Date: Fri, 7 May 2004 17:28:11 -0400 From: Jason Harris <jharris@widomaker.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org>, Colin Percival <colin.percival@wadham.ox.ac.uk>, "M. Warner Losh" <imp@bsdimp.com>, pav@FreeBSD.org, portmgr@FreeBSD.org, security-officer@FreeBSD.org, security-team@FreeBSD.org, ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Cc: Jason Harris <jharris@widomaker.com> Subject: Re: ports/65464: ports/www/axis - use MASTER_SITE_APACHE Message-ID: <20040507212811.GO10980@pm1.ric-41.lft.widomaker.com> In-Reply-To: <200405061341.i46DffZl087680@repoman.freebsd.org> <20040506190038.GC1777__15878.5727843226$1083870127@madman.celabo.org> <20040421105108.GF19492@lum.celabo.org> References: <200405061341.i46DffZl087680@repoman.freebsd.org> <200405061341.i46DffZl087680@repoman.freebsd.org> <20040506190038.GC1777__15878.5727843226$1083870127@madman.celabo.org> <20040415194207.GG25575@madman.celabo.org> <20040415232455.GJ10980@pm1.ric-41.lft.widomaker.com> <6.0.1.1.1.20040416003018.03d79880@imap.sfu.ca> <20040415.191136.124830953.imp@bsdimp.com> <6.0.1.1.1.20040416091452.03d2ee98@imap.sfu.ca> <20040416153102.GK10980@pm1.ric-41.lft.widomaker.com> <20040421105108.GF19492@lum.celabo.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, Apr 21, 2004 at 05:51:09AM -0500, Jacques A. Vidrine wrote: > On Fri, Apr 16, 2004 at 11:31:02AM -0400, Jason Harris wrote: > > Also, I see no reason why the distinfo files can't be clearsigned > > starting immediately. This will not use another inode per port > Interesting thoughts. I do not like `clearsign' format, or separate > provide some security. But we are off course from the original > discussion re: checking PGP sigs of distfiles. Getting back on course... On Thu, May 06, 2004 at 02:00:38PM -0500, Jacques A. Vidrine wrote: > On Thu, May 06, 2004 at 06:41:41AM -0700, Pav Lucistnik wrote: > > pav 2004/05/06 06:41:41 PDT > > > > FreeBSD ports repository > > > > Modified files: > > sysutils Makefile > > Added files: > > sysutils/pv Makefile distinfo pkg-descr > > Log: > > Pipe Viewer (pv) is a terminal-based tool for monitoring the > > progress of data through a pipeline. It can be inserted into > > any normal pipeline between two processes to give a visual > > indication of how quickly data is passing through, how long > > it has taken, how near to completion it is, and an estimate > > of how long it will be until completion. > > > > Author: Andrew Wood <andrew.wood@ivarch.com> > > WWW: http://www.ivarch.com/programs/pv.shtml > > That's really nifty! I wish I'd have thought to create something like > that long ago. This port has a PGP signature, but only on the gzip (v. bzip2) tarball, and only on two mirrors (but not SourceForge). It is interesting because it shows that specifying DISTFILES/EXTRACT_ONLY explicitly is sometimes necessary to pick up the PGP signatures from specific MASTER_SITES (as well as to get the signatures onto the FreeBSD distfile mirrors, esp. for those without the Sergei's patch). Given that USE_GPG/SIG_FILES is a no-op for those not tracking Sergei's patch, how do portmgr@ and security-team@ feel about the patch below? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message cvs server: Diffing . Index: Makefile =================================================================== RCS file: /home/ncvs/ports/sysutils/pv/Makefile,v retrieving revision 1.1 diff -u -r1.1 Makefile --- Makefile 6 May 2004 13:41:40 -0000 1.1 +++ Makefile 7 May 2004 21:18:19 -0000 @@ -9,13 +9,19 @@ PORTVERSION= 0.8.5 CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \ - http://dragon.roe.ch/mirrors/distfiles/pv/ + http://dragon.roe.ch/mirrors/distfiles/pv/ \ + http://dragon.roe.ch/mirrors/distfiles/pv/:sig \ + http://www.ivarch.com/programs/sources/:sig MASTER_SITE_SUBDIR= pipeviewer +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc:sig +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= daniel@roe.ch COMMENT= A pipe throughput monitor -USE_BZIP2= yes +USE_GPG?= yes +SIG_FILES= ${DISTNAME}${EXTRACT_SUFX}.asc +#USE_BZIP2= yes USE_GMAKE= yes GNU_CONFIGURE= yes MAN1= pv.1 Index: distinfo =================================================================== RCS file: /home/ncvs/ports/sysutils/pv/distinfo,v retrieving revision 1.1 diff -u -r1.1 distinfo --- distinfo 6 May 2004 13:41:40 -0000 1.1 +++ distinfo 7 May 2004 21:18:19 -0000 @@ -1,2 +1,5 @@ MD5 (pv-0.8.5.tar.bz2) = a6eeadbc2fbd9c23e329f47ff37b8c83 SIZE (pv-0.8.5.tar.bz2) = 84289 +MD5 (pv-0.8.5.tar.gz) = 48c9d7a64035d9634ecf4e6d4414da02 +SIZE (pv-0.8.5.tar.gz) = 94927 +MD5 (pv-0.8.5.tar.gz.asc) = c233f04e23a30745ff02e013805c42c3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAm/02SypIl9OdoOMRAsl4AJ0QgmVJ3FFsMztQ1QfXF910Yy4dAQCfaWta IkUXkIhiypi0imD9Zo7I6LA= =tR0G -----END PGP SIGNATURE----- -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAm/9qSypIl9OdoOMRArBoAJ9GIHDsDDFAmhRqbiq5OB9HRhzRYQCeMhyK SgsDm6Mpl2XdZjHHSkSUP0E= =k60s -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040507212811.GO10980>