From owner-freebsd-ports@FreeBSD.ORG Wed Sep 28 14:03:32 2005 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F61616A41F for ; Wed, 28 Sep 2005 14:03:32 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id BED4643D49 for ; Wed, 28 Sep 2005 14:03:31 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [70.30.70.180]) by elvis.mu.org (Postfix) with ESMTP id 962BA1A3C1B; Wed, 28 Sep 2005 07:03:31 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C466E53D8A; Wed, 28 Sep 2005 10:03:28 -0400 (EDT) Date: Wed, 28 Sep 2005 10:03:28 -0400 From: Kris Kennaway To: "Raphael H. Becker" Message-ID: <20050928140328.GB99553@xor.obsecurity.org> References: <20050928002013.11564.qmail@exxodus.fedaykin.here> <20050928053534.GB15395@local.net> <20050928100141.57485.qmail@exxodus.fedaykin.here> <20050928142537.O33058@p-i-n.com> <20050928144524.P33058@p-i-n.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qlTNgmc+xy1dBmNv" Content-Disposition: inline In-Reply-To: <20050928144524.P33058@p-i-n.com> User-Agent: Mutt/1.4.2.1i Cc: ports@freebsd.org Subject: Re: distfiles / md5 / plain-text via FTP proxy X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2005 14:03:32 -0000 --qlTNgmc+xy1dBmNv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 28, 2005 at 02:45:24PM +0200, Raphael H. Becker wrote: > On Wed, Sep 28, 2005 at 02:25:37PM +0200, Raphael H. Becker wrote: > > Disadvantage would be a lack of security (same like WITHOUT_CHECKSUM on > > distfiles). But if you have the choice ...=20 > [...] > > Instead of downloading a new distfile the port might trigger a CVS=20 > > checkout to a predefined tag or date. Virtually the sources should be= =20 > > the same every time (but not bit-identical like a tarball). >=20 > Apropos "md5-secured" distfiles: >=20 > If you use a proxy (e.g.squid) for ftp, it might use FTP-ASCII for > transfer, not BINARY, which might result in a inband conversation from > CRLF to LF in FTP for ASCII-files (.txt, .c, ... ) >=20 > Some ports with distfile patches as textfiles or plain c-Sources=20 > (GhostScript, squid(?), ... ) complain about bad md5-sums. >=20 > Deleting this files and refetching without proxy=20 > (ftp_proxy=3D"" portupgrade -rF foo/bar) is a manual workaround for this. >=20 > In some environments you don't have ftp without a (squid)proxy. >=20 > Any idea or better workaround? I'd like to know one too. This is arguably a bug in squid, since it should not be rewriting content without me telling it to. Kris --qlTNgmc+xy1dBmNv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDOqKvWry0BWjoQKURAuHNAKDs/NJBgDJkH9hx8bSsmrRuwDu9RwCgvQ3Y xqloZbF/aWDHpHQZxMyCoas= =s7JH -----END PGP SIGNATURE----- --qlTNgmc+xy1dBmNv--