From owner-freebsd-questions@FreeBSD.ORG Fri Apr 11 14:44:22 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 760EB1065679 for ; Fri, 11 Apr 2008 14:44:22 +0000 (UTC) (envelope-from karim.bourenane@orange-ftgroup.com) Received: from relais-inet.francetelecom.com (relais-ias245.francetelecom.com [80.12.204.245]) by mx1.freebsd.org (Postfix) with ESMTP id 059998FC17 for ; Fri, 11 Apr 2008 14:44:21 +0000 (UTC) (envelope-from karim.bourenane@orange-ftgroup.com) Received: from omfeda07.si.francetelecom.fr (unknown [xx.xx.xx.200]) by omfeda12.si.francetelecom.fr (ESMTP service) with ESMTP id 6200F70153; Fri, 11 Apr 2008 16:44:20 +0200 (CEST) Received: from PARM01.dc.par.equant.com (unknown [10.237.24.33]) by omfeda07.si.francetelecom.fr (ESMTP service) with ESMTP id 0AE2370002; Fri, 11 Apr 2008 16:44:20 +0200 (CEST) To: Paul Schmehl X-Mailer: Lotus Notes Release 5.0.12 February 13, 2003 Message-ID: From: karim.bourenane@orange-ftgroup.com Date: Fri, 11 Apr 2008 16:44:29 +0200 X-MIMETrack: Serialize by Router on PARM01/Equant(5012HF429 | October 14, 2003) at 11/04/2008 16:46:56 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Cc: karim.bourenane@orange-ftgroup.com, freebsd-questions@freebsd.org Subject: Re: [7.0] Openldap client X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2008 14:44:22 -0000 Hi Paul Thanks you for your reply. I updated all ports with csup, and now is good for nss_pam package. I see on Freebsd gnat report same problem : http://www.freebsd.org/cgi/query-pr.cgi?pr=117886 Best Regards, thanks you for all help Karim Bourenane Orange Business Services / Equant RO&SI / IBNF / ENO / GNS 112 Avenue Charles de Gaules 92200 Neuilly S/Seine Phone: +33156 76 35 52 Fax: +33156 76 35 04 http://www.equant.com Paul Schmehl 11/04/2008 16:31 To: Konrad Heuer , karim.bourenane@orange-ftgroup.com cc: freebsd-questions@freebsd.org bcc: Subject: Re: [7.0] Openldap client --On Friday, April 11, 2008 16:03:24 +0200 Konrad Heuer wrote: > > On Fri, 11 Apr 2008, karim.bourenane@orange-ftgroup.com wrote: > >> I'm unbale to install nss_ldap from padl. I've error : >> => nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/. >> => Attempting to fetch from http://www.padl.com/download/. >> fetch: http://www.padl.com/download/nss_ldap-257.tar.gz: size mismatch: >> expected 229242, actual 229299 >> >> Anyone, can tell me, how to install openldap client on Freebsd 7-Stable ? > > I do not know why /usr/ports/net/nss_ldap/distinfo contains a different file > size (and probably inappropriate checksums), but you can just edit > /usr/ports/net/nss_ldap/distinfo and put in what you find (start with size > only, later by using md5 and sha256 utilities in /sbin to calculate checksums > after the file has been fetched /usr/ports/distfiles). The answer to that is obvious. The size and checksums are different because the *file* is different. That means that the file he's trying to download hasn't been vetted by the maintainer to ensure that it's not compromised. The way to solve this problem is (in the order you should do them) 1) Update your ports to see if the maintainer has corrected the problem 2) Download the source code and compare it with the md5sum of the vendor to ensure that it's not compromised. If the checksum matches, go into the port directory and run "make makesum" to update the distinfo file. (No need to reinvent the wheel.) 3) Use DISABLE_VULNERABILITIES to foolishly install the software without first verifying that it hasn't been compromised. I'm thinking option one is probably best: # make => nss_ldap-257.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://www.padl.com/download/. nss_ldap-257.tar.gz 100% of 223 kB 36 kBps ===> Extracting for nss_ldap-1.257 => MD5 Checksum OK for nss_ldap-257.tar.gz. => SHA256 Checksum OK for nss_ldap-257.tar.gz. -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/