port www/youtube_dl

Waitman Gobble uzimac at da3m0n8t3r.com
Tue Feb 11 08:45:03 UTC 2014 

On Tue, February 11, 2014 12:07 am, Matthias Apitz wrote:
>

> Hello,
>
>
> The port www/youtube_dl installs as a binary the Youtube downloader in
>
>
> # file /usr/local/bin/youtube-dl
> /usr/local/bin/youtube-dl: data
>
>
> The executeable tends to fail due to changes the provider Youtube does
> in its web page and users tend to update the software theirself by the
> option --update; this connects via HTTPS to:
>
> 07:36:12.668370 IP 10.32.233.251.31097 >
> frnk.radius.uk.mediaways.net.domain: 63308+ A? rg3.github.io. (31)
> 07:36:13.214619 IP frnk.radius.uk.mediaways.net.domain >
> 10.32.233.251.31097: 63308 2/0/0 CNAME github.map.fastly.net., A
> 185.31.16.133 (82)
> 07:36:13.215016 IP 10.32.233.251.33006 >
> frnk.radius.uk.mediaways.net.domain: 63309+ AAAA? rg3.github.io. (31)
> 07:36:13.348108 IP 10.32.233.251.57784 >
> frnk.radius.uk.mediaways.net.domain: 35986+ PTR?
> 251.233.32.10.in-addr.arpa. (44)
> 07:36:13.514879 IP frnk.radius.uk.mediaways.net.domain >
> 10.32.233.251.33006: 63309 1/1/0 CNAME github.map.fastly.net. (138)
> 07:36:13.515729 IP 10.32.233.251.14874 > 185.31.16.133.http: Flags [S],
> seq 3997719834, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val
> 441155 ecr 0], length 0
> ...
>
>
> and downloads a new binary version to /usr/local/bin/youtube-dl which must
> be done in addition as root (or root must change the owner of the file
> before).
>
> This is highly concerning due to 'phoning home' and installing whatever
> (mal-) software or due to DNS redirects to some malware side.
>
>
> The Linux friends patch the source to disable the --update option; see
> https://bugs.launchpad.net/ubuntu/+source/youtube-dl/+bug/1063469
>
>
> Shouldn't we do the same?
>
>
> Thx
>
>
> matthias --
> Matthias Apitz               |  /"\ ASCII Ribbon Campaign:
> www.asciiribbon.org E-mail: guru at unixarea.de     |  \ / - No HTML/RTF in
> E-mail
> WWW: http://www.unixarea.de/ |   X  - No proprietary attachments
> phone: +49-170-4527211       |  / \ - Respect for open standards
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>
>

Hi,

It's a nice useful tool but it *does* feel awfully kinda creepy.

Note that the src download has the binary pre-built.. and check out gmake
clean:

[2357] > gmake clean
rm -rf youtube-dl.1 youtube-dl.bash-completion README.txt MANIFEST build/
dist/ .coverage cover/ youtube-dl.tar.gz

[2358] > gmake youtube-dl
gmake: `youtube-dl' is up to date.

hmmm. wait it's still there.

[2360] > ls -lh
total 428
-rw-r--r--  1 root  wheel     619B Jan 26 18:06 CHANGELOG
-rw-r--r--  1 root  wheel     1.2K Jan 26 18:06 LICENSE
-rw-r--r--  1 root  wheel     112B Jan 26 18:06 MANIFEST.in
-rw-r--r--  1 root  wheel     2.4K Jan 26 18:06 Makefile
-rw-r--r--  1 root  wheel      29K Feb  9 17:01 README.md
drwxr-xr-x  2 root  wheel     512B Jan 26 18:06 bin
drwxr-xr-x  4 root  wheel     512B Jan 26 18:06 devscripts
-rw-r--r--  1 root  wheel     3.0K Jan 26 21:21 setup.py
drwxr-xr-x  2 root  wheel     512B Feb  6 13:42 test
-rwxr-xr-x  1 root  waitman   360K Feb 11 00:36 youtube-dl
drwxr-xr-x  5 root  wheel     512B Feb 11 00:37 youtube_dl
[2361] > rm youtube-dl

[2362] > rm youtube_dl/update.py

[2363] > gmake youtube-dl
zip --quiet youtube-dl youtube_dl/*.py youtube_dl/*/*.py
zip --quiet --junk-paths youtube-dl youtube_dl/__main__.py
echo '#!/usr/bin/env python' > youtube-dl
cat youtube-dl.zip >> youtube-dl
rm youtube-dl.zip
chmod a+x youtube-dl

[2364] > ./youtube-dl --update
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/local/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "./youtube-dl/__main__.py", line 15, in <module>
  File "./youtube-dl/youtube_dl/__init__.py", line 74, in <module>
ImportError: No module named update


'gmake clean' doesn't get rid of the binary. what's up with that? deleting
update.py removes the update option.


-- 
Waitman Gobble
San Jose California USA
+1.510-830-7975

More information about the freebsd-ports mailing list