trufflehog checksum fail

[Frank Cusack]

excuse the long copy paste at the end, but this way you can see exactly
what happened.

`sudo port install trufflehog` failed with source checksum failures. i
don't know if the checksums were actually bad or if this is an anomaly when
fetching the non-latest version. it does mean that i can never install that
version of trufflehog, which is sad.

anyway i got a hint to update first, so than after `selfupdate` (only! no
port upgrades!) and another `sudo port install trufflehog` it worked.

BUT it updated my golang!! this reminds me of brew. :( :~(

I guess trufflehog is built from source? and it is hard coded to require
go-1.20.7? ok, fine but you shouldn't be updating my runtime (vs buildtime)
packages at least not without the Y/n prompt like on other implicit
upgrades.

I then discovered I merely had to activate the older version. OK, but the
install/build process should have done this at the end, since I didn't
request that upgrade.

1. did the failed version (3.45.3) of trufflehog actually have some error
with checksum? or is this a macports anomaly.
2. do you agree macports has a bug re: forced, non-prompted, build deps
upgrades?

thanks

[frank at mbp:~]$ sudo port install trufflehog
Password:
--->  Computing dependencies for trufflehog
--->  Fetching archive for trufflehog
--->  Attempting to fetch trufflehog-3.45.3_0.darwin_22.x86_64.tbz2 from
https://packages.macports.org/trufflehog
--->  Attempting to fetch trufflehog-3.45.3_0.darwin_22.x86_64.tbz2 from
http://mirror.fcix.net/macports/packages/trufflehog
--->  Attempting to fetch trufflehog-3.45.3_0.darwin_22.x86_64.tbz2 from
https://ywg.ca.packages.macports.org/mirror/macports/packages/trufflehog
--->  Fetching distfiles for trufflehog
--->  Attempting to fetch trufflehog-3.45.3.tar.gz from
https://distfiles.macports.org/go
--->  Attempting to fetch trufflehog-3.45.3.tar.gz from
https://github.com/trufflesecurity/trufflehog/archive/v3.45.3
--->  Verifying checksums for trufflehog
Error: Checksum (rmd160) mismatch for trufflehog-3.45.3.tar.gz
Error: Checksum (sha256) mismatch for trufflehog-3.45.3.tar.gz
Error: Checksum (size) mismatch for trufflehog-3.45.3.tar.gz
Error: Failed to checksum trufflehog: Unable to verify file checksums
Error: See
/opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_security_trufflehog/trufflehog/main.log
for details.
Error: Follow https://guide.macports.org/#project.tickets if you believe
there is a bug.
Error: Processing of port trufflehog failed
[frank at mbp:~]$ sudo port selfupdate
--->  Updating MacPorts base sources using rsync
MacPorts base version 2.8.1 installed,
MacPorts base version 2.8.1 downloaded.
--->  Updating the ports tree
--->  MacPorts base is already the latest version

The ports tree has been updated. To upgrade your installed ports, you
should run
  port upgrade outdated
[frank at mbp:~]$ sudo port install trufflehog
Portfile changed since last build; discarding previous state.
--->  Fetching archive for go
--->  Attempting to fetch go-1.20.7_0.darwin_22.x86_64.tbz2 from
https://packages.macports.org/go
--->  Attempting to fetch go-1.20.7_0.darwin_22.x86_64.tbz2 from
http://mirror.fcix.net/macports/packages/go
--->  Attempting to fetch go-1.20.7_0.darwin_22.x86_64.tbz2 from
https://ywg.ca.packages.macports.org/mirror/macports/packages/go
--->  Fetching distfiles for go
--->  Attempting to fetch go1.20.7.src.tar.gz from
https://distfiles.macports.org/go
--->  Attempting to fetch go1.20.7.darwin-amd64.tar.gz from
https://distfiles.macports.org/go
--->  Verifying checksums for go
--->  Extracting go
--->  Configuring go
--->  Building go
--->  Staging go into destroot
--->  Installing go @1.20.7_0
--->  Cleaning go
--->  Deactivating go @1.20.6_0
--->  Cleaning go
--->  Activating go @1.20.7_0
--->  Cleaning go
--->  Computing dependencies for trufflehog
--->  Fetching archive for trufflehog
--->  Attempting to fetch trufflehog-3.46.2_0.darwin_22.x86_64.tbz2 from
https://packages.macports.org/trufflehog
--->  Attempting to fetch trufflehog-3.46.2_0.darwin_22.x86_64.tbz2 from
http://mirror.fcix.net/macports/packages/trufflehog
--->  Attempting to fetch trufflehog-3.46.2_0.darwin_22.x86_64.tbz2 from
https://ywg.ca.packages.macports.org/mirror/macports/packages/trufflehog
--->  Fetching distfiles for trufflehog
--->  Attempting to fetch trufflehog-3.46.2.tar.gz from
https://distfiles.macports.org/go
--->  Verifying checksums for trufflehog
--->  Extracting trufflehog
--->  Configuring trufflehog
--->  Building trufflehog
--->  Staging trufflehog into destroot
--->  Installing trufflehog @3.46.2_0
--->  Activating trufflehog @3.46.2_0
--->  Cleaning trufflehog
--->  Scanning binaries for linking errors
--->  No broken files found.
--->  No broken ports found.
[frank at mbp:~]$ go version
go version go1.20.7 darwin/amd64
[frank at mbp:~]$ sudo port activate go @1.20.6_0
--->  Deactivating go @1.20.7_0
--->  Cleaning go
--->  Activating go @1.20.6_0
--->  Cleaning go
[frank at mbp:~]$
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20230801/1e92e017/attachment.htm>