Re: Source file audit - 2013-09-30
Kevin Fenzi wrote: monnerat:BADURL:openca-ocspd-1.5.1-rc1.tar.gz:ocspd The URL is not available anymore. I've just packaged 1.9.0 for rawhide/f20/f19/f18. It is not the latest version, but it's the latest that doesn't use libpki. I've submitted a review request for this library, but nobody was interested in reviewing (https://bugzilla.redhat.com/show_bug.cgi?id=723575). When I discovered that this library was flawn with a lot of memory leakage bugs, I retired the request. Source for version 1.9.0 is still downloadable. monnerat:BADURL:Synchro-PHPMailer-4d9434e-5.2.6.tar.gz:php-PHPMailer Works for me. Regards, Patrick -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Wed, 16 Oct 2013 22:48:31 -0600 Orion Poplawski or...@cora.nwra.com wrote: Thanks! orion:BADURL:Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip:apache-poi False positive? This works for me. Yeah, it downloaded ok too... wonder if the spaces were confusing my script some. Will investigate. orion:BADSOURCE:gdl-0.9.3.tar.gz:gdl Now at 0.9.4, so hopefully okay. orion:BADSOURCE:GE2011.11p1.tar.gz:gridengine orion:BAD_CVS_SOURCE:libcore.c:gridengine Fixed. orion:BADURL:hdf5_1.8.10-patch1-1.debian.tar.gz:hdf5 Updated. Hmm, didn't realize I would need to keep updating this... orion:BADURL:kdesvn-1.6.0.tar.bz2:kdesvn They say they have moved into kde proper, but I can't find a tarball there. orion:BADURL:maven-ant-tasks-2.1.3-src.zip:maven-ant-tasks New url orion:BADURL:mayavi-4.3.0-f8f2c4016cbf9172b0a3a3c132dec7539e9e51c9.tar.gz:Mayavi Made explicit that this is a git snapshot. orion:BADURL:mod_xsendfile-0.12.tar.bz2:mod_xsendfile Worked for me. Getting https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2 to ./mod_xsendfile-0.12.tar.bz2 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total Spent Left Speed 100 9345 100 93450 0 7419 0 0:00:01 0:00:01 --:--:-- 7416 http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/mod_xsendfile-dl.txt Looks like the centos5 machine I used didn't have the cert for it. --2013-09-30 06:23:56-- https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2 Resolving tn123.org... 94.23.160.241, 2001:41d0:2:a921::30 Connecting to tn123.org|94.23.160.241|:443... connected. ERROR: certificate common name `*.tn123.org' doesn't match requested host name `tn123.org'. To connect to tn123.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. orion:BADURL:oct2spec-1.0.1.tar.gz:oct2spec Hmm, looks like I haven't kept up with fedorahosted.org changes. orion:BADURL:jukka-pcfi-bd245c9.tar.gz:pcfi Works for me orion:BAD_CVS_SOURCE:License:pcfi Looks like this disappeared. orion:BADURL:plplot-5.9.9-svn12530.tar.xz:plplot Updated to new 5.9.10 release orion:BADURL:car_2.0-16.tar.gz:R-car Upstream doesn't keep around old tarballs (yay!). Updated to 2.0-19. orion:BADURL:lmtest_0.9-30.tar.gz:R-lmtest Same - 0.9-32 orion:BADURL:multcomp_1.2-17.tar.gz:R-multcomp Same - 1.3-0 orion:BADURL:mvtnorm_0.9-9994.tar.gz:R-mvtnorm Same - 0.9-9996 orion:BADURL:zoo_1.7-9.tar.gz:R-zoo Same - 1.7-10 I added these to upstream release monitoring to help in the future. Thanks for fixing those. ;) kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
04.10.2013 01:35, Kevin Fenzi пишет: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other branches as other changes permit. - There are 3067 lines in this run. Up from 1007 last run. (Which was 2.5 years ago) 700 sourcecheck-20070826.txt 620 sourcecheck-20070917.txt 561 sourcecheck-20071017.txt 775 sourcecheck-20080206.txt 685 sourcecheck-20080214.txt 674 sourcecheck-20080301.txt 666 sourcecheck-20080401.txt 660 sourcecheck-20080501.txt 642 sourcecheck-20080603.txt 649 sourcecheck-20080705.txt 662 sourcecheck-20080801.txt 912 sourcecheck-20081114.txt 884 sourcecheck-20090215.txt 1060 sourcecheck-20090810.txt 932 sourcecheck-20091101.txt 932 sourcecheck-20091104.txt 1612 sourcecheck-20100105.txt 1391 sourcecheck-20100106.txt 1007 sourcecheck-20100531.txt 3067 sourcecheck-20130930.txt You can find the results file at: http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930.txt $ wget -c http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930.txt -q -O- | grep -i Hubbitus hubbitus:BADURL:ccze-0.2.1.tar.gz:ccze Upstream site seams down. Freshmeat page http://freecode.com/projects/ccze refer to debian page. Should I change URL to it? hubbitus:BADURL:httpd-2.2.22.tar.bz2:httpd-itk Not require untill httpd updates to be able build httpd-itk as MPM. hubbitus:BADURL:ImageMagick-6.8.6-3.tar.xz:ImageMagick Updated. hubbitus:BADURL:lde-2.6.1.tar.gz:lde Updated. hubbitus:BADURL:qutim-0.3.1.tar.bz2:qutim Has conditional sources: %if 0%{?GIT} Source0: qutim-0.3.0%{?GIT:.git%{GIT}}.tar.xz %else Source0: http://qutim.org/downloads/%{name}-%{version}.tar.bz2 %endif Which seams not handled correctly. hubbitus:BADURL:rabbit4.1-src.tar.gz:RabbIT Updated. hubbitus:BADURL:sqlite3-dbf_2011.01.24.tar.gz:sqlite3-dbf Upstream site seams to be rearranged. Wrote to author. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On 10/03/2013 03:35 PM, Kevin Fenzi wrote: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other branches as other changes permit. Lines in the output are of three forms: - BADURL:base-file-name:$PACKAGENAME This means that the URI provided in the Source(s) line didn't result in a download of the source. This could be any of: URL changed, version changed and URL wasn't updated, Site is down, Site is gone, etc. Also there are a number of packages with incorrect sourceforge links. (BTW, there are still some packages with ftp://people.redhat.com/ URLs). - BADSOURCE:$SOURCENAME:$PACKAGENAME This means that the source was downloaded ok from the upstream site, but doesn't match the md5sum given in the sources file. This could be due to needing to strip out content that fedora cannot ship (but in that case you shouldn't have the full URI in the Source line). Or upstream following poor release practices and updating without changing their release. - BAD_CVS_SOURCE:$SOURCENAME:$PACKAGENAME This means that the file was downloaded from the URI given, and the md5sum did not match the file thats present in git (not the lookaside). This might be due to timestamps, or any of the above reasons. kevin -- Thanks! orion:BADURL:Office%20Open%20XML%201st%20edition%20Part%204%20(PDF).zip:apache-poi False positive? This works for me. orion:BADSOURCE:gdl-0.9.3.tar.gz:gdl Now at 0.9.4, so hopefully okay. orion:BADSOURCE:GE2011.11p1.tar.gz:gridengine orion:BAD_CVS_SOURCE:libcore.c:gridengine Fixed. orion:BADURL:hdf5_1.8.10-patch1-1.debian.tar.gz:hdf5 Updated. Hmm, didn't realize I would need to keep updating this... orion:BADURL:kdesvn-1.6.0.tar.bz2:kdesvn They say they have moved into kde proper, but I can't find a tarball there. orion:BADURL:maven-ant-tasks-2.1.3-src.zip:maven-ant-tasks New url orion:BADURL:mayavi-4.3.0-f8f2c4016cbf9172b0a3a3c132dec7539e9e51c9.tar.gz:Mayavi Made explicit that this is a git snapshot. orion:BADURL:mod_xsendfile-0.12.tar.bz2:mod_xsendfile Worked for me. Getting https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2 to ./mod_xsendfile-0.12.tar.bz2 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 9345 100 93450 0 7419 0 0:00:01 0:00:01 --:--:-- 7416 orion:BADURL:oct2spec-1.0.1.tar.gz:oct2spec Hmm, looks like I haven't kept up with fedorahosted.org changes. orion:BADURL:jukka-pcfi-bd245c9.tar.gz:pcfi Works for me orion:BAD_CVS_SOURCE:License:pcfi Looks like this disappeared. orion:BADURL:plplot-5.9.9-svn12530.tar.xz:plplot Updated to new 5.9.10 release orion:BADURL:car_2.0-16.tar.gz:R-car Upstream doesn't keep around old tarballs (yay!). Updated to 2.0-19. orion:BADURL:lmtest_0.9-30.tar.gz:R-lmtest Same - 0.9-32 orion:BADURL:multcomp_1.2-17.tar.gz:R-multcomp Same - 1.3-0 orion:BADURL:mvtnorm_0.9-9994.tar.gz:R-mvtnorm Same - 0.9-9996 orion:BADURL:zoo_1.7-9.tar.gz:R-zoo Same - 1.7-10 I added these to upstream release monitoring to help in the future. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, Oct 4, 2013 at 8:29 PM, Alexey I. Froloff ra...