Bug 243309

Summary: sysutils/dirvish erroneously marked BROKEN unfetchable
Product: Ports & Packages Reporter: Nathan Robertson <nathan>
Component: Individual Port(s)Assignee: Rene Ladan <rene>
Status: Closed FIXED    
Severity: Affects Many People CC: antoine, colin, koobs, nathan, portmaster, rene, tarkhil
Priority: --- Flags: bugzilla: maintainer-feedback? (tarkhil)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Remove the BROKEN unfetchable line from the sysutils/dirvish Makefile
none
Differences between ancient Fedora tgz and website version
none
Updated checksum and Makefile none

Description Nathan Robertson 2020-01-13 04:09:15 UTC 
Created attachment 210681 [details]
Remove the BROKEN unfetchable line from the sysutils/dirvish Makefile

r516897 updated sysutils/dirvish/Makefile on line 13 to:

BROKEN=         unfetchable

The source is fetchable, and I've commented out that line and tested it, and dirvish installs fine on my machine.
Comment 1 Nathan Robertson 2020-01-13 04:12:10 UTC 
Added antoine@FreeBSD.org to the cc: list, as his check-in marked this port as BROKEN unfetchable.
Comment 2 Antoine Brodin freebsd_committer freebsd_triage 2020-01-13 06:17:40 UTC 
It is BROKEN:

=> dirvish-1.2.1.tgz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch http://www.dirvish.org/dirvish-1.2.1.tgz
fetch: http://www.dirvish.org/dirvish-1.2.1.tgz: size mismatch: expected 46908, actual 48604
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-01-13 09:54:02 UTC 
@Nathan If you can provide a patch to update the distribution file and/or its checksum after evaluating the source of the checksum mismatch, please re-open the issue
Comment 4 Nathan Robertson 2020-01-17 06:30:38 UTC 
Created attachment 210807 [details]
Differences between ancient Fedora tgz and website version
Comment 5 Nathan Robertson 2020-01-17 06:35:34 UTC 
I can not find anywhere a tarball that matches the SHA sum in the ports for this. I have gone looking through Debian and Fedora, and have found that the current Fedora (31) matches the tarball they distributed in Fedora 12 (ie. very ancient). Incidentally, Debian's tarball matches that SHA sum as well. But I can't find one that matches the one in FreeBSD.

I've attached a patch showing the differences between the really ancient Fedora one and the one on the dirvish.org website now. It's just a bunch of places in the source code and documentation which were saying version 1.2, and should have been 1.2.1. Somebody has fixed that, re-released and not announced the change.

There used to be a distfiles directory on ftp.freebsd.org. I don't know whether something like that still exists, but if it does, it'd be nice to get access to the tarball that matches the SHA sum this port uses.

Otherwise, given the attached patch looks very safe, and the fact the source code being used by Fedora hasn't changed in so many years (and current Debian, for that matter), I'd say it'd be safe just to update the SHA sum to what's on the website, and re-enable the port.
Comment 6 Nathan Robertson 2020-01-19 23:24:12 UTC 
Ok, I located a copy of the dirvish-1.2.1.tgz from the FreeBSD distfiles (I found it cached on an old server. There are two differences between the version on the website and the old one in the distfiles:

1. A one line change to the dirvish.conf(5) man page.
2. The distfiles tarball has all the files in the root. The website version has them in a subdirectory (dirvish-1.2.1)

Here's a copy and paste of this:

