On Mon, 23 Mar 2015 09:15:57 -0700 Nathan Whitehorn <nwhitehorn_at_freebsd.org> wrote: > > On 03/23/15 09:06, Devin Teske wrote: > >> On Mar 22, 2015, at 10:47 PM, Sergey V. Dyatko <sergey.dyatko_at_gmail.com> > >> wrote: > >> > >> Hi Devin, > >> > >> Recently I'm trying to install FreeBSD CURRENT from bootonly image > >> ( FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso) > >> on IBM HS22 blade via bladecenter's kvm but I faced with problem on > >> checksum stage, bootonly doesn't contain base, kernel,etc distributions > >> but it contain manifest file. > >> On mirrors we have pub/FreeBSD/snapshots/${ARCH}/11.0-CURRENT/*txz and > >> MANIFEST, sha256 sums from _local_ manifest doesn't match sha256 sums for > >> fetched files. I suppose it will be fine with RELEASE bootonly iso but not > >> with stable/current. > >> there is 2 ways how we can handle it: > >> 1) download remote MANIFEST if spotted checksum mismatch and trying to use > >> it 2) allow user to continue installation with 'broken' distributions > >> > >> I had to first put 10.1 then update it to HEAD :( > >> > >> What do you think ? > > When I get some time I’ll have a look and see what I can do. > > — > > Cheers, > > Devin > > > > > > Using the local manifest is a security feature -- there is otherwise > zero protection against a man-in-the-middle attack. Ideally, you'd use > the ISO that matches the posted files. There are three options here: > 1. Add a dialog that lets you move ahead in the event of checksum > failure, which makes me very nervous. > 2. Use the boot1 disk. > 2a. For release engineering: if the posted tarballs change too fast, the > bootonly disk isn't actually useful for -CURRENT and should probably be > removed from the FTP server. I don't think so. I use only bootonly ISOs when I (rare) setup new fbsd instances, disk1 contain to much useless (for me) things. I haven't fast internet (in 2015, yes) so download data1 image is a pain. What about STABLE images/tarballs ? If I understand correctly it is also uploaded too fast... > 3. You could reroll the ISO (just untar and run makefs again), > commenting out line 180 of /usr/libexec/bsdinstall/scripts/auto. > -Nathan sure I can. Idea with a dialog is a good idea, IMO :) -- wbr, tigerReceived on Mon Mar 23 2015 - 15:49:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:56 UTC