On 03/23/15 09:47, Sergey V. Dyatko wrote:
On Mon, 23 Mar 2015 09:15:57 -0700
Nathan Whitehorn <nwhiteh...@freebsd.org> wrote:

On 03/23/15 09:06, Devin Teske wrote:
On Mar 22, 2015, at 10:47 PM, Sergey V. Dyatko <sergey.dya...@gmail.com>

Hi Devin,

Recently I'm trying to install FreeBSD CURRENT from bootonly image
( FreeBSD-11.0-CURRENT-amd64-20150302-r279514-bootonly.iso)
on IBM HS22 blade via bladecenter's kvm but I faced with problem on
checksum stage, bootonly doesn't contain base, kernel,etc distributions
but it contain manifest file.
On mirrors we have  pub/FreeBSD/snapshots/${ARCH}/11.0-CURRENT/*txz and
MANIFEST, sha256 sums from _local_ manifest doesn't match sha256 sums for
fetched files. I suppose it will be fine with RELEASE bootonly iso but not
with stable/current.
there is 2 ways how we can handle it:
1) download remote MANIFEST if spotted checksum mismatch and trying to use
it 2) allow user to continue installation with 'broken' distributions

I had to first put 10.1 then update it to HEAD :(

What do you think ?
When I get some time I’ll have a look and see what I can do.

Using the local manifest is a security feature -- there is otherwise
zero protection against a man-in-the-middle attack. Ideally, you'd use
the ISO that matches the posted files. There are three options here:
1. Add a dialog that lets you move ahead in the event of checksum
failure, which makes me very nervous.
2. Use the boot1 disk.
2a. For release engineering: if the posted tarballs change too fast, the
bootonly disk isn't actually useful for -CURRENT and should probably be
removed from the FTP server.
I don't think so. I use only bootonly ISOs when I (rare) setup new
fbsd instances, disk1 contain to much useless (for me) things.  I
haven't fast internet (in 2015, yes) so download data1 image is a pain.

What useless things, out of curiousity? If you want source (which you probably do if you are running -CURRENT), boot1 + downloading kernel, base, and source code is 80% the size of disc1 for amd64. It's just not a huge difference.

What about STABLE images/tarballs  ? If I understand correctly it is also
uploaded too fast...

The same issue applies there, yes.

3. You could reroll the ISO (just untar and run makefs again),
commenting out line 180 of /usr/libexec/bsdinstall/scripts/auto.
sure I can.
Idea with a dialog is  a good idea, IMO :)

That's so@'s lookout. I'd prefer actual signatures to checksum verification + an option to skip.
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to