port www/youtube_dl
Waitman Gobble
uzimac at da3m0n8t3r.com
Tue Feb 11 08:45:03 UTC 2014
On Tue, February 11, 2014 12:07 am, Matthias Apitz wrote:
>
> Hello,
>
>
> The port www/youtube_dl installs as a binary the Youtube downloader in
>
>
> # file /usr/local/bin/youtube-dl
> /usr/local/bin/youtube-dl: data
>
>
> The executeable tends to fail due to changes the provider Youtube does
> in its web page and users tend to update the software theirself by the
> option --update; this connects via HTTPS to:
>
> 07:36:12.668370 IP 10.32.233.251.31097 >
> frnk.radius.uk.mediaways.net.domain: 63308+ A? rg3.github.io. (31)
> 07:36:13.214619 IP frnk.radius.uk.mediaways.net.domain >
> 10.32.233.251.31097: 63308 2/0/0 CNAME github.map.fastly.net., A
> 185.31.16.133 (82)
> 07:36:13.215016 IP 10.32.233.251.33006 >
> frnk.radius.uk.mediaways.net.domain: 63309+ AAAA? rg3.github.io. (31)
> 07:36:13.348108 IP 10.32.233.251.57784 >
> frnk.radius.uk.mediaways.net.domain: 35986+ PTR?
> 251.233.32.10.in-addr.arpa. (44)
> 07:36:13.514879 IP frnk.radius.uk.mediaways.net.domain >
> 10.32.233.251.33006: 63309 1/1/0 CNAME github.map.fastly.net. (138)
> 07:36:13.515729 IP 10.32.233.251.14874 > 185.31.16.133.http: Flags [S],
> seq 3997719834, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val
> 441155 ecr 0], length 0
> ...
>
>
> and downloads a new binary version to /usr/local/bin/youtube-dl which must
> be done in addition as root (or root must change the owner of the file
> before).
>
> This is highly concerning due to 'phoning home' and installing whatever
> (mal-) software or due to DNS redirects to some malware side.
>
>
> The Linux friends patch the source to disable the --update option; see
> https://bugs.launchpad.net/ubuntu/+source/youtube-dl/+bug/1063469
>
>
> Shouldn't we do the same?
>
>
> Thx
>
>
> matthias --
> Matthias Apitz | /"\ ASCII Ribbon Campaign:
> www.asciiribbon.org E-mail: guru at unixarea.de | \ / - No HTML/RTF in
> E-mail
> WWW: http://www.unixarea.de/ | X - No proprietary attachments
> phone: +49-170-4527211 | / \ - Respect for open standards
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>
>
Hi,
It's a nice useful tool but it *does* feel awfully kinda creepy.
Note that the src download has the binary pre-built.. and check out gmake
clean:
[2357] > gmake clean
rm -rf youtube-dl.1 youtube-dl.bash-completion README.txt MANIFEST build/
dist/ .coverage cover/ youtube-dl.tar.gz
[2358] > gmake youtube-dl
gmake: `youtube-dl' is up to date.
hmmm. wait it's still there.
[2360] > ls -lh
total 428
-rw-r--r-- 1 root wheel 619B Jan 26 18:06 CHANGELOG
-rw-r--r-- 1 root wheel 1.2K Jan 26 18:06 LICENSE
-rw-r--r-- 1 root wheel 112B Jan 26 18:06 MANIFEST.in
-rw-r--r-- 1 root wheel 2.4K Jan 26 18:06 Makefile
-rw-r--r-- 1 root wheel 29K Feb 9 17:01 README.md
drwxr-xr-x 2 root wheel 512B Jan 26 18:06 bin
drwxr-xr-x 4 root wheel 512B Jan 26 18:06 devscripts
-rw-r--r-- 1 root wheel 3.0K Jan 26 21:21 setup.py
drwxr-xr-x 2 root wheel 512B Feb 6 13:42 test
-rwxr-xr-x 1 root waitman 360K Feb 11 00:36 youtube-dl
drwxr-xr-x 5 root wheel 512B Feb 11 00:37 youtube_dl
[2361] > rm youtube-dl
[2362] > rm youtube_dl/update.py
[2363] > gmake youtube-dl
zip --quiet youtube-dl youtube_dl/*.py youtube_dl/*/*.py
zip --quiet --junk-paths youtube-dl youtube_dl/__main__.py
echo '#!/usr/bin/env python' > youtube-dl
cat youtube-dl.zip >> youtube-dl
rm youtube-dl.zip
chmod a+x youtube-dl
[2364] > ./youtube-dl --update
Traceback (most recent call last):
File "/usr/local/lib/python2.7/runpy.py", line 162, in _run_module_as_main
"__main__", fname, loader, pkg_name)
File "/usr/local/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "./youtube-dl/__main__.py", line 15, in <module>
File "./youtube-dl/youtube_dl/__init__.py", line 74, in <module>
ImportError: No module named update
'gmake clean' doesn't get rid of the binary. what's up with that? deleting
update.py removes the update option.
--
Waitman Gobble
San Jose California USA
+1.510-830-7975
More information about the freebsd-ports
mailing list