@raorn.name wrote: On Fri, Oct 04, 2013 at 10:21:02AM -0600, Kevin Fenzi wrote: What tool were you using for download? spectool -g *.spec Which uses curl do download files... Current one does. But the one Kevin used for this run on CentOS 5 uses wget. remote-header-name should be added to /etc/rpmdevtools/curlrc That'd just break pretty much every github release download in a slightly different way as far as this check is concerned because their Content-Disposition header for those seems to prepend the project name to the tarball name. We really need spectool grab the filename which the URL ends with, not some random other one that a Content-Disposition header might contain -- I'd say it's far more common for a Content-Disposition header to change the download name to something else than to fix it to the one we already specified in the URL, so I won't be adding that option. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Hi, Looks like working fedorahosted download links got reported as BADURL. Parag -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Check ok on my side: $ wget http://linux.dell.com/dkms/permalink/dkms-2.2.0.3.tar.gz --2013-10-04 08:54:36-- http://linux.dell.com/dkms/permalink/dkms-2.2.0.3.tar.gz Resolving linux.dell.com (linux.dell.com)... 143.166.224.62 Connecting to linux.dell.com (linux.dell.com)|143.166.224.62|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 86053 (84K) [application/x-gzip] Saving to: ‘dkms-2.2.0.3.tar.gz’ 100%[==] 86,053 96.3KB/s in 0.9s 2013-10-04 08:54:42 (96.3 KB/s) - ‘dkms-2.2.0.3.tar.gz’ saved [86053/86053] Regards, --Simone -- You cannot discover new oceans unless you have the courage to lose sight of the shore (R. W. Emerson). http://xkcd.com/229/ http://negativo17.org/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
drago01:BADURL:inotify-tools-3.14.tar.gz:inotify-tools Thats because upstream no longer offer a 3.14 download. Dunno why. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On 10/03/2013 11:35 PM, Kevin Fenzi wrote: [cut] leamas:BADURL:xlwt-0.7.4.tar.gz:python-xlwt [cut] These are pypi urls which looks just fine to me (spectool -g works OK) --alec -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Il 03/10/2013 23:35, Kevin Fenzi ha scritto: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other branches as other changes permit. hi gil:BADURL:iText-src-2.1.7.tar.gz:itext thats because upstream no longer offer a 2.1.7 download. gil:BADURL:jdo2-api-2.2-src.tar.gz:jdo2-api fixed gil:BADURL:plexus-3.3.1.tar.gz:plexus-pom gil:BADURL:spock-0.7-groovy-1.8.tar.gz:spock gil:BADURL:2.9.0.tar.gz:spymemcached check ok on my side: [gil@localhost ~]$ wget https://github.com/sonatype/plexus-pom/archive/plexus-3.3.1.tar.gz --2013-10-04 11:32:21-- https://github.com/sonatype/plexus-pom/archive/plexus-3.3.1.tar.gz Risoluzione di github.com (github.com)... 192.30.252.131 Connessione a github.com (github.com)|192.30.252.131|:443... connesso. Richiesta HTTP inviata, in attesa di risposta... 302 Found Posizione: https://codeload.github.com/sonatype/plexus-pom/tar.gz/plexus-3.3.1 [segue] --2013-10-04 11:32:22-- https://codeload.github.com/sonatype/plexus-pom/tar.gz/plexus-3.3.1 Risoluzione di codeload.github.com (codeload.github.com)... 192.30.252.145 Connessione a codeload.github.com (codeload.github.com)|192.30.252.145|:443... connesso. Richiesta HTTP inviata, in attesa di risposta... 200 OK Lunghezza: non specificato [application/x-gzip] Salvataggio in: plexus-3.3.1.tar.gz [ = ] 4.596 --.-K/s in 0s 2013-10-04 11:32:23 (181 MB/s) - plexus-3.3.1.tar.gz salvato [4596] [gil@localhost ~]$ wget https://github.com/spockframework/spock/archive/spock-0.7-groovy-1.8.tar.gz --2013-10-04 11:34:24-- https://github.com/spockframework/spock/archive/spock-0.7-groovy-1.8.tar.gz Risoluzione di github.com (github.com)... 192.30.252.130 Connessione a github.com (github.com)|192.30.252.130|:443... connesso. Richiesta HTTP inviata, in attesa di risposta... 302 Found Posizione: https://codeload.github.com/spockframework/spock/tar.gz/spock-0.7-groovy-1.8 [segue] --2013-10-04 11:34:25-- https://codeload.github.com/spockframework/spock/tar.gz/spock-0.7-groovy-1.8 Risoluzione di codeload.github.com (codeload.github.com)... 192.30.252.145 Connessione a codeload.github.com (codeload.github.com)|192.30.252.145|:443... connesso. Richiesta HTTP inviata, in attesa di risposta... 