[7.0] Openldap client

Konrad Heuer kheuer2 at gwdg.de
Sat Apr 12 17:24:45 UTC 2008 

On Fri, 11 Apr 2008, Paul Schmehl wrote:

> --On Friday, April 11, 2008 16:03:24 +0200 Konrad Heuer <kheuer2 at gwdg.de> 
> wrote:
>
>> 
>> On Fri, 11 Apr 2008, karim.bourenane at orange-ftgroup.com wrote:
>> 
>>> I'm unbale to install nss_ldap from padl. I've error :
>>> => nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
>>> => Attempting to fetch from http://www.padl.com/download/.
>>> fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch:
>>> expected 229242, actual       229299
>>> 
>>> Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ?
>> 
>> I do not know why /usr/ports/net/nss_ldap/distinfo contains a different 
>> file
>> size (and probably inappropriate checksums), but you can just edit
>> /usr/ports/net/nss_ldap/distinfo and put in what you find (start with size
>> only, later by using md5 and sha256 utilities in /sbin to calculate 
>> checksums
>> after the file has been fetched /usr/ports/distfiles).
>
> The answer to that is obvious.  The size and checksums are different because 
> the *file* is different.  That means that the file he's trying to download 
> hasn't been vetted by the maintainer to ensure that it's not compromised.
>
> The way to solve this problem is (in the order you should do them)
> 1) Update your ports to see if the maintainer has corrected the problem
> 2) Download the source code and compare it with the md5sum of the vendor to 
> ensure that it's not compromised.  If the checksum matches, go into the port 
> directory and run "make makesum" to update the distinfo file.  (No need to 
> reinvent the wheel.)
> 3) Use DISABLE_VULNERABILITIES to foolishly install the software without 
> first verifying that it hasn't been compromised.
>
> I'm thinking option one is probably best:
>
> # make
> => nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
> => Attempting to fetch from http://www.padl.com/download/.
> nss_ldap-257.tar.gz                           100% of  223 kB   36 kBps
> ===>  Extracting for nss_ldap-1.257
> => MD5 Checksum OK for nss_ldap-257.tar.gz.
> => SHA256 Checksum OK for nss_ldap-257.tar.gz.
>
> -- 
> Paul Schmehl (pauls at utdallas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/

1. I use FreeBSD for more than 10 years now and know that sometimes ports
    are not updated as soon as I need them, especially if you need to fix
    a security problem quickly. Thus sometimes I need to do what I wrote.

2. I mentioned the problem of security. You did not quote this part of
    my mail in your reply and this is not correct!

Konrad Heuer
GWDG, Am Fassberg, 37077 Goettingen, Germany, kheuer2 at gwdg.de

More information about the freebsd-questions mailing list