|Summary:||More HTTPS in MASTER_SITES|
|Product:||Ports & Packages||Reporter:||Sam H <xasthurii>|
|Component:||Individual Port(s)||Assignee:||Mathieu Arnold <mat>|
|Severity:||Affects Only Me||CC:||portmgr, xasthurii|
Description Sam H 2018-02-25 17:29:15 UTC
* Switch some MASTER_SITES from http/ftp to https * Add backup MASTER_SITES * Remove MASTER_SITES with DNS entries that do not resolve anymore * Remove evowise CDN as it is not on the OpenBSD mirror list anymore
Comment 2 Sam H 2018-02-25 23:44:35 UTC
Created attachment 191006 [details] patch v2 Updated with NetBSD and local-distfiles links.
Comment 3 Sam H 2018-02-26 00:11:23 UTC
Created attachment 191007 [details] patch v3 Added main FreeBSD distcache, but left non-https as a fallback. Should be ready to commit now.
Comment 4 Kubilay Kocak 2018-02-26 04:18:48 UTC
Comment on attachment 191007 [details] patch v3 bsd.sites.mk is not maintained by anyone in particular. Implicit approval pending review/QA
Comment 5 Kubilay Kocak 2018-02-26 04:19:29 UTC
But portmgr has an interest in this, given the scope and potential risks
Comment 6 Mathieu Arnold 2018-02-26 11:05:44 UTC
Please, remove https://pkg.freebsd.org/ from everywhere you added it. While it works, it is an artifact that should not be (ab)used. Also, remove https://distfiles.macports.org/* (and https://ftp.mirrorservice.org/sites/distfiles.macports.org/*), https://download.freenas.org/distfiles, they are caches, not authoritative sources. I am also not sure about https://download.snake.de/dist, it seems like some sort of cache.
Comment 7 Sam H 2018-02-26 16:27:13 UTC
Created attachment 191020 [details] patch v4 The FreeNAS, MacPorts and snake.de sites were the only backup mirrors in some instances. Nevertheless, I've removed them per request. I would however like to keep pkg.freebsd.org until a proper certificate is installed on the distcache servers, at which time it could be changed. There is currently no other place to get local distfiles, and the plain http distcache mirrors are still listed if pkg.freebsd.org doesn't work for some reason. Please take this small request into consideration. New patch attached, thanks.
Comment 8 Sam H 2018-02-26 17:48:49 UTC
Created attachment 191023 [details] patch v5 Sneak in a fix for devel/boehm-gc's MASTER_SITES too.
Comment 9 Mathieu Arnold 2018-02-27 13:01:27 UTC
So, committing this, with changes. - all the style bugs you added (empty lines, mostly) - put back everything removed and that works. - removed https://pkg.freebsd.org/ - all the distfiles mirrors, gentoo, openbsd... - audio/flac: use sourceforge. - devel/libuv: site may exist, but distfile does not.
Comment 10 commit-hook 2018-02-27 13:04:47 UTC
A commit references this bug: Author: mat Date: Tue Feb 27 13:03:51 UTC 2018 New revision: 463123 URL: https://svnweb.freebsd.org/changeset/ports/463123 Log: Switch some MASTER_SITES from http/ftp to https. Also some cleanup of dead entries. PR: 226203 Submitted by: Sam H Sponsored by: Absolight Changes: head/Mk/bsd.sites.mk head/archivers/unrar/Makefile head/audio/flac/Makefile head/audio/libogg/Makefile head/audio/libvorbis/Makefile head/devel/boehm-gc/Makefile head/devel/ccache/Makefile head/devel/libedit/Makefile head/devel/py-xdg/Makefile head/devel/yasm/Makefile head/dns/ldns/Makefile head/dns/unbound/Makefile head/lang/go/Makefile head/multimedia/ffmpeg/Makefile head/multimedia/libtheora/Makefile head/multimedia/x264/Makefile head/multimedia/x265/Makefile head/multimedia/xvid/Makefile head/net/mtr/Makefile head/net/vnstat/Makefile head/security/libsodium/Makefile head/textproc/docbook-sgml/Makefile head/textproc/libxml2/Makefile head/textproc/libxslt/Makefile head/textproc/sdocbook-xml/Makefile head/textproc/xmlcharent/Makefile