distfiles / md5 / plain-text via FTP proxy
Kris Kennaway
kris at obsecurity.org
Wed Sep 28 07:03:32 PDT 2005
On Wed, Sep 28, 2005 at 02:45:24PM +0200, Raphael H. Becker wrote:
> On Wed, Sep 28, 2005 at 02:25:37PM +0200, Raphael H. Becker wrote:
> > Disadvantage would be a lack of security (same like WITHOUT_CHECKSUM on
> > distfiles). But if you have the choice ...
> [...]
> > Instead of downloading a new distfile the port might trigger a CVS
> > checkout to a predefined tag or date. Virtually the sources should be
> > the same every time (but not bit-identical like a tarball).
>
> Apropos "md5-secured" distfiles:
>
> If you use a proxy (e.g.squid) for ftp, it might use FTP-ASCII for
> transfer, not BINARY, which might result in a inband conversation from
> CRLF to LF in FTP for ASCII-files (.txt, .c, ... )
>
> Some ports with distfile patches as textfiles or plain c-Sources
> (GhostScript, squid(?), ... ) complain about bad md5-sums.
>
> Deleting this files and refetching without proxy
> (ftp_proxy="" portupgrade -rF foo/bar) is a manual workaround for this.
>
> In some environments you don't have ftp without a (squid)proxy.
>
> Any idea or better workaround?
I'd like to know one too. This is arguably a bug in squid, since it
should not be rewriting content without me telling it to.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20050928/7ebb8de3/attachment.bin
More information about the freebsd-ports
mailing list