ports/65464: ports/www/axis - use MASTER_SITE_APACHE

Jason Harris jharris at widomaker.com
Fri May 7 14:28:34 PDT 2004 

On Wed, Apr 21, 2004 at 05:51:09AM -0500, Jacques A. Vidrine wrote:
> On Fri, Apr 16, 2004 at 11:31:02AM -0400, Jason Harris wrote:

> > Also, I see no reason why the distinfo files can't be clearsigned
> > starting immediately.  This will not use another inode per port

> Interesting thoughts.  I do not like `clearsign' format, or separate

> provide some security.  But we are off course from the original
> discussion re: checking PGP sigs of distfiles.

Getting back on course...

On Thu, May 06, 2004 at 02:00:38PM -0500, Jacques A. Vidrine wrote:
> On Thu, May 06, 2004 at 06:41:41AM -0700, Pav Lucistnik wrote:
> > pav         2004/05/06 06:41:41 PDT
> > 
> >   FreeBSD ports repository
> > 
> >   Modified files:
> >     sysutils             Makefile 
> >   Added files:
> >     sysutils/pv          Makefile distinfo pkg-descr 
> >   Log:
> >   Pipe Viewer (pv) is a terminal-based tool for monitoring the
> >   progress of data through a pipeline. It can be inserted into
> >   any normal pipeline between two processes to give a visual
> >   indication of how quickly data is passing through, how long
> >   it has taken, how near to completion it is, and an estimate
> >   of how long it will be until completion.
> >   
> >   Author: Andrew Wood <andrew.wood at ivarch.com>
> >   WWW: http://www.ivarch.com/programs/pv.shtml
> 
> That's really nifty!  I wish I'd have thought to create something like
> that long ago.

This port has a PGP signature, but only on the gzip (v. bzip2)
tarball, and only on two mirrors (but not SourceForge).  It is
interesting because it shows that specifying DISTFILES/EXTRACT_ONLY
explicitly is sometimes necessary to pick up the PGP signatures from
specific MASTER_SITES (as well as to get the signatures onto the
FreeBSD distfile mirrors, esp. for those without the Sergei's patch).

Given that USE_GPG/SIG_FILES is a no-op for those not tracking
Sergei's patch, how do portmgr@ and security-team@ feel about the
patch below?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

cvs server: Diffing .
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/sysutils/pv/Makefile,v
retrieving revision 1.1
diff -u -r1.1 Makefile
--- Makefile	6 May 2004 13:41:40 -0000	1.1
+++ Makefile	7 May 2004 21:18:19 -0000
@@ -9,13 +9,19 @@
 PORTVERSION=	0.8.5
 CATEGORIES=	sysutils
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE} \
-		http://dragon.roe.ch/mirrors/distfiles/pv/
+		http://dragon.roe.ch/mirrors/distfiles/pv/ \
+		http://dragon.roe.ch/mirrors/distfiles/pv/:sig \
+		http://www.ivarch.com/programs/sources/:sig
 MASTER_SITE_SUBDIR=	pipeviewer
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc:sig
+EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	daniel at roe.ch
 COMMENT=	A pipe throughput monitor
 
-USE_BZIP2=	yes
+USE_GPG?=	yes
+SIG_FILES=	${DISTNAME}${EXTRACT_SUFX}.asc
+#USE_BZIP2=	yes
 USE_GMAKE=	yes
 GNU_CONFIGURE=	yes
 MAN1=		pv.1
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/sysutils/pv/distinfo,v
retrieving revision 1.1
diff -u -r1.1 distinfo
--- distinfo	6 May 2004 13:41:40 -0000	1.1
+++ distinfo	7 May 2004 21:18:19 -0000
@@ -1,2 +1,5 @@
 MD5 (pv-0.8.5.tar.bz2) = a6eeadbc2fbd9c23e329f47ff37b8c83
 SIZE (pv-0.8.5.tar.bz2) = 84289
+MD5 (pv-0.8.5.tar.gz) = 48c9d7a64035d9634ecf4e6d4414da02
+SIZE (pv-0.8.5.tar.gz) = 94927
+MD5 (pv-0.8.5.tar.gz.asc) = c233f04e23a30745ff02e013805c42c3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAm/02SypIl9OdoOMRAsl4AJ0QgmVJ3FFsMztQ1QfXF910Yy4dAQCfaWta
IkUXkIhiypi0imD9Zo7I6LA=
=tR0G
-----END PGP SIGNATURE-----

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20040507/96b74e76/attachment.bin

More information about the cvs-all mailing list