====== pkg: checksum mismatch ======

Occasionally an error will crop up regarding a checksum mismatch for installed packages. You might see something like the following in your daily security email.

<code>
Checking for packages with mismatched checksums:
py39-certifi-2022.12.7: /usr/local/lib/python3.9/site-packages/certifi/__pycache__/__main__.cpython-39.pyc
py39-certifi-2022.12.7: /usr/local/lib/python3.9/site-packages/certifi/__pycache__/core.cpython-39.opt-1.pyc
py39-certifi-2022.12.7: /usr/local/lib/python3.9/site-packages/certifi/__pycache__/core.cpython-39.pyc
py39-cffi-1.15.1: /usr/local/lib/python3.9/site-packages/cffi/__pycache__/__init__.cpython-39.opt-1.pyc
py39-cffi-1.15.1: /usr/local/lib/python3.9/site-packages/cffi/__pycache__/__init__.cpython-39.pyc
:
</code>

<alert type="warning">
Verify that it is not a real security issue.
</alert>

This sometimes happens when a package is reverted. If it's not a real security issue, and you don't want to just ignore it, you will want to correct it.

<code>
# check for mismatched checksum
pkg check -sa

# if there were any, the following will recalculate the checksums
# MAKE SURE THERE ISN'T A REAL SECURITY ISSUE FIRST
pkg check -r

# you can check again to be sure
pkg check -sa
</code>

Thanks to felix on the [[https://forums.freebsd.org/threads/py39-packages-with-mismatched-checksums.88245/|FreeBSD forums]].

Note that you may be able to force a reinstall of the problematic package as well which should fix the issue. The above is faster if there are a lot of packages involved.