From owner-freebsd-ports@FreeBSD.ORG Wed Jul 31 13:30:42 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 28A09F7E; Wed, 31 Jul 2013 13:30:42 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8268A221F; Wed, 31 Jul 2013 13:30:41 +0000 (UTC) Received: by mail-wi0-f177.google.com with SMTP id hq12so649860wib.10 for ; Wed, 31 Jul 2013 06:30:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Nzeb9UCINF3dj7AWgG0t6wfKvv6dpjzhA2Rgq3mG9CU=; b=iKqeODrhfbRBFmJpSgpv1TWFIWAIIB3Z3CCetkTAsTUysEpIJ2o6+ALINVVa8Xk3gj /raQPelQWGcZGMT2IFYemupXBNjYe4fAnqtxhwzkyHHVkJpjs0qiykjPc8lKTBTZj9P9 9/SmsFCUdovBCVQs3KFdROIh9QElpKcsPSHZ44loJRwNh/D2YYxm2gri+c/o7dPvV+Fs rt9tnKfaoOOWpo3NQHVbKhLjA3oQkyRjj95l0TcJgh59+PFJ0XnyPg6C6OEI8MmNUyiK zYM92VLTFsMfkfpoAiq8itbaqiatwtgvYUanpnTsFs7/iSwbh2McARoY+Mfjph4oMqTH JHtA== X-Received: by 10.180.126.10 with SMTP id mu10mr4269278wib.64.1375277439631; Wed, 31 Jul 2013 06:30:39 -0700 (PDT) Received: from ithaqua.etoilebsd.net (ithaqua.etoilebsd.net. [37.59.37.188]) by mx.google.com with ESMTPSA id jf9sm23192513wic.5.2013.07.31.06.30.38 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 31 Jul 2013 06:30:38 -0700 (PDT) Sender: Baptiste Daroussin Date: Wed, 31 Jul 2013 15:30:36 +0200 From: Baptiste Daroussin To: Michael Gmelin Subject: Re: r253680 in CURRENT breaks GH ports and maybe others Message-ID: <20130731133036.GJ95363@ithaqua.etoilebsd.net> References: <831982af5f96759f17d21aba62b02eb6@mail.lifanov.com> <20130731144853.2a13617b@bsd64.grem.de> <51F90B8D.4030808@mail.lifanov.com> <1375276228.4960.3681111.005EA613@webmail.messagingengine.com> <20130731152407.5d6a806e@bsd64.grem.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LG0Ll82vYr46+VA1" Content-Disposition: inline In-Reply-To: <20130731152407.5d6a806e@bsd64.grem.de> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2013 13:30:42 -0000 --LG0Ll82vYr46+VA1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 31, 2013 at 03:24:07PM +0200, Michael Gmelin wrote: > On Wed, 31 Jul 2013 08:10:28 -0500 > Mark Felder wrote: >=20 > > On Wed, Jul 31, 2013, at 8:05, Nikolai Lifanov wrote: > > >=20 > > > I fully agree. We already checksum the *distfiles*. > > > It shouldn't be important what the source is. > > >=20 > > > Are there any objections to adding --no-verify-peer to FETCH_ARGS > > > across the board? > > >=20 > >=20 > > Won't that break fetch for users whose fetch doesn't support > > --no-verify-peer? >=20 > True, it probably makes more sense to set SSL_NO_VERIFY_PEER in the > environment, since older versions of fetch will just ignore that. > bsd.port.mk already provides FETCH_ENV for that, so we could utilize > it for that purpose. >=20 > While you're on it you might also want to set SSL_NO_VERIFY_HOSTNAME > to disable host name verification in the cert (this is required less > often, but I could still see problems cause for incorrectly configured > master sites). >=20 > So this would mean adding something like this to bsd.port.mk around > line 2215: >=20 > FETCH_ENV?=3D SSL_NO_VERIFY_PEER=3D1 SSL_NO_VERIFY_HOSTNAME=3D1 >=20 > Michael >=20 Committed thanks Bapt --LG0Ll82vYr46+VA1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlH5EXwACgkQ8kTtMUmk6EyjfQCcDjiddQCxZ2ib45J982zJwORN HwgAoJFIJQlZ4JreMdhpHQCkuP4gCYlL =ywhx -----END PGP SIGNATURE----- --LG0Ll82vYr46+VA1--