Date: Thu, 24 Dec 2015 00:40:52 +1100 From: Aristedes Maniatis <ari@ish.com.au> To: rainer@ultra-secure.de Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: freebsd-update incorrect hashes Message-ID: <567AA464.4060706@ish.com.au> In-Reply-To: <28b3786fbb6baa6619c6ff9662113650@ultra-secure.de> References: <567A92BD.5010105@ish.com.au> <28b3786fbb6baa6619c6ff9662113650@ultra-secure.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 24/12/2015 12:22am, rainer@ultra-secure.de wrote: > Am 2015-12-23 13:25, schrieb Aristedes Maniatis: >> I've had problems with freebsd-update for many years now. It is by far= >> the least reliable component of FreeBSD since I started with the >> operating system back at 3.4 in 1999. >> >> Anyhow, I'm usually able to get past the exceedingly slow downloads >> and errors to the upgrade process, but this time nothing I do will get= >> me to the end. I've tried deleting /var/db/freebsd-update but several >> hours later I was at the same place again. The internet link is fast, >> but with a web proxy in this location, some downloads are slightly >> delayed while the virus scanner on the proxy does its thing. Perhaps >> 3-5 seconds delayed. >=20 >=20 >=20 > The problem is phttpget or the proxy, depending on the point of view. >=20 > Some proxies have (had) problems with the pipelined http requests that = phttpget seems to use. >=20 > apt (Debian/Ubuntu) has, too - but they can be disabled altogether ther= e. >=20 > http://webcache.googleusercontent.com/search?q=3Dcache:OwcOVJamJOoJ:htt= ps://www.astaro.org/gateway-products/web-protection-web-filtering-applica= tion-visibility-control/55213-http-pipelining-broken-after-upgrade-utm-9-= 3-a.html+&cd=3D1&hl=3Dde&ct=3Dclnk&gl=3Dch >=20 > IMO, there should be an option to use wget instead of phttpget. Or at l= east disable the request-pipelining. > There was a PR with patches floating around to make freebsd-update use = wget, but it never gained traction. >=20 > Also, didn't phttpget have problems with proxies needing authentication= ? > I usually have authentication at the proxy disabled for *.freebsd.org f= or this reason. In my case, the proxy doesn't need authentication. But I can see from the= code (I've just discovered that freebsd-update is in fact a shell script= ) that if it fails, then on the next run it starts again from the beginni= ng. No downloaded files are moved into the files folder until they all su= cceed. I've found debug mode, and what it is doing is downloading every single f= ile (1800 of them in my case) and then only at the end checking to see if= the hashes are right. When it fails, it just stops and I need to start a= gain. Each run takes about 40 minutes. Ari --=20 --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlZ6pGQACgkQ72p9Lj5JECo5mgCeMMOa4pMLx2d80z3HjMj1j2x/ ipcAn2TkE5W9AALQclduGwRcB6qPthUo =v/tY -----END PGP SIGNATURE----- --VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?567AA464.4060706>