On 03/23/15 09:06, Devin Teske wrote: >> On Mar 22, 2015, at 10:47 PM, Sergey V. Dyatko <sergey.dyatko_at_gmail.com> wrote: >> >> Hi Devin, >> >> Recently I'm trying to install FreeBSD CURRENT from bootonly image >> ( FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso) >> on IBM HS22 blade via bladecenter's kvm but I faced with problem on checksum >> stage, bootonly doesn't contain base, kernel,etc distributions but it contain >> manifest file. >> On mirrors we have pub/FreeBSD/snapshots/${ARCH}/11.0-CURRENT/*txz and >> MANIFEST, sha256 sums from _local_ manifest doesn't match sha256 sums for >> fetched files. I suppose it will be fine with RELEASE bootonly iso but not with >> stable/current. >> there is 2 ways how we can handle it: >> 1) download remote MANIFEST if spotted checksum mismatch and trying to use it >> 2) allow user to continue installation with 'broken' distributions >> >> I had to first put 10.1 then update it to HEAD :( >> >> What do you think ? > When I get some time I’ll have a look and see what I can do. > — > Cheers, > Devin > > Using the local manifest is a security feature -- there is otherwise zero protection against a man-in-the-middle attack. Ideally, you'd use the ISO that matches the posted files. There are three options here: 1. Add a dialog that lets you move ahead in the event of checksum failure, which makes me very nervous. 2. Use the boot1 disk. 2a. For release engineering: if the posted tarballs change too fast, the bootonly disk isn't actually useful for -CURRENT and should probably be removed from the FTP server. 3. You could reroll the ISO (just untar and run makefs again), commenting out line 180 of /usr/libexec/bsdinstall/scripts/auto. -NathanReceived on Mon Mar 23 2015 - 15:16:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:56 UTC