From owner-freebsd-current@FreeBSD.ORG Mon Mar 23 16:49:29 2015 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0DE884AF for ; Mon, 23 Mar 2015 16:49:29 +0000 (UTC) Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7FB7C953 for ; Mon, 23 Mar 2015 16:49:28 +0000 (UTC) Received: by labto5 with SMTP id to5so31340011lab.0 for ; Mon, 23 Mar 2015 09:49:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=Kr9Z2gnt1VTcmOvQ6K6uNcvG08Z3Wd+uaXmx1KExOyc=; b=KDJjcA2IXs1lOmpiGtYohdCKCU5Bs+h8k3HkKCX9wQjnbdnjuAt7N/4pcFsLACZc/W x2LN+MPJ/NvRrux2u4+IgfnhtZQUTDnexJatwqcnd7Rx3GWePpaii5lH3OnJY/Vmp2an pf69ptzBMGWp7BoCoUtPs4Fp8Ohr2D27bED+iA9aHwfC1sr12yuXGpUrkl24qjf72ylQ KCBsnq0DoXdypGeryOeE4ZQqwZ6gRC1bpzuuS28aJlPWEw4a6LqrZbo0NIt5isxyEF2M xpxYHWH+4IOa692rkGtuU/7WCJCDOj7imwe4Uz1AtqYMHh8bmu9j3YF/MH4PcquuglKJ Oe5g== X-Received: by 10.112.26.209 with SMTP id n17mr68894lbg.84.1427129366635; Mon, 23 Mar 2015 09:49:26 -0700 (PDT) Received: from laptop.minsk.domain ([37.215.165.64]) by mx.google.com with ESMTPSA id k13sm285094laa.28.2015.03.23.09.49.24 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Mar 2015 09:49:25 -0700 (PDT) Date: Mon, 23 Mar 2015 19:47:57 +0300 From: "Sergey V. Dyatko" To: freebsd-current@freebsd.org Subject: Re: bsdinstall and current (possible stable) snapshots Message-ID: <20150323194757.285b3647@laptop.minsk.domain> In-Reply-To: <55103C3D.9050009@freebsd.org> References: <20150323084738.70f7db7b@laptop.minsk.domain> <5762F1B8-771F-469C-9B93-AB6477C1C90D@FreeBSD.org> <55103C3D.9050009@freebsd.org> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 16:49:29 -0000 On Mon, 23 Mar 2015 09:15:57 -0700 Nathan Whitehorn wrote:=20 >=20 > On 03/23/15 09:06, Devin Teske wrote: > >> On Mar 22, 2015, at 10:47 PM, Sergey V. Dyatko > >> wrote: > >> > >> Hi Devin, > >> > >> Recently I'm trying to install FreeBSD CURRENT from bootonly image > >> ( FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso) > >> on IBM HS22 blade via bladecenter's kvm but I faced with problem on > >> checksum stage, bootonly doesn't contain base, kernel,etc distributions > >> but it contain manifest file. > >> On mirrors we have pub/FreeBSD/snapshots/${ARCH}/11.0-CURRENT/*txz and > >> MANIFEST, sha256 sums from _local_ manifest doesn't match sha256 sums = for > >> fetched files. I suppose it will be fine with RELEASE bootonly iso but= not > >> with stable/current. > >> there is 2 ways how we can handle it: > >> 1) download remote MANIFEST if spotted checksum mismatch and trying to= use > >> it 2) allow user to continue installation with 'broken' distributions > >> > >> I had to first put 10.1 then update it to HEAD :( > >> > >> What do you think ? > > When I get some time I=E2=80=99ll have a look and see what I can do. > > =E2=80=94 > > Cheers, > > Devin > > > > >=20 > Using the local manifest is a security feature -- there is otherwise=20 > zero protection against a man-in-the-middle attack. Ideally, you'd use=20 > the ISO that matches the posted files. There are three options here: > 1. Add a dialog that lets you move ahead in the event of checksum=20 > failure, which makes me very nervous. > 2. Use the boot1 disk. > 2a. For release engineering: if the posted tarballs change too fast, the= =20 > bootonly disk isn't actually useful for -CURRENT and should probably be=20 > removed from the FTP server. I don't think so. I use only bootonly ISOs when I (rare) setup new fbsd instances, disk1 contain to much useless (for me) things. I haven't fast internet (in 2015, yes) so download data1 image is a pain.=20 What about STABLE images/tarballs ? If I understand correctly it is also uploaded too fast... > 3. You could reroll the ISO (just untar and run makefs again),=20 > commenting out line 180 of /usr/libexec/bsdinstall/scripts/auto. > -Nathan sure I can.=20 Idea with a dialog is a good idea, IMO :) -- wbr, tiger