200 OK Lunghezza: non specificato [application/x-gzip] Salvataggio in: spock-0.7-groovy-1.8.tar.gz [ = ] 338.692 261KB/s in 1,3s 2013-10-04 11:34:28 (261 KB/s) - spock-0.7-groovy-1.8.tar.gz salvato [338692] [gil@localhost ~]$ wget https://github.com/dustin/java-memcached-client/archive/2.9.0.tar.gz --2013-10-04 11:35:46-- https://github.com/dustin/java-memcached-client/archive/2.9.0.tar.gz Risoluzione di github.com (github.com)... 192.30.252.129 Connessione a github.com (github.com)|192.30.252.129|:443... connesso. Richiesta HTTP inviata, in attesa di risposta... 302 Found Posizione: https://codeload.github.com/dustin/java-memcached-client/tar.gz/2.9.0 [segue] --2013-10-04 11:35:47-- https://codeload.github.com/dustin/java-memcached-client/tar.gz/2.9.0 Risoluzione di codeload.github.com (codeload.github.com)... 192.30.252.147 Connessione a codeload.github.com (codeload.github.com)|192.30.252.147|:443... connesso. Richiesta HTTP inviata, in attesa di risposta... 200 OK Lunghezza: non specificato [application/x-gzip] Salvataggio in: 2.9.0.tar.gz [ = ] 428.571 271KB/s in 1,5s 2013-10-04 11:35:49 (271 KB/s) - 2.9.0.tar.gz salvato [428571] regards gil attachment: puntogil.vcf-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Hi, In my case, the makeself source tarball is hosted on github. I've seen many people saying that github was down recently (even though it worked fine for me). curl -LI http://github.com/megastep/makeself/archive/release-2.2.0.tar.gz [... redirections stuff ...] HTTP/1.1 200 OK [... headers ...] Other packages might be related to the github outage. Regards, Dridi On Fri, Oct 4, 2013 at 9:15 AM, Alec Leamas leamas.a...@gmail.com wrote: On 10/03/2013 11:35 PM, Kevin Fenzi wrote: [cut] leamas:BADURL:xlwt-0.7.4.tar.gz:python-xlwt [cut] These are pypi urls which looks just fine to me (spectool -g works OK) --alec -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On 10/04/2013 11:49 AM, Dridi Boukelmoune wrote: Hi, In my case, the makeself source tarball is hosted on github. I've seen many people saying that github was down recently (even though it worked fine for me). It was down for about two hours: https://status.github.com/messages -- Petr³ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Thu, Oct 03, 2013 at 03:35:03PM -0600, Kevin Fenzi wrote: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other Lines in the output are of three forms: - BADURL:base-file-name:$PACKAGENAME This means that the URI provided in the Source(s) line didn't result in a download of the source. This could be any of: URL changed, version changed and URL wasn't updated, Site is down, Site is gone, etc. Also there are a number of packages with incorrect sourceforge links. (BTW, there are still some packages with ftp://people.redhat.com/ URLs). ttorcz:BADURL:hdapsd-20090401gita64b50c-a64b50c.tar.gz:hdapsd But is seem to have been downloaded fine... http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/hdapsd-dl.txt -- Tomasz TorczThere exists no separation between gods and men: xmpp: zdzich...@chrome.pl one blends softly casual into the other. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Thu, Oct 03, 2013 at 03:35:03PM -0600, Kevin Fenzi wrote: raorn:BADSOURCE:wmMatrix-0.2-g97216606.tar.gz:wmMatrix raorn:BADSOURCE:wmmon-1.0b2-g575778a6.tar.gz:wmmon raorn:BADSOURCE:wmpager-1.2-g88ece7e5.tar.gz:wmpager Source tag is a link to repo.or.cz. Timestamps are changed each time archive is downloaded. There are no release tarballs for dockapps repository. raorn:BADURL:wmvolman-2.0.1.tar.gz:wmvolman $ HEAD -S http://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz HEAD http://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz 301 Moved Permanently HEAD https://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz 302 Found HEAD https://codeload.github.com/raorn/wmvolman/tar.gz/2.0.1 200 OK Connection: close Date: Fri, 04 Oct 2013 10:56:50 GMT Content-Length: 39940 Content-Type: application/x-gzip Client-Date: Fri, 04 Oct 2013 10:56:50 GMT Client-Peer: 192.30.252.145:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 Client-SSL-Cert-Subject: /C=US/ST=California/L=San Francisco/O=GitHub, Inc./CN=*.github.com Client-SSL-Cipher: RC4-SHA Client-SSL-Socket-Class: IO::Socket::SSL Content-Disposition: attachment; filename=wmvolman-2.0.1.tar.gz