nathanr@nathanr:~/tmp$ sha256sum freebsd-ports-dirvish-1.2.1.tgz dirvish-1.2.1.tgz
75bf0b1b42c6ecf6e133202550b2c65e914e9b22a540da31ba44cc652e6d3e2a  freebsd-ports-dirvish-1.2.1.tgz
6b7f29c3541448db3d317607bda3eb9bac9fb3c51f970611ffe27e9d63507dcd  dirvish-1.2.1.tgz
nathanr@nathanr:~/tmp$ tar -xzf dirvish-1.2.1.tgz
nathanr@nathanr:~/tmp$ mv dirvish-1.2.1 dirvish-website
nathanr@nathanr:~/tmp$ mkdir dirvish-freebsd-ports
nathanr@nathanr:~/tmp$ cd dirvish-freebsd-ports/
nathanr@nathanr:~/tmp/dirvish-freebsd-ports$ tar -xzf ../freebsd-ports-dirvish-1.2.1.tgz
nathanr@nathanr:~/tmp/dirvish-freebsd-ports$ cd ..
nathanr@nathanr:~/tmp$ diff -urN dirvish-freebsd-ports dirvish-website
diff -urN dirvish-freebsd-ports/dirvish.conf.5 dirvish-website/dirvish.conf.5
--- dirvish-freebsd-ports/dirvish.conf.5        2008-03-26 02:35:43.000000000 +1100
+++ dirvish-website/dirvish.conf.5      2012-01-07 14:26:00.000000000 +1100
@@ -786,7 +786,7 @@
 .ta +.5i +36m
        wd { sun }      +3 months
        wd { sun } md { 1\-7 }  +1 year
-       wd { 1 } md { 1\-7 } mo { 1,4,7,10 }    never
+       wd { 1 } md { 1\-7 } mo { 1 4 7 10 }    never
        hr { 10\-20 }   +10 days
 .ft R
 .fi
nathanr@nathanr:~/tmp$
Comment 7 Nathan Robertson 2020-01-19 23:38:08 UTC 
Created attachment 210880 [details]
Updated checksum and Makefile

Updates to the Makefile:
- The distribution now untars into a subdirectory.
- Remove the BROKEN flag

Updates to distinfo:
- New checksum.

See my previous comment in this bug showing a diff between the contents of the previous FreeBSD distfiles tarball and the new one published on the website. The differences are safe and immaterial.

I believe this patch is safe to apply.
Comment 8 Nathan Robertson 2020-01-27 21:58:24 UTC 
@Antoine - could you please review the attached patch. If you read through my comments on this bug, it's safe to update the SHA sum and re-enable the port. I've done the work to show that the differences between the old and new tarballs (which have the same name) are safe.
Comment 9 Chris Hutchinson 2020-05-04 17:56:37 UTC 
OK this has gone on *way* too long.

Here's what I've discovered:

tar tvf freebsd-copy/dirvish-1.2.1.tgz dirvish-copy/dirvish-1.2.1.tgz

freebsd-copy
-rw-rw-r--  0 keithl keithl  39118 Mar 25  2008 CHANGELOG
-rw-rw-r--  0 keithl keithl   9910 Mar 25  2008 COPYING
-rw-rw-r--  0 keithl keithl   8140 Mar 25  2008 dirvish.8
-rw-rw-r--  0 keithl keithl  21480 Mar 25  2008 dirvish.conf.5
-rw-rw-r--  0 keithl keithl   3387 Mar 25  2008 dirvish-expire.8
-rw-rw-r--  0 keithl keithl   5656 Mar 25  2008 dirvish-expire.pl
-rw-rw-r--  0 keithl keithl   3060 Mar 25  2008 dirvish-locate.8
-rw-rw-r--  0 keithl keithl   5413 Mar 25  2008 dirvish-locate.pl
-rw-rw-r--  0 keithl keithl  23385 Mar 25  2008 dirvish.pl
-rw-rw-r--  0 keithl keithl   2350 Mar 25  2008 dirvish-runall.8
-rw-rw-r--  0 keithl keithl   3084 Mar 25  2008 dirvish-runall.pl
-rw-rw-r--  0 keithl keithl  21481 Mar 25  2008 FAQ.html
-rw-rw-r--  0 keithl keithl   3426 Mar 25  2008 INSTALL
-rwxrwxr-x  0 keithl keithl   3894 Mar 25  2008 install.sh
-rw-rw-r--  0 keithl keithl   5038 Mar 25  2008 loadconfig.pl
-rw-rw-r--  0 keithl keithl   1059 Mar 25  2008 RELEASE.html
-rw-rw-r--  0 keithl keithl   6897 Mar 25  2008 TODO.html
dirvish-copy
drwxr-xr-x  0 root   root        0 Jan  6  2012 dirvish-1.2.1/
-rw-rw-r--  0 postgrey postgrey 23385 Mar 25  2008 dirvish-1.2.1/dirvish.pl
-rw-rw-r--  0 postgrey postgrey  3426 Mar 25  2008 dirvish-1.2.1/INSTALL
-rw-rw-r--  0 postgrey postgrey  3387 Mar 25  2008 dirvish-1.2.1/dirvish-expire.8
-rw-rw-r--  0 postgrey postgrey  5038 Mar 25  2008 dirvish-1.2.1/loadconfig.pl
-rw-rw-r--  0 postgrey postgrey  5413 Mar 25  2008 dirvish-1.2.1/dirvish-locate.pl
-rw-rw-r--  0 postgrey postgrey  8140 Mar 25  2008 dirvish-1.2.1/dirvish.8
-rw-rw-r--  0 postgrey postgrey  3084 Mar 25  2008 dirvish-1.2.1/dirvish-runall.pl
-rw-rw-r--  0 postgrey postgrey 21481 Mar 25  2008 dirvish-1.2.1/FAQ.html
-rw-rw-r--  0 postgrey postgrey 39118 Mar 25  2008 dirvish-1.2.1/CHANGELOG
-rw-rw-r--  0 postgrey postgrey  9910 Mar 25  2008 dirvish-1.2.1/COPYING
-rw-rw-r--  0 postgrey postgrey  6897 Mar 25  2008 dirvish-1.2.1/TODO.html
-rw-rw-r--  0 postgrey postgrey  5656 Mar 25  2008 dirvish-1.2.1/dirvish-expire.pl
-rw-rw-r--  0 postgrey postgrey  2350 Mar 25  2008 dirvish-1.2.1/dirvish-runall.8
-rw-rw-r--  0 postgrey postgrey  1059 Mar 25  2008 dirvish-1.2.1/RELEASE.html
-rw-rw-r--  0 postgrey postgrey 21480 Jan  6  2012 dirvish-1.2.1/dirvish.conf.5
-rw-rw-r--  0 postgrey postgrey  3060 Mar 25  2008 dirvish-1.2.1/dirvish-locate.8
-rwxrwxr-x  0 postgrey postgrey  3894 Mar 25  2008 dirvish-1.2.1/install.sh

