FreeBSD 13: How to Solve Python Packages Mismatched Checksums With pycache Files in Daily Security Run Output

Tuesday, April 18 2023

I’ve come across this issue on several machines. My daily security run emails are littered with entries like the following:

py39-setuptools-63.1.0: /usr/local/lib/python3.9/site-packages/pkg_resources/_vendor/importlib_resources/__pycache__/_common.cpython-39.opt-1.pyc  
py39-setuptools-63.1.0: /usr/local/lib/python3.9/site-packages/pkg_resources/_vendor/importlib_resources/__pycache__/_common.cpython-39.pyc  
py39-setuptools-63.1.0: /usr/local/lib/python3.9/site-packages/pkg_resources/_vendor/importlib_resources/__pycache__/_compat.cpython-39.opt-1.pyc  
py39-setuptools-63.1.0: /usr/local/lib/python3.9/site-packages/pkg_resources/_vendor/importlib_resources/__pycache__/_compat.cpython-39.pyc

According to the FreeBSD forum, this is caused by a commit in the ports tree that was reverted.

https://forums.FreeBSD.org/threads/py39-packages-with-mismatched-checksums.88245/post-600841

The generally recommended solution of reinstalling all affected packages did not work for me. What did work:

# Process all packages, detect installed packages with invalid checksums
pkg check -as

# Recalculate and set the checksums of installed packages
pkg check -r

You can verify that it worked by running the invalid checksum detection again:

pkg check -as

I guess this is yet another argument for staying with quarterly packages.