There was several redirects, but URL is OK. And it doesn't have the timestamp problem. -- Regards,-- Sir Raorn. --- http://thousandsofhate.blogspot.com/ signature.asc Description: Digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, Oct 04, 2013 at 02:59:36PM +0400, Alexey I. Froloff wrote: $ HEAD -S http://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz Content-Type: application/x-gzip Content-Disposition: attachment; filename=wmvolman-2.0.1.tar.gz --2013-10-03 05:54:40-- http://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz ... Length: unspecified [application/x-gzip] Saving to: `./2.0.1' 0K .. .. .. . 676K=0.06s Last-modified header missing -- time-stamps turned off. 2013-10-03 05:54:42 (676 KB/s) - `./2.0.1' saved [39940] What tool were you using for download? -- Regards,-- Sir Raorn. --- http://thousandsofhate.blogspot.com/ signature.asc Description: Digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Kevin Fenzi wrote: On Fri, 4 Oct 2013 01:54:34 +0200 Björn Persson bj...@xn--rombobjrn-67a.se wrote: Kevin Fenzi wrote: rombobeorn:BADURL:pragmarc-20130728.zip:PragmARC wget https://www.Rombobjörn.se/PragmARC/pragmarc-20130728.zip → 200 OK This server's uptime is currently 112 days, so either it was a network glitch or your URL checker lacks IDNA support. Seems to be a dns issue? http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/PragmARC-dl.txt That's a more useful error message. Wget tried to look up the UTF-8-encoded domain name directly without converting it to ACE. You need to upgrade Wget to a version that knows how to do IDNA. The one in Fedora 19 does. The one in CentOS 6 doesn't. -- Björn Persson Sent from my computer. signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Thu, Oct 3, 2013 at 3:35 PM, Kevin Fenzi ke...@scrye.com wrote: jjames:BADURL:DSDP5.8.tar.gz:DSDP The upstream host has a note on their web site explaining that the entire web site was rearranged, and gives directions on how to find new URLs for the various projects hosted there. The procedure fails for DSDP, which does not appear to have survived the reorganization. I sent a note to the webmaster, asking if the DSDP pages are gone permanently. He replied that he had forwarded my query on to the group that formerly maintained the DSDP web site. No word from them yet. If the web site is permanently gone, I can certainly remove the 'http://...' portion of the Source0 URL, but what do I do about the URL field in the spec file in that case? I would like to keep this package around, because it is used by python-cvxopt. -- Jerry James http://www.jamezone.org/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, 4 Oct 2013 08:55:38 +0200 Simone Caronni negativ...@gmail.com wrote: Check ok on my side: $ wget http://linux.dell.com/dkms/permalink/dkms-2.2.0.3.tar.gz --2013-10-04 08:54:36-- http://linux.dell.com/dkms/permalink/dkms-2.2.0.3.tar.gz Resolving linux.dell.com (linux.dell.com)... 143.166.224.62 Connecting to linux.dell.com (linux.dell.com)|143.166.224.62|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 86053 (84K) [application/x-gzip] Saving to: ‘dkms-2.2.0.3.tar.gz’ 100%[==] 86,053 96.3KB/s in 0.9s 2013-10-04 08:54:42 (96.3 KB/s) - ‘dkms-2.2.0.3.tar.gz’ saved [86053/86053] slaanesh:BADSOURCE:dkms-2.2.0.3.tar.gz:dkms - BADSOURCE:$SOURCENAME:$PACKAGENAME This means that the source was downloaded ok from the upstream site, but doesn't match the md5sum given in the sources file. This could be due to needing to strip out content that fedora cannot ship (but in that case you shouldn't have the full URI in the Source line). Or upstream following poor release practices and updating without changing their release. % cat sources 1bf726e59d24854cc6260522b444c8d3 dkms-2.2.0.3.tar.gz % md5sum dkms-2.2.0.3.tar.gz 11a8aaade2ebec2803653837c7593030 dkms-2.2.0.3.tar.gz So, somehow the one uploaded to our lookaside is not the same as the upstream one. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, 04 Oct 2013 09:15:47 +0200 Alec Leamas leamas.a...