distfiles / md5 / plain-text via FTP proxy

Kris Kennaway kris at obsecurity.org
Wed Sep 28 07:03:32 PDT 2005

On Wed, Sep 28, 2005 at 02:45:24PM +0200, Raphael H. Becker wrote:
> On Wed, Sep 28, 2005 at 02:25:37PM +0200, Raphael H. Becker wrote:
> > Disadvantage would be a lack of security (same like WITHOUT_CHECKSUM on
> > distfiles). But if you have the choice ... 
> [...]
> > Instead of downloading a new distfile the port might trigger a CVS 
> > checkout to a predefined tag or date. Virtually the sources should be 
> > the same every time (but not bit-identical like a tarball).
> Apropos "md5-secured" distfiles:
> If you use a proxy (e.g.squid) for ftp, it might use FTP-ASCII for
> transfer, not BINARY, which might result in a inband conversation from
> CRLF to LF in FTP for ASCII-files (.txt, .c, ... )
> Some ports with distfile patches as textfiles or plain c-Sources 
> (GhostScript, squid(?), ... ) complain about bad md5-sums.
> Deleting this files and refetching without proxy 
> (ftp_proxy="" portupgrade -rF foo/bar) is a manual workaround for this.
> In some environments you don't have ftp without a (squid)proxy.
> Any idea or better workaround?

I'd like to know one too.  This is arguably a bug in squid, since it
should not be rewriting content without me telling it to.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20050928/7ebb8de3/attachment.bin

More information about the freebsd-ports mailing list