From owner-freebsd-stable@freebsd.org Wed Dec 23 14:00:07 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E4DAA4F8D1 for ; Wed, 23 Dec 2015 14:00:07 +0000 (UTC) (envelope-from ari@ish.com.au) Received: from mail13.tpgi.com.au (smtp-out13.tpgi.com.au [220.244.226.123]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.tpg.com.au", Issuer "RapidSSL SHA256 CA - G3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A0D9812E1 for ; Wed, 23 Dec 2015 14:00:05 +0000 (UTC) (envelope-from ari@ish.com.au) X-TPG-Junk-Status: Message not scanned X-TPG-Antivirus: Passed X-TPG-Abuse: host=[202.161.115.54]; ip=202.161.115.54; date=Thu, 24 Dec 2015 00:40:58 +1100 Received: from fish.ish.com.au (202-161-115-54.static.tpgi.com.au [202.161.115.54] (may be forged)) by mail13.tpgi.com.au (envelope-from ari@ish.com.au) (8.14.3/8.14.3) with ESMTP id tBNDeuAO004570 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 24 Dec 2015 00:40:58 +1100 Received: from [10.242.2.26] (port=51563 helo=Aristedess-MacBook-Pro.local) by fish.ish.com.au with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1aBjev-0000W1-2V; Thu, 24 Dec 2015 00:40:54 +1100 X-CTCH-RefID: str=0001.0A150208.567AA466.0024, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 Subject: Re: freebsd-update incorrect hashes To: rainer@ultra-secure.de References: <567A92BD.5010105@ish.com.au> <28b3786fbb6baa6619c6ff9662113650@ultra-secure.de> Cc: freebsd-stable From: Aristedes Maniatis X-Enigmail-Draft-Status: N1110 Message-ID: <567AA464.4060706@ish.com.au> Date: Thu, 24 Dec 2015 00:40:52 +1100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Thunderbird/42.0 MIME-Version: 1.0 In-Reply-To: <28b3786fbb6baa6619c6ff9662113650@ultra-secure.de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2015 14:00:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 24/12/2015 12:22am, rainer@ultra-secure.de wrote: > Am 2015-12-23 13:25, schrieb Aristedes Maniatis: >> I've had problems with freebsd-update for many years now. It is by far= >> the least reliable component of FreeBSD since I started with the >> operating system back at 3.4 in 1999. >> >> Anyhow, I'm usually able to get past the exceedingly slow downloads >> and errors to the upgrade process, but this time nothing I do will get= >> me to the end. I've tried deleting /var/db/freebsd-update but several >> hours later I was at the same place again. The internet link is fast, >> but with a web proxy in this location, some downloads are slightly >> delayed while the virus scanner on the proxy does its thing. Perhaps >> 3-5 seconds delayed. >=20 >=20 >=20 > The problem is phttpget or the proxy, depending on the point of view. >=20 > Some proxies have (had) problems with the pipelined http requests that = phttpget seems to use. >=20 > apt (Debian/Ubuntu) has, too - but they can be disabled altogether ther= e. >=20 > http://webcache.googleusercontent.com/search?q=3Dcache:OwcOVJamJOoJ:htt= ps://www.astaro.org/gateway-products/web-protection-web-filtering-applica= tion-visibility-control/55213-http-pipelining-broken-after-upgrade-utm-9-= 3-a.html+&cd=3D1&hl=3Dde&ct=3Dclnk&gl=3Dch >=20 > IMO, there should be an option to use wget instead of phttpget. Or at l= east disable the request-pipelining. > There was a PR with patches floating around to make freebsd-update use = wget, but it never gained traction. >=20 > Also, didn't phttpget have problems with proxies needing authentication= ? > I usually have authentication at the proxy disabled for *.freebsd.org f= or this reason. In my case, the proxy doesn't need authentication. But I can see from the= code (I've just discovered that freebsd-update is in fact a shell script= ) that if it fails, then on the next run it starts again from the beginni= ng. No downloaded files are moved into the files folder until they all su= cceed. I've found debug mode, and what it is doing is downloading every single f= ile (1800 of them in my case) and then only at the end checking to see if= the hashes are right. When it fails, it just stops and I need to start a= gain. Each run takes about 40 minutes. Ari --=20 --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlZ6pGQACgkQ72p9Lj5JECo5mgCeMMOa4pMLx2d80z3HjMj1j2x/ ipcAn2TkE5W9AALQclduGwRcB6qPthUo =v/tY -----END PGP SIGNATURE----- --VwLeixnkGcEsM5UT3Vh6hGrkA05Kkl9eq--