@gmail.com wrote: On 10/03/2013 11:35 PM, Kevin Fenzi wrote: [cut] leamas:BADURL:xlwt-0.7.4.tar.gz:python-xlwt [cut] These are pypi urls which looks just fine to me (spectool -g works OK) Looks like a ssl cert problem? http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/python-xlwt-dl.txt ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `pypi.python.org'. To connect to pypi.python.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, 4 Oct 2013 11:49:47 +0200 Dridi Boukelmoune dridi.boukelmo...@gmail.com wrote: Hi, In my case, the makeself source tarball is hosted on github. I've seen many people saying that github was down recently (even though it worked fine for me). curl -LI http://github.com/megastep/makeself/archive/release-2.2.0.tar.gz [... redirections stuff ...] HTTP/1.1 200 OK [... headers ...] Other packages might be related to the github outage. Could be, but in this case it did download ok... http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/makeself-dl.txt but it downloaded to a 'release-2.2.0' file? Possibly again a issue with the old spectool I was using for this run. ;( kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, 4 Oct 2013 12:46:26 +0200 Tomasz Torcz to...@pipebreaker.pl wrote: On Thu, Oct 03, 2013 at 03:35:03PM -0600, Kevin Fenzi wrote: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other Lines in the output are of three forms: - BADURL:base-file-name:$PACKAGENAME This means that the URI provided in the Source(s) line didn't result in a download of the source. This could be any of: URL changed, version changed and URL wasn't updated, Site is down, Site is gone, etc. Also there are a number of packages with incorrect sourceforge links. (BTW, there are still some packages with ftp://people.redhat.com/ URLs). ttorcz:BADURL:hdapsd-20090401gita64b50c-a64b50c.tar.gz:hdapsd But is seem to have been downloaded fine... http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/hdapsd-dl.txt yeah, but note that it downloaded to: 2013-09-29 22:33:30 (20.8 MB/s) - `./a64b50c05c5e2b6b7d6ca1165362b4d8e484f4f4' saved [19829] not hdapsd-20090401gita64b50c-a64b50c.tar.gz kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, 4 Oct 2013 15:08:25 +0400 Alexey I. Froloff ra...@raorn.name wrote: On Fri, Oct 04, 2013 at 02:59:36PM +0400, Alexey I. Froloff wrote: $ HEAD -S http://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz Content-Type: application/x-gzip Content-Disposition: attachment; filename=wmvolman-2.0.1.tar.gz --2013-10-03 05:54:40-- http://github.com/raorn/wmvolman/archive/2.0.1/wmvolman-2.0.1.tar.gz ... Length: unspecified [application/x-gzip] Saving to: `./2.0.1' 0K .. .. .. . 676K=0.06s Last-modified header missing -- time-stamps turned off. 2013-10-03 05:54:42 (676 KB/s) - `./2.0.1' saved [39940] What tool were you using for download? spectool -g *.spec kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, Oct 04, 2013 at 10:21:02AM -0600, Kevin Fenzi wrote: What tool were you using for download? spectool -g *.spec Which uses curl do download files... remote-header-name should be added to /etc/rpmdevtools/curlrc -- Regards,-- Sir Raorn. --- http://thousandsofhate.blogspot.com/ signature.asc Description: Digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Jerry James wrote: On Thu, Oct 3, 2013 at 3:35 PM, Kevin Fenzi ke...@scrye.com wrote: jjames:BADURL:DSDP5.8.tar.gz:DSDP The upstream host has a note on their web site explaining that the entire web site was rearranged, and gives directions on how to find new URLs for the various projects hosted there. And it says Mathematics and Computer Science at the top of the page. What kind of computer science institute doesn't have the sense to keep permanent URLs? http://www.w3.org/Provider/Style/URI -- Björn Persson Sent from my computer. signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, Oct 04, 2013 at 10:17:02AM -0600, Kevin Fenzi wrote: On Fri, 04 Oct 2013 09:15:47 +0200 Alec Leamas leamas.a...@gmail.com wrote: On 10/03/2013 11:35 PM, Kevin Fenzi wrote: [cut] leamas:BADURL:xlwt-0.7.4.tar.gz:python-xlwt [cut] These are pypi urls which looks just fine to me (spectool -g works OK) Looks like a ssl cert problem? http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/python-xlwt-dl.txt ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `pypi.python.org'. To connect to pypi.python.