As we can see. There are only 2 differences
1) the copy from dirvish.org adds the dirvish-1.2.1 directory
2) dirvish.conf.5 was changed on 2012-01-06
OK, 3; the group and owner are different.

Lets see what's different about dirvish.conf.5

--- freebsd-copy/dirvish.conf.5	2008-03-25 08:35:43.000000000 -0700
+++ dirvish-copy/dirvish-1.2.1/dirvish.conf.5	2012-01-06 19:26:00.000000000 -0800
@@ -786,7 +786,7 @@
 .ta +.5i +36m
 	wd { sun }	+3 months
 	wd { sun } md { 1\-7 }	+1 year
-	wd { 1 } md { 1\-7 } mo { 1,4,7,10 }	never
+	wd { 1 } md { 1\-7 } mo { 1 4 7 10 }	never
 	hr { 10\-20 }	+10 days
 .ft R
 .fi

CLEARLY the difference in the official copy from dirvish.org won't
be injecting any virii, or backdoor. It only affects (corrects) the
dirvish.conf(5) man(1) page.

The proposed svn diff provided by Nathan tested fine on my 12 && 13
amd64 boxes.

Given that this port is on the chopping block.
Can we *please* commit Nathan work? :)

Thanks!

--Chris
Comment 10 commit-hook freebsd_committer freebsd_triage 2020-05-20 18:24:40 UTC 
A commit references this bug:

Author: rene
Date: Wed May 20 18:24:25 UTC 2020
New revision: 536009
URL: https://svnweb.freebsd.org/changeset/ports/536009

Log:
  sysutils/dirvish: update distinfo and unexpire, verified by submitter.

  PR:		243309
  Submitted by:	Nathan Robertson
  MFH:		2020Q2

Changes:
  head/sysutils/dirvish/Makefile
  head/sysutils/dirvish/distinfo
Comment 11 commit-hook freebsd_committer freebsd_triage 2020-05-22 19:47:24 UTC 
A commit references this bug:

Author: rene
Date: Fri May 22 19:46:59 UTC 2020
New revision: 536239
URL: https://svnweb.freebsd.org/changeset/ports/536239

Log:
  MFH: r536009

  sysutils/dirvish: update distinfo and unexpire, verified by submitter.

  PR:		243309
  Submitted by:	Nathan Robertson

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/sysutils/dirvish/Makefile
  branches/2020Q2/sysutils/dirvish/distinfo