Date: Thu, 29 Jul 2010 00:18:01 +0200 From: Dominic Fandrey <kamikaze@bsdforen.de> To: "Andrew W. Nosenko" <andrew.w.nosenko@gmail.com> Cc: Marcin Wisnicki <mwisnicki+freebsd@gmail.com>, freebsd-ports@freebsd.org Subject: Re: Strange contents on some ftp mirrors Message-ID: <4C50AC99.70904@bsdforen.de> In-Reply-To: <AANLkTi=B_OuknGL2p9mW9QWNQL3ExXX_vDKgj7CyWFoJ@mail.gmail.com> References: <i2na4v$f3c$1@dough.gmane.org> <4c4fac09.Kkzz6V/G5TxaiQAZ%perryh@pluto.rain.com> <i2pahu$dri$1@dough.gmane.org> <4C504F25.8050607@bsdforen.de> <AANLkTi=B_OuknGL2p9mW9QWNQL3ExXX_vDKgj7CyWFoJ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28/07/2010 23:24, Andrew W. Nosenko wrote: > On Wed, Jul 28, 2010 at 18:39, Dominic Fandrey <kamikaze@bsdforen.de> wrote: >> On 28/07/2010 15:15, Marcin Wisnicki wrote: >>> On Tue, 27 Jul 2010 21:03:21 -0700, perryh wrote: >>> >>>> Marcin Wisnicki <mwisnicki+freebsd@gmail.com> wrote: >>>>> At this very moment, french package mirror has INDEX newer than in >>>>> other mirrors: >>>>> >>>> ... >>>>> >>>>> yet it does not have those packages. >>>>> >>>>> How could something like this happen ? >>>> >>>> By being examined while a resync was in process: evidently the new INDEX >>>> file had been transferred but that package file (and likely others) were >>>> still in transit or perhaps not even started yet. Mirroring is not an >>>> instantaneous process. >>> >>> Yeah that was it, but it is really, really bad. >>> Mirroring must be atomic (mirror to temporary directory then rename). >>> Otherwise there is a large window of time every couple of days when upgrading >>> packages will at best fail or leave you with broken system. >>> I did binary upgrade with pkg_upgrade yesterday and half of my system was linked >>> against wrong libintl version :( >> >> The next version of pkg_upgrade will check every downloaded package >> against the master server after completing the download. > > Excuse me? The ports check downloaded source tarball against SHA > checksum. Just for nay case like downloading error or malicious > inject. Did you try to say that binary package have no such > safeguard? Exactly. The INDEX does not contain such information. The thing is to do that, the pointyhat INDEX format would have to differ from the ports INDEX format. A possiblity of course, but also a source of trouble if the INDEX format of the ports should ever change, something I desire: http://www.freebsd.org/cgi/query-pr.cgi?pr=148783 Another solution would be to add an empty column that pointyhat can fill in. -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C50AC99.70904>