On 7/31/06, nextgens at freenetproject.org <nextgens at freenetproject.org> wrote: > Author: nextgens > Date: 2006-07-31 10:30:14 +0000 (Mon, 31 Jul 2006) > New Revision: 9830 > > Modified: > trunk/apps/installer/installclasspath/linux/update.sh > trunk/apps/installer/installclasspath/windows/update.cmd > Log: > update the updating scripts : new urls > > Modified: trunk/apps/installer/installclasspath/linux/update.sh > =================================================================== > --- trunk/apps/installer/installclasspath/linux/update.sh 2006-07-30 > 19:31:03 UTC (rev 9829) > +++ trunk/apps/installer/installclasspath/linux/update.sh 2006-07-31 > 10:30:14 UTC (rev 9830) > @@ -37,9 +37,9 @@ > echo Downloading sha1test.jar utility jar which will download > the actual update. > if [[ $WGET -eq 1 ]] > then > - $DOWNLOADER $NOCERT > https://emu.freenetproject.org/sha1test.jar > + $DOWNLOADER $NOCERT > http://downloads.freenetproject.org/installer/sha1test.jar > else > - $DOWNLOADER > https://emu.freenetproject.org/sha1test.jar > + $DOWNLOADER > http://downloads.freenetproject.org/installer/sha1test.jar > fi > > if [[ -s sha1test.jar ]] > @@ -105,7 +105,7 @@ > sed 's/freenet-cvs-snapshot.jar.new/freenet-cvs-snapshot.jar/g' wrapper.conf > >wrapper2.conf > mv wrapper2.conf wrapper.conf > > -$DOWNLOADER3 > https://emu.freenetproject.org/svn/trunk/apps/installer/installclasspath/linux/update.sh > +$DOWNLOADER3 http://downloads.freenetproject.org/alpha/update/update.sh > touch update.sh update2.sh > diff --brief update.sh update2.sh 2>&1 >/dev/null > if [[ $? -ne 0 ]] > > Modified: trunk/apps/installer/installclasspath/windows/update.cmd > =================================================================== > --- trunk/apps/installer/installclasspath/windows/update.cmd 2006-07-30 > 19:31:03 UTC (rev 9829) > +++ trunk/apps/installer/installclasspath/windows/update.cmd 2006-07-31 > 10:30:14 UTC (rev 9830) > @@ -36,7 +36,7 @@ > ::Download latest updater and verify it > if exist update.new.cmd del update.new.cmd > echo - Checking for updater updates... > -bin\wget.exe -o NUL > https://emu.freenetproject.org/svn/trunk/apps/installer/installclasspath/windows/update.cmd > -O update.new.cmd > +bin\wget.exe -o NUL > http://downloads.freenetproject.org/alpha/update/update.cmd -O update.new.cmd > if not exist update.new.cmd goto error1 > find "FREENET W%MAGICSTRING%WS UPDATE SCRIPT" update.new.cmd > NUL > if errorlevel 1 goto error1 > @@ -54,7 +54,7 @@ > ::Updater is up to date, check Freenet > :updaterok > ::Check for sha1test and download if needed. > -if not exist lib\sha1test.jar bin\wget.exe -o NUL > https://emu.freenetproject.org/sha1test.jar -O lib\sha1test.jar > +if not exist lib\sha1test.jar bin\wget.exe -o NUL > http://downloads.freenetproject.org/alpha/installer/sha1test.jar -O > lib\sha1test.jar > if not errorlevel 0 goto error3 > echo - Updater is up to date. > echo ----- > > _______________________________________________ > cvs mailing list > cvs at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs >
I think this makes sense from a scalablity view, but is this a good idea to have our scripts and the sha1test.jar come from unsecure servers? What if one of the mirrors are hacked to put an evil version of update.cmd that redirects to a different server/with an evil version of the node.jar? Users might never know. These are both tiny files and imho should be left on the secure URL. -- I may disagree with what you have to say, but I shall defend, to the death, your right to say it. - Voltaire
