Re: Issues with security/step-cli

Reply: Michael Gmelin : "Re: Issues with security/step-cli"
In reply to: Michael Gmelin : "Re: Issues with security/step-cli"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Markus Wipp <mw_at_wipp.bayern>
Date: Tue, 03 Aug 2021 12:53:07 UTC

> On 3. Aug 2021, at 14:34, Michael Gmelin <freebsd@grem.de> wrote:
> 
> 
> 
> On Tue, 3 Aug 2021 13:41:42 +0200
> Markus Wipp <mw@wipp.bayern> wrote:
> 
>> Sure. I attached you the diff.
>> 
>> 
>>> On 3. Aug 2021, at 13:35, Michael Gmelin <freebsd@grem.de> wrote:
>>> 
>>> 
>>> 
>>>> On 3. Aug 2021, at 13:29, Markus Wipp <mw@wipp.bayern> wrote:
>>>> 
>>>> Hi all, 
>>>> 
>>>> I’m the maintainer of the security/step-cli port and I’m currently
>>>> facing some issues, I seem to be unable to fix.
>>>> 
>>>> I currently try to create the patch for the latest version 0.16.1
>>>> 
>>>> I did the following:
>>>> 
>>>> 1) I removed all files in /usr/ports/distfiles
>>>> 2) I did a make clean makesum stage (which ran fine)
>>>> 3) I did a make clean package (which always runs into the
>>>> following error: => Attempting to fetch
>>>> https://codeload.github.com/etcd-io/etcd/tar.gz/v3.5.0?dummy=/etcd-io-etcd-v3.5.0_GH0.tar.gz
>>>> fetch: 4020010: No such file or directory fetch: 4020010: No such
>>>> file or directory fetch: 4020010: No such file or directory
>>>> fetch: 4020010: No such file or directory
>>>> fetch: 4020010: No such file or directory
>>>> fetch: 4020010: No such file or directory
>>>> fetch: 4020010: No such file or directory
>>>> fetch: 4020010: No such file or directory
>>>> fetch: 4020010: No such file or directory
>>>> fetch:
>>>> https://codeload.github.com/etcd-io/etcd/tar.gz/v3.5.0?dummy=/etcd-io-etcd-v3.5.0_GH0.tar.gz:
>>>> size unknown fetch:
>>>> https://codeload.github.com/etcd-io/etcd/tar.gz/v3.5.0?dummy=/etcd-io-etcd-v3.5.0_GH0.tar.gz:
>>>> size of remote file is not known etcd-io-etcd-v3.5.0_GH0.tar.gz
>>>>                    3925 kB   10 MBps    00s => Attempting to
>>>> fetch
>>>> http://distcache.FreeBSD.org/ports-distfiles/etcd-io-etcd-v3.5.0_GH0.tar.gz
>>>> fetch: 4020010: No such file or directory fetch: 4020010: No such
>>>> file or directory fetch: 4020010: No such file or directory fetch:
>>>> 4020010: No such file or directory fetch: 4020010: No such file or
>>>> directory fetch: 4020010: No such file or directory fetch:
>>>> 4020010: No such file or directory fetch: 4020010: No such file or
>>>> directory fetch: 4020010: No such file or directory fetch:
>>>> http://distcache.FreeBSD.org/ports-distfiles/etcd-io-etcd-v3.5.0_GH0.tar.gz:
>>>> Not Found => Couldn't fetch it - please try to retrieve this =>
>>>> port manually into /usr/ports/distfiles/ and try again. *** Error
>>>> code 1
>>>> 
>>>> Is there anything I did wrong? Anything I can do to fix this issue?
>>>> 
>>> 
>>> Unless someone else knows what’s wrong anyway: Could you share your
>>> port skeleton? (at least the files that changed or the output of
>>> `git diff’)
>>> 
>>> 
>>>> Thanks in advance
>>>> Markus  
>> 
> 
> distinfo contains the entry for etcd-io-etcd-v3.5.0_GH0.tar.gz multiple
> times (due to it being listed multiple times in GH_TUPLE).
> 
> It seems to build okay when getting rid of the duplicates in distinfo.
> I don't know if what you're doing is officially supported, but if it
> is, we should probably adapt tooling. Also, portlint didn't
> complain and `make makesum' re-creates the duplicates.
> 
> @portmgr Please find attached an example of a patch that dedups distinfo
> on `make makesum', it might more sense to fix this somewhere else in
> the framework (so that e.g., checksums aren't validated multiple times
> etc.), up to you.

Ok, then this is one more thing I should take care of! I did not add it multiple times on purpose.
The GH_TUPLE was just built with go mod vendor and modules2tuple.
Could it be that there the duplicates need to be fixed?


> 
> Cheers,
> Michael
> 
> -- 
> Michael Gmelin
> <makesum_dedup.diff>