From owner-freebsd-current@FreeBSD.ORG Mon Mar 23 18:01:11 2015 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5517DB28 for ; Mon, 23 Mar 2015 18:01:11 +0000 (UTC) Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CD92126D for ; Mon, 23 Mar 2015 18:01:10 +0000 (UTC) Received: by wibgn9 with SMTP id gn9so70724040wib.1 for ; Mon, 23 Mar 2015 11:01:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=01ADCYOlKyTTmq97N3Qnred98dEwtFJBROO/8YRoljk=; b=pwjYfsUrSnBZuzq0OaLeVSTLHtHz7F0bDqu0KpuGiapCzvpJPuwRcu3uL7JsO/l9Pm J48myHppF9N6WeCqGw7IVxtkBKOERfTZ96IOqWyfFJe1AB5R4eaFbHIpuh9//DQz5d2Y axdYI2lfIXO0oB/KmYT/Qcvj22gL/rPqWuHP9Orh4fQsegJ0bgtV5c/iAKEkYmurytbx oduh822jVkJETH8q9EOA4v04a7i1T0xltLYRwK/Vu+C6CNlBG1cyFKjFXVewdgBxa7zE 83AR2Ah2OcJpwa586OCuSUw1Z4Y1tWbFu2xwXDDMpO5ii2qnucQlJrF2y8vYTsU1ckvF xaRw== X-Received: by 10.194.192.65 with SMTP id he1mr648947wjc.118.1427133668074; Mon, 23 Mar 2015 11:01:08 -0700 (PDT) Received: from laptop.minsk.domain ([37.215.165.64]) by mx.google.com with ESMTPSA id y14sm2411469wjr.39.2015.03.23.11.01.06 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Mar 2015 11:01:07 -0700 (PDT) Date: Mon, 23 Mar 2015 20:59:38 +0300 From: "Sergey V. Dyatko" To: freebsd-current@freebsd.org Subject: Re: bsdinstall and current (possible stable) snapshots Message-ID: <20150323205938.2098615f@laptop.minsk.domain> In-Reply-To: <55105178.3040204@freebsd.org> References: <20150323084738.70f7db7b@laptop.minsk.domain> <5762F1B8-771F-469C-9B93-AB6477C1C90D@FreeBSD.org> <55103C3D.9050009@freebsd.org> <20150323194757.285b3647@laptop.minsk.domain> <55105178.3040204@freebsd.org> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 18:01:11 -0000 On Mon, 23 Mar 2015 10:46:32 -0700 Nathan Whitehorn wrote:=20 >=20 > On 03/23/15 09:47, Sergey V. Dyatko wrote: > > On Mon, 23 Mar 2015 09:15:57 -0700 > > Nathan Whitehorn wrote: > > > >> On 03/23/15 09:06, Devin Teske wrote: > >>>> On Mar 22, 2015, at 10:47 PM, Sergey V. Dyatko > >>>> wrote: > >>>> > >>>> Hi Devin, > >>>> > >>>> Recently I'm trying to install FreeBSD CURRENT from bootonly image > >>>> ( FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso) > >>>> on IBM HS22 blade via bladecenter's kvm but I faced with problem on > >>>> checksum stage, bootonly doesn't contain base, kernel,etc distributi= ons > >>>> but it contain manifest file. > >>>> On mirrors we have pub/FreeBSD/snapshots/${ARCH}/11.0-CURRENT/*txz = and > >>>> MANIFEST, sha256 sums from _local_ manifest doesn't match sha256 sum= s for > >>>> fetched files. I suppose it will be fine with RELEASE bootonly iso b= ut > >>>> not with stable/current. > >>>> there is 2 ways how we can handle it: > >>>> 1) download remote MANIFEST if spotted checksum mismatch and trying = to > >>>> use it 2) allow user to continue installation with 'broken' distribu= tions > >>>> > >>>> I had to first put 10.1 then update it to HEAD :( > >>>> > >>>> What do you think ? > >>> When I get some time I=E2=80=99ll have a look and see what I can do. > >>> =E2=80=94 > >>> Cheers, > >>> Devin > >>> > >>> > >> Using the local manifest is a security feature -- there is otherwise > >> zero protection against a man-in-the-middle attack. Ideally, you'd use > >> the ISO that matches the posted files. There are three options here: > >> 1. Add a dialog that lets you move ahead in the event of checksum > >> failure, which makes me very nervous. > >> 2. Use the boot1 disk. > >> 2a. For release engineering: if the posted tarballs change too fast, t= he > >> bootonly disk isn't actually useful for -CURRENT and should probably be > >> removed from the FTP server. > > I don't think so. I use only bootonly ISOs when I (rare) setup new > > fbsd instances, disk1 contain to much useless (for me) things. I > > haven't fast internet (in 2015, yes) so download data1 image is a pain. >=20 > What useless things, out of curiousity? If you want source (which you=20 > probably do if you are running -CURRENT), boot1 + downloading kernel,=20 > base, and source code is 80% the size of disc1 for amd64. It's just not=20 > a huge difference. >=20 ~55 vs ~360 MB (FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso.xz= VS FreeBSD-11.0-CURRENT-amd64-20150302-r279514-disc1.iso.xz) I do fetch src/ports (both HEAD) from svn so _in my case_ it is useless (tarballs a bit outdated as minimum). Main purpose of ISOs (for me) is allo= w to install minimal FreeBSD on new server. Than I can ssh into it and setup us= eful stuff > > What about STABLE images/tarballs ? If I understand correctly it is al= so > > uploaded too fast... >=20 > The same issue applies there, yes. >=20 > >> 3. You could reroll the ISO (just untar and run makefs again), > >> commenting out line 180 of /usr/libexec/bsdinstall/scripts/auto. > >> -Nathan > > sure I can. > > Idea with a dialog is a good idea, IMO :) > > >=20 > That's so@'s lookout. I'd prefer actual signatures to checksum=20 > verification + an option to skip. > -Nathan > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" -- wbr, tiger