On Mon, 23 Mar 2015 10:46:32 -0700 Nathan Whitehorn <nwhitehorn_at_freebsd.org> wrote: > > On 03/23/15 09:47, Sergey V. Dyatko wrote: > > On Mon, 23 Mar 2015 09:15:57 -0700 > > Nathan Whitehorn <nwhitehorn_at_freebsd.org> wrote: > > > >> On 03/23/15 09:06, Devin Teske wrote: > >>>> On Mar 22, 2015, at 10:47 PM, Sergey V. Dyatko <sergey.dyatko_at_gmail.com> > >>>> wrote: > >>>> > >>>> Hi Devin, > >>>> > >>>> Recently I'm trying to install FreeBSD CURRENT from bootonly image > >>>> ( FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso) > >>>> on IBM HS22 blade via bladecenter's kvm but I faced with problem on > >>>> checksum stage, bootonly doesn't contain base, kernel,etc distributions > >>>> but it contain manifest file. > >>>> On mirrors we have pub/FreeBSD/snapshots/${ARCH}/11.0-CURRENT/*txz and > >>>> MANIFEST, sha256 sums from _local_ manifest doesn't match sha256 sums for > >>>> fetched files. I suppose it will be fine with RELEASE bootonly iso but > >>>> not with stable/current. > >>>> there is 2 ways how we can handle it: > >>>> 1) download remote MANIFEST if spotted checksum mismatch and trying to > >>>> use it 2) allow user to continue installation with 'broken' distributions > >>>> > >>>> I had to first put 10.1 then update it to HEAD :( > >>>> > >>>> What do you think ? > >>> When I get some time I’ll have a look and see what I can do. > >>> — > >>> Cheers, > >>> Devin > >>> > >>> > >> Using the local manifest is a security feature -- there is otherwise > >> zero protection against a man-in-the-middle attack. Ideally, you'd use > >> the ISO that matches the posted files. There are three options here: > >> 1. Add a dialog that lets you move ahead in the event of checksum > >> failure, which makes me very nervous. > >> 2. Use the boot1 disk. > >> 2a. For release engineering: if the posted tarballs change too fast, the > >> bootonly disk isn't actually useful for -CURRENT and should probably be > >> removed from the FTP server. > > I don't think so. I use only bootonly ISOs when I (rare) setup new > > fbsd instances, disk1 contain to much useless (for me) things. I > > haven't fast internet (in 2015, yes) so download data1 image is a pain. > > What useless things, out of curiousity? If you want source (which you > probably do if you are running -CURRENT), boot1 + downloading kernel, > base, and source code is 80% the size of disc1 for amd64. It's just not > a huge difference. > ~55 vs ~360 MB (FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso.xz VS FreeBSD-11.0-CURRENT-amd64-20150302-r279514-disc1.iso.xz) I do fetch src/ports (both HEAD) from svn so _in my case_ it is useless (tarballs a bit outdated as minimum). Main purpose of ISOs (for me) is allow to install minimal FreeBSD on new server. Than I can ssh into it and setup useful stuff > > What about STABLE images/tarballs ? If I understand correctly it is also > > uploaded too fast... > > The same issue applies there, yes. > > >> 3. You could reroll the ISO (just untar and run makefs again), > >> commenting out line 180 of /usr/libexec/bsdinstall/scripts/auto. > >> -Nathan > > sure I can. > > Idea with a dialog is a good idea, IMO :) > > > > That's so_at_'s lookout. I'd prefer actual signatures to checksum > verification + an option to skip. > -Nathan > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" -- wbr, tigerReceived on Mon Mar 23 2015 - 17:01:11 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:56 UTC