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. pypi have been working on getting a CDN working recently. I think they consider what they have in place now as working, though. I'm finding that the pypi urls work on Fedora (tested wget on F17 and rawhide) but they do not on RHEL5 and RHEL6. -Toshio pgp2vUtRkMpNg.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, Oct 04, 2013 at 09:00:07AM -0600, Jerry James wrote: On Thu, Oct 3, 2013 at 3:35 PM, Kevin Fenzi ke...@scrye.com wrote: jjames:BADURL:DSDP5.8.tar.gz:DSDP The upstream host has a note on their web site explaining that the entire web site was rearranged, and gives directions on how to find new URLs for the various projects hosted there. The procedure fails for DSDP, which does not appear to have survived the reorganization. I sent a note to the webmaster, asking if the DSDP pages are gone permanently. He replied that he had forwarded my query on to the group that formerly maintained the DSDP web site. No word from them yet. If the web site is permanently gone, I can certainly remove the 'http://...' portion of the Source0 URL, but what do I do about the URL field in the spec file in that case? I would like to keep this package around, because it is used by python-cvxopt. Add a comnent above the Source0: line that says what's happened to the upstream hosting. It does mean that the upstream is dead and you'll be on the hook for more maintainance should problems be found in the package. -Toshio pgpGvYqu8Lqr2.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Kevin Fenzi wrote: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other branches as other changes permit. [...] rombobeorn:BADURL:fedora-gnat-project-common-3.6.tar.gz:fedora-gnat-project-common wget https://fedorahosted.org/released/fedora-gnat-project-common/download/fedora-gnat-project-common-3.6.tar.gz → 200 OK I suppose either Fedora Hosted was temporarily down, or there was a network glitch. rombobeorn:BADURL:pragmarc-20130728.zip:PragmARC wget https://www.Rombobjörn.se/PragmARC/pragmarc-20130728.zip → 200 OK This server's uptime is currently 112 days, so either it was a network glitch or your URL checker lacks IDNA support. Does that program retry a while later if it can't reach the server, to reduce the number of false alarms? -- Björn Persson Sent from my computer. signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
It also looks like the checker doesn't deal with redirects: logic:BADURL:fritzing-0.8.3b.source.tar.bz2:fritzing $ wget http://fritzing.org/download/0.8.3b/source-tarball/fritzing-0.8.3b.source.tar.bz2 --2013-10-03 17:20:31-- http://fritzing.org/download/0.8.3b/source-tarball/fritzing-0.8.3b.source.tar.bz2 Resolving fritzing.org (fritzing.org)... 85.214.44.67 Connecting to fritzing.org (fritzing.org)|85.214.44.67|:80... connected. HTTP request sent, awaiting response... 302 FOUND Location: http://fritzing.org/media/downloads/fritzing-0.8.3b.source.tar.bz2[following] --2013-10-03 17:20:31-- http://fritzing.org/media/downloads/fritzing-0.8.3b.source.tar.bz2 Reusing existing connection to fritzing.org:80. HTTP request sent, awaiting response... 200 OK Length: 16819552 (16M) [application/x-bzip2] Saving to: ‘fritzing-0.8.3b.source.tar.bz2’ 100%[==] 16,819,552 3.90MB/s in 5.5s 2013-10-03 17:20:37 (2.94 MB/s) - ‘fritzing-0.8.3b.source.tar.bz2’ saved [16819552/16819552] On Thu, Oct 3, 2013 at 4:54 PM, Björn Persson bj...@xn--rombobjrn-67a.sewrote: Kevin Fenzi wrote: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other branches as other changes permit. [...] rombobeorn:BADURL:fedora-gnat-project-common-3.6.tar.gz:fedora-gnat-project-common wget https://fedorahosted.org/released/fedora-gnat-project-common/download/fedora-gnat-project-common-3.6.tar.gz → 200 OK I suppose either Fedora Hosted was temporarily down, or there was a network glitch. rombobeorn:BADURL:pragmarc-20130728.zip:PragmARC wget https://www.Rombobjörn.se/PragmARC/pragmarc-20130728.ziphttps://www.xn--rombobjrn-67a.se/PragmARC/pragmarc-20130728.zip → 200 OK This server's uptime is currently 112 days, so either it was a network glitch or your URL checker lacks IDNA support. Does that program retry a while later if it can't reach the server, to reduce the number of false alarms? -- Björn Persson Sent from my computer. