Portsnap uses patches opportunistically to reduce download bandwidth: It
attempts to fetch patches which could be useful, and then makes use of
whichever patches it actually gets. (This solves the otherwise O(n^2)
issue for the server to build patches between every pair of versions.)
During the process of applying patches, portsnap prints lines of the
form "Skipping XXX-YYY (123 of 4567).\r", where the \r serves to allow
each of these (potentially many) lines to overwrite the previous one
on the console. Unfortunately, XXX and YYY here are SHA256 hashes,
resulting in these lines wrapping on reasonable-width consoles.
Replace the hashes with abbreviations of the form "0123...cdef"
(cutting 64 characters down to 11) in order to keep lines to a
reasonable length.
The rather ugly shell code here is used to avoid forking additional
processes; it would be much cleaner using sed(1), but in my testing
the sed-based alternative increases CPU time consumption by 50%.
Requested by: des
Currently, WITHOUT_PORTSNAP forces WITHOUT_FREEBSD_UPDATE because the
latter relies on phttpget, which lives inside the portsnap build bits.
Remove the dependency between these two options by moving phttpget out into
^/libexec and building/installing it if either WITH_PORTSNAP or
WITH_FREEBSD_UPDATE.
Future work could remove the conditional if it's decided that users will use
it independently of either the current in-base consumers.
Reported by: swills
Reviewed by: jilles, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D26255
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
This change is equivalent to the approach committed in r306417, but if
sed has a bug it could be exploited by the untrusted tar file. Instead,
generate the expected tar content and compare that with find's output.
convert the expected hash list to the expected tar content filesystem
layout, and compare that with find's output.
Submitted by: cperciva (in review D8052)
Reviewed by: oshogbo
MFC after: 2 weeks
Previously it was possible to smuggle in addional files that would
be used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.
This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.
Reported by: anonymous gist
Reviewed by: allanjude, delphij
MFC after: ASAP
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D8052
using shell redirections instead of having gzip(1) to decide what
file to open.
Issue reported in the "non-cryptanalytic attacks against freebsd
update components" anonymous gist.
Reviewed by: allanjude, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7653
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
have zero length. Filesystem corruption will tend to truncate files, and
since these are short that's likely to result in them becoming empty.
Suggested by: Richard Clayton
Convinced by: rwatson
MFC after: 3 weeks
them changed (or was removed from the tree) then portsnap would delete
that file. This happened earlier today when one of two empty port
directories was removed. Uniquifying the lists of needed files fixes
this.
9.2-RELEASE candidate.
MFC after: 3 days
handle splitting input files on a '|'. This greatly
reduces the time taken to process several databases
during the update process.
Additionally add some more debug logging.