On Tue, Aug 01, 2006 at 08:11:31PM +0200, Florent Daigni?re (NextGen$) wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2006-08-01 19:06:42]: > > > It's not mirrored is it? > > Now it is.
Ummm, that's bad. sha1test.jar should NOT be mirrored. > > > > > On Mon, Jul 31, 2006 at 06:10:35PM -0400, Juiceman wrote: > > > On 7/31/06, nextgens at freenetproject.org <nextgens at > > > freenetproject.org> wrote: > > > >Author: nextgens > > > >Date: 2006-07-31 10:30:14 +0000 (Mon, 31 Jul 2006) > > > >New Revision: 9830 > > > > > > > >Modified: > > > > trunk/apps/installer/installclasspath/linux/update.sh > > > > trunk/apps/installer/installclasspath/windows/update.cmd > > > >Log: > > > >update the updating scripts : new urls > > > > > > > >Modified: trunk/apps/installer/installclasspath/linux/update.sh > > > >=================================================================== > > > >--- trunk/apps/installer/installclasspath/linux/update.sh > > > >2006-07-30 > > > >19:31:03 UTC (rev 9829) > > > >+++ trunk/apps/installer/installclasspath/linux/update.sh > > > >2006-07-31 > > > >10:30:14 UTC (rev 9830) > > > >@@ -37,9 +37,9 @@ > > > > echo Downloading sha1test.jar utility jar which will > > > > download the actual update. > > > > if [[ $WGET -eq 1 ]] > > > > then > > > >- $DOWNLOADER $NOCERT > > > >https://emu.freenetproject.org/sha1test.jar > > > >+ $DOWNLOADER $NOCERT > > > >http://downloads.freenetproject.org/installer/sha1test.jar > > > > else > > > >- $DOWNLOADER > > > >https://emu.freenetproject.org/sha1test.jar > > > >+ $DOWNLOADER > > > >http://downloads.freenetproject.org/installer/sha1test.jar > > > > fi > > > > > > > > if [[ -s sha1test.jar ]] > > > >@@ -105,7 +105,7 @@ > > > > sed 's/freenet-cvs-snapshot.jar.new/freenet-cvs-snapshot.jar/g' > > > > wrapper.conf >wrapper2.conf > > > > mv wrapper2.conf wrapper.conf > > > > > > > >-$DOWNLOADER3 > > > >https://emu.freenetproject.org/svn/trunk/apps/installer/installclasspath/linux/update.sh > > > >+$DOWNLOADER3 http://downloads.freenetproject.org/alpha/update/update.sh > > > > touch update.sh update2.sh > > > > diff --brief update.sh update2.sh 2>&1 >/dev/null > > > > if [[ $? -ne 0 ]] > > > > > > > >Modified: trunk/apps/installer/installclasspath/windows/update.cmd > > > >=================================================================== > > > >--- trunk/apps/installer/installclasspath/windows/update.cmd > > > >2006-07-30 > > > >19:31:03 UTC (rev 9829) > > > >+++ trunk/apps/installer/installclasspath/windows/update.cmd > > > >2006-07-31 > > > >10:30:14 UTC (rev 9830) > > > >@@ -36,7 +36,7 @@ > > > > ::Download latest updater and verify it > > > > if exist update.new.cmd del update.new.cmd > > > > echo - Checking for updater updates... > > > >-bin\wget.exe -o NUL > > > >https://emu.freenetproject.org/svn/trunk/apps/installer/installclasspath/windows/update.cmd > > > > -O update.new.cmd > > > >+bin\wget.exe -o NUL > > > >http://downloads.freenetproject.org/alpha/update/update.cmd -O > > > >update.new.cmd > > > > if not exist update.new.cmd goto error1 > > > > find "FREENET W%MAGICSTRING%WS UPDATE SCRIPT" update.new.cmd > NUL > > > > if errorlevel 1 goto error1 > > > >@@ -54,7 +54,7 @@ > > > > ::Updater is up to date, check Freenet > > > > :updaterok > > > > ::Check for sha1test and download if needed. > > > >-if not exist lib\sha1test.jar bin\wget.exe -o NUL > > > >https://emu.freenetproject.org/sha1test.jar -O lib\sha1test.jar > > > >+if not exist lib\sha1test.jar bin\wget.exe -o NUL > > > >http://downloads.freenetproject.org/alpha/installer/sha1test.jar -O > > > >lib\sha1test.jar > > > > if not errorlevel 0 goto error3 > > > > echo - Updater is up to date. > > > > echo ----- > > > > > > > >_______________________________________________ > > > >cvs mailing list > > > >cvs at freenetproject.org > > > >http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs > > > > > > > > > > I think this makes sense from a scalablity view, but is this a good > > > idea to have our scripts and the sha1test.jar come from unsecure > > > servers? What if one of the mirrors are hacked to put an evil version > > > of update.cmd that redirects to a different server/with an evil > > > version of the node.jar? Users might never know. These are both tiny > > > files and imho should be left on the secure URL. > > > > > > -- > > > I may disagree with what you have to say, but I shall defend, to the > > > death, your right to say it. - Voltaire > > > _______________________________________________ > > > Devl mailing list > > > Devl at freenetproject.org > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > > -- > > Matthew J Toseland - toad at amphibian.dyndns.org > > Freenet Project Official Codemonkey - http://freenetproject.org/ > > ICTHUS - Nothing is impossible. Our Boss says so. > > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060801/081c8e38/attachment.pgp>
