From owner-freebsd-ports@freebsd.org Sun Jul 7 02:31:57 2019 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1868615D936E for ; Sun, 7 Jul 2019 02:31:57 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from mail.infocus-llc.com (mail.infocus-llc.com [IPv6:2604:3a00:2:1::2:13]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0868F8C156; Sun, 7 Jul 2019 02:31:54 +0000 (UTC) (envelope-from fullermd@over-yonder.net) Received: from draco.over-yonder.net (c-75-65-60-66.hsd1.ms.comcast.net [75.65.60.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.tarragon.infocus-llc.com (Postfix) with ESMTPSA id 45hCJm37fYzycS; Sat, 6 Jul 2019 21:31:52 -0500 (CDT) Received: by draco.over-yonder.net (Postfix, from userid 100) id 45hCJl1QW3zWMT; Sat, 6 Jul 2019 21:31:51 -0500 (CDT) Date: Sat, 6 Jul 2019 21:31:51 -0500 From: "Matthew D. Fuller" To: Kurt Jaeger Cc: freebsd-ports@freebsd.org Subject: Re: portsnap broken? Message-ID: <20190707023151.GA50134@over-yonder.net> References: <20190703015304.GB13599@over-yonder.net> <20190703081140.GA2733@home.opsec.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ibTvN161/egqYuK8" Content-Disposition: inline In-Reply-To: <20190703081140.GA2733@home.opsec.eu> X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.12.1 (2019-06-15) X-Rspamd-Queue-Id: 0868F8C156 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of fullermd@over-yonder.net designates 2604:3a00:2:1::2:13 as permitted sender) smtp.mailfrom=fullermd@over-yonder.net X-Spamd-Result: default: False [1.56 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[mail.infocus-llc.com,lyra.over-yonder.net]; CTYPE_MIXED_BOGUS(1.00)[]; RCPT_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[66.60.65.75.zen.spamhaus.org : 127.0.0.10]; MIME_TRACE(0.00)[0:+,1:+,2:-,2:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:12874, ipnet:2000::/3, country:IT]; SUBJECT_ENDS_QUESTION(1.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.988,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.98)[-0.984,0]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; DMARC_NA(0.00)[over-yonder.net]; NEURAL_SPAM_SHORT(0.09)[0.093,0]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-2.25)[ip: (-8.86), ipnet: 2000::/3(-1.51), asn: 12874(-0.91), country: IT(0.03)]; MIME_BAD_EXTENSION(4.00)[pl] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jul 2019 02:31:57 -0000 --ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jul 03, 2019 at 10:11:41AM +0200 I heard the voice of Kurt Jaeger, and lo! it spake thus: > > > With a little script to pull the snapdates: > > [...] > > Nice! Can you put that script somewhere for others to use ? It's pretty small and straightforward. Attached. It _is_ based on a bit of reverse-engineering of /usr/sbin/portsnap, so there may well be a better way already extant of getting the info (and there probably should be, if there isn't), but it Works For Me... --ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="psinfo.pl" #!/usr/bin/env perl use strict; use warnings; # Find the server list my @servers; { use Net::DNS; my $res = Net::DNS::Resolver->new; my $srv = $res->search('_http._tcp.portsnap.freebsd.org', 'SRV'); die "Nothing from SRV request: @{[$res->errorstring]}\n" unless $srv; foreach my $rr (grep { $_->type eq 'SRV' } $srv->answer) { my $si = { 'priority' => $rr->priority, 'host' => $rr->target, }; push @servers, $si; } @servers = sort { my $r; return $r if($r = ($a->{priority} <=> $b->{priority})); return $r if($r = ($a->{host} cmp $b->{host})); return 0; } @servers; } # We need to store temp files to go through openssl... my $tmpdir; { use File::Temp qw/tempdir/; $tmpdir = tempdir(CLEANUP => 1); die "Failed making tempdir" unless -d $tmpdir; } # Load snapshot info and check timestamp from each for my $s (@servers) { my $host = $s->{host}; my $key = "http://$host/pub.ssl"; my $snap = "http://$host/latest.ssl"; my $keyout = "$tmpdir/$host.key"; my $snapout = "$tmpdir/$host.snap"; use LWP::UserAgent; my $web = LWP::UserAgent->new(timeout => 5); my $res = $web->get($key, ':content_file' => $keyout); if(!$res->is_success) { $s->{failed} = 1; print STDERR "$host key fetch failed: @{[$res->status_line]}\n"; next; } $res = $web->get($snap, ':content_file' => $snapout); if(!$res->is_success) { $s->{failed} = 1; print STDERR "$host snap fetch failed: @{[$res->status_line]}\n"; next; } # Now we use openssl to dissect my @cmd = ( qw(openssl rsautl -pubin -inkey), $keyout, '-verify' ); use IPC::Run3; my ($out, $err); run3(\@cmd, $snapout, \$out, \$err); my $rc = $? >> 8; if($rc != 0) { $s->{failed} = 1; print STDERR "$host: openssl returned $rc\n$err\n"; next; } # Second field of $out is the timestamp chomp $out; my $ts = (split/\|/, $out)[1]; $s->{timestamp} = $ts; } # And show the results my $now = time; for my $s (@servers) { my $host = $s->{host}; (my $sh = $host) =~ s/\.portsnap\.freebsd\.org$//; if($s->{failed}) { print "$sh: failed\n"; next; } my $pri = $s->{priority}; my $ts = $s->{timestamp}; # How old? my $old = $now - $ts; my $age; if($old > 86400) { my $days = int($old / 86400); $age .= "$days days, "; $old -= ($days * 86400); } { my $hours = int($old / 3600); $old -= ($hours * 3600); my $mins = int($old / 60); $old -= ($mins * 60); $age .= sprintf("%02d:%02d:%02d", $hours, $mins, $old); } use Date::Format; chomp(my $ftime = ctime($ts)); printf "%20s: $ftime ($age ago)\n", $sh; } --ibTvN161/egqYuK8--