[opam-devel] Fwd: [MirageOS-devel] ounit dependency failing for mirage-xen package
Sylvain Le Gall
gildor478 at gmail.com
Tue Mar 29 07:04:43 BST 2016
I have checked the file on the server and they haven't been altered (you
can check by yourself, most of the time I add a .asc file to sign the
Although, given that the warning about suspicious file is in Chrome, I
don't see how it ends up into OPAM.
FYI, thanks to Törok investigation and Google Webmaster Tools, we found the
The problem is that gdk_pixbuf_mlsources is considered as a virus (same for
labgladecc2). They actually don't contain any viruses, this is just a false
positive on OCaml compiled bytecode program.
Le lun. 28 mars 2016 à 16:12, Gabriel Scherer <gabriel.scherer at gmail.com> a
> There was news from malicious uploads on the forge from Sylvain yesterday:
> On Mon, Mar 28, 2016 at 3:46 PM, Anil Madhavapeddy <anil at recoil.org>
>> Does anyone have time to check the forge distfiles to see if they've been
>> altered maliciously?
>> I see this in some builds:
>> - 2e0a24648c55005978d4923eb4925b28 [expected result]
>> - 0f4f7cf8741d98cb419e45cc69962600 [actual result]
>> This may be fixed by running `opam update`.
>> and the below spyware warning is very concerning indeed.
>> > Begin forwarded message:
>> > From: Aaron Cornelius <aaron.cornelius at dornerworks.com>
>> > Subject: Re: [MirageOS-devel] ounit dependency failing for mirage-xen
>> > Date: 28 March 2016 at 14:08:11 BST
>> > To: <talex5 at gmail.com>
>> > Cc: mirageos-devel at lists.xenproject.org
>> > On 3/26/2016 7:05 AM, Thomas Leonard wrote:
>> >> On 23 March 2016 at 16:25, Aaron Cornelius
>> >> <aaron.cornelius at dornerworks.com> wrote:
>> >>> I am setting up a new cubieboard today with mirage, but when
>> attempting to
>> >>> install the necessary opam packages I get the following md5sum error
>> on the
>> >>> downloaded package:
>> >>> [ERROR] Bad checksum for
>> >>> /home/mirage/.opam/packages.dev/ounit.2.0.0/ounit-2.0.0.tar.gz:
>> >>> - 2e0a24648c55005978d4923eb4925b28 [expected result]
>> >>> - db53f6fe7559ddf572f672cbe2983f13 [actual result]
>> >>> This may be fixed by running `opam update`.
>> >>> I have tried 4 times and received 4 different md5sums for the
>> downloaded package.
>> >>> Anyone have an idea what might be going on here? I don't remember
>> having this
>> >>> much trouble in the past.
>> >> It works for me. Try downloading the archive manually and checking to
>> >> see what's inside it (I'm guessing some kind of server error message).
>> >> http://forge.ocamlcore.org/frs/download.php/1258/ounit-2.0.0.tar.gz
>> > I discovered the problem, it appears that forge.ocamlcore.org is now
>> on some
>> > sort of spam/virus/spyware list and where I work is blocking access to
>> it. When
>> > I try to download the file directly in chrome I get a google warning as
>> > For the moment I created my own development opam repo and patched the
>> > requirement out of the xen-evtchn/xen-gnt/xenstore packages.
>> > _______________________________________________
>> > MirageOS-devel mailing list
>> > MirageOS-devel at lists.xenproject.org
>> > http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
>> opam-devel mailing list
>> opam-devel at lists.ocaml.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the opam-devel