Date: Wed, 31 Jul 2013 15:30:36 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Michael Gmelin <freebsd@grem.de> Cc: freebsd-ports@freebsd.org Subject: Re: r253680 in CURRENT breaks GH ports and maybe others Message-ID: <20130731133036.GJ95363@ithaqua.etoilebsd.net> In-Reply-To: <20130731152407.5d6a806e@bsd64.grem.de> References: <831982af5f96759f17d21aba62b02eb6@mail.lifanov.com> <20130731144853.2a13617b@bsd64.grem.de> <51F90B8D.4030808@mail.lifanov.com> <1375276228.4960.3681111.005EA613@webmail.messagingengine.com> <20130731152407.5d6a806e@bsd64.grem.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--LG0Ll82vYr46+VA1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 31, 2013 at 03:24:07PM +0200, Michael Gmelin wrote: > On Wed, 31 Jul 2013 08:10:28 -0500 > Mark Felder <feld@FreeBSD.org> wrote: >=20 > > On Wed, Jul 31, 2013, at 8:05, Nikolai Lifanov wrote: > > >=20 > > > I fully agree. We already checksum the *distfiles*. > > > It shouldn't be important what the source is. > > >=20 > > > Are there any objections to adding --no-verify-peer to FETCH_ARGS > > > across the board? > > >=20 > >=20 > > Won't that break fetch for users whose fetch doesn't support > > --no-verify-peer? >=20 > True, it probably makes more sense to set SSL_NO_VERIFY_PEER in the > environment, since older versions of fetch will just ignore that. > bsd.port.mk already provides FETCH_ENV for that, so we could utilize > it for that purpose. >=20 > While you're on it you might also want to set SSL_NO_VERIFY_HOSTNAME > to disable host name verification in the cert (this is required less > often, but I could still see problems cause for incorrectly configured > master sites). >=20 > So this would mean adding something like this to bsd.port.mk around > line 2215: >=20 > FETCH_ENV?=3D SSL_NO_VERIFY_PEER=3D1 SSL_NO_VERIFY_HOSTNAME=3D1 >=20 > Michael >=20 Committed thanks Bapt --LG0Ll82vYr46+VA1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlH5EXwACgkQ8kTtMUmk6EyjfQCcDjiddQCxZ2ib45J982zJwORN HwgAoJFIJQlZ4JreMdhpHQCkuP4gCYlL =ywhx -----END PGP SIGNATURE----- --LG0Ll82vYr46+VA1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130731133036.GJ95363>