl
Error: Checksum (md5) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (sha1) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (rmd160) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (sha256) mismatch for openssl-1.0.0f.tar.gz
Error: Target org.macports.checksum returned: Unable to verify file checksums
Log for openssl is at: /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_devel_openssl/openssl/main.log
Error: Status 1 encountered during processing.
To report a bug, see <http://guide.macports.org/#project.tickets>

As I mentioned before I tried the recommended:

$ sudo port selfupdate
$ sudo port clean --dist <portname>
$ sudo port install <portname>

[mf2k (Frank Schima)]

You say you followed the instructions in the FAQ, yet your output lacks the download mirror. The log even mentions the following:

:debug:main Skipping completed org.macports.fetch (openssl)

My guess is that you did not actually clean the correct port. You need to use "openssl" in place of <portname> and show us the result if it fails again.

[pablo@…]

Hi there, I did replace <portname> with openssl the first time.

sudo port clean --dist openssl
--->  Cleaning openssl

sudo port install openssl
--->  Computing dependencies for openssl
--->  Fetching archive for openssl
--->  Attempting to fetch openssl-1.0.0f_0.darwin_11.x86_64.tbz2 from http://packages.macports.org/openssl
--->  Fetching openssl
--->  Attempting to fetch openssl-1.0.0f.tar.gz from http://www.openssl.org/source/
--->  Verifying checksum(s) for openssl
Error: Checksum (md5) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (sha1) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (rmd160) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (sha256) mismatch for openssl-1.0.0f.tar.gz
Error: Target org.macports.checksum returned: Unable to verify file checksums
Log for openssl is at: /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_devel_openssl/openssl/main.log
Error: Status 1 encountered during processing.
To report a bug, see <http://guide.macports.org/#project.tickets>

I attached the main.log file when I created the ticket.

[pablo@…]

The first mirror seems to be broken, I get a 404 page

curl http://packages.macports.org/openssl/openssl-1.0.0f_0.darwin_11.x86_64.tbz2
or 
curl http://packages.macports.org/openssl/openssl-1.0.0f.tar.gz

the other mirror seems to have the file corrupted:

Attempting to fetch openssl-1.0.0f.tar.gz from http://www.openssl.org/source/
--->  Verifying checksum(s) for openssl
Error: Checksum (md5) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (sha1) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (rmd160) mismatch for openssl-1.0.0f.tar.gz
Error: Checksum (sha256) mismatch for openssl-1.0.0f.tar.gz

[pablo@…]

Definitively the file is corrupted. I've found the following workaround:

1) Went to ​http://www.openssl.org/source/ and downloaded openssl-1.0.0f.tar.gz

2) I moved the file to /opt/local/var/macports/distfiles/openssl/

3) I changed the owner to macports admin

sudo chown macports:admin openssl-1.0.0f.tar.gz

4) run again the install:

sudo port install openssl
--->  Computing dependencies for openssl
--->  Verifying checksum(s) for openssl
--->  Extracting openssl
--->  Applying patches to openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @1.0.0f_0
--->  Activating openssl @1.0.0f_0
--->  Cleaning openssl

Thanks for your help anyway.

[neverpanic (Clemens Lang)]

I have run my mirror-checking script and they all come back fine for me:

** openssl
Found md5 checksum: e358705fb4a8827b5e9224a73f442025
Found sha1 checksum: f087190fc7702f328324aaa89c297cab6e236564
Found rmd160 checksum: 4eb32bc51a86b28f6c0c159e421786d51bf441bd
Found sha256 checksum: faf1eab0ef85fd6c3beca271c356b31b5cc831e2c6b7f23cf672e7ab4680fde1
http://www.openssl.org/source/openssl-1.0.0f.tar.gz
http://distfiles.macports.org/openssl/openssl-1.0.0f.tar.gz
http://aarnet.au.distfiles.macports.org/pub/macports/mpdistfiles/openssl/openssl-1.0.0f.tar.gz
http://her.gr.distfiles.macports.org/mirrors/macports/mpdistfiles/openssl/openssl-1.0.0f.tar.gz
http://jog.id.distfiles.macports.org/macports/mpdistfiles/openssl/openssl-1.0.0f.tar.gz
http://lil.fr.distfiles.macports.org/openssl/openssl-1.0.0f.tar.gz
http://sea.us.distfiles.macports.org/macports/mpdistfiles/openssl/openssl-1.0.0f.tar.gz
http://ykf.ca.distfiles.macports.org/MacPorts/mpdistfiles/openssl/openssl-1.0.0f.tar.gz
http://svn.macports.org/repository/macports/distfiles/openssl/openssl-1.0.0f.tar.gz
	failed

There would be more output, if a checksum mismatch had occured on any of these. So unless the openssl project has a mirror structure behind openssl.org which serves non-identical files, there's nothing wrong here.

Getting a 404 from packages.macports.org is not a bug, btw; it just means there's no pre-built package of this port to download from our buildbot.

On an unrelated side-note, I wonder why port distfiles openssl lists the SVN URL?