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Ed Marshall e...@logic.net Felix qui potuit rerum cognoscere causas. http://esm.logic.net/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Fri, 4 Oct 2013 01:54:34 +0200 Björn Persson bj...@xn--rombobjrn-67a.se wrote: Kevin Fenzi wrote: Here's attached another run of my sources/patches url checker. Please fix any packages you are responsible for in rawhide, and other branches as other changes permit. [...] rombobeorn:BADURL:fedora-gnat-project-common-3.6.tar.gz:fedora-gnat-project-common wget https://fedorahosted.org/released/fedora-gnat-project-common/download/fedora-gnat-project-common-3.6.tar.gz → 200 OK I suppose either Fedora Hosted was temporarily down, or there was a network glitch. http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/fedora-gnat-project-common-dl.txt Looks like we have a wildcard cert issue... https://download.fedorahosted.org/released/fedora-gnat-project-common/download/ might be a workaround. rombobeorn:BADURL:pragmarc-20130728.zip:PragmARC wget https://www.Rombobjörn.se/PragmARC/pragmarc-20130728.zip → 200 OK This server's uptime is currently 112 days, so either it was a network glitch or your URL checker lacks IDNA support. Seems to be a dns issue? http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/PragmARC-dl.txt Does that program retry a while later if it can't reach the server, to reduce the number of false alarms? Nope, not currently. Only when I run it again. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Thu, 3 Oct 2013 17:26:30 -0700 Ed Marshall e...@logic.net wrote: It also looks like the checker doesn't deal with redirects: logic:BADURL:fritzing-0.8.3b.source.tar.bz2:fritzing Looks like a transitory failure of some kind... http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/fritzing-dl.txt 2013-09-29 21:20:33 ERROR 503: Service Unavailable. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
Ah, cool, didn't realize failure output was stored anywhere. :) Thanks! On Thu, Oct 3, 2013 at 6:07 PM, Kevin Fenzi ke...@scrye.com wrote: On Thu, 3 Oct 2013 17:26:30 -0700 Ed Marshall e...@logic.net wrote: It also looks like the checker doesn't deal with redirects: logic:BADURL:fritzing-0.8.3b.source.tar.bz2:fritzing Looks like a transitory failure of some kind... http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/fritzing-dl.txt 2013-09-29 21:20:33 ERROR 503: Service Unavailable. kevin -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Ed Marshall e...@logic.net Felix qui potuit rerum cognoscere causas. http://esm.logic.net/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Thu, Oct 3, 2013 at 7:04 PM, Kevin Fenzi ke...@scrye.com wrote: http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/fedora-gnat-project-common-dl.txt Looks like we have a wildcard cert issue... https://download.fedorahosted.org/released/fedora-gnat-project-common/download/ might be a workaround. I think the problem is that wget on EL6 does recognize the subjectAltName extension in x509 certificates. wget on Fedora 19 works. The same problem is happening with all the Ruby packages that load gems from https://rubygems.org. - Ken -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: Source file audit - 2013-09-30
On Thu, 3 Oct 2013 19:46:33 -0600 Ken Dreyer ktdre...@ktdreyer.com wrote: On Thu, Oct 3, 2013 at 7:04 PM, Kevin Fenzi ke...@scrye.com wrote: http://www.scrye.com/~kevin/fedora/sourcecheck/sourcecheck-20130930/fedora-gnat-project-common-dl.txt Looks like we have a wildcard cert issue... https://download.fedorahosted.org/released/fedora-gnat-project-common/download/ might be a workaround. I think the problem is that wget on EL6 does recognize the subjectAltName extension in x509 certificates. wget on Fedora 19 works. The same problem is happening with all the Ruby packages that load gems from https://rubygems.org. I was actually running this from a centos5 box. ;( (it was the one I had setup long ago to do these checks and had disk allocated, etc). I guess I will look at moving them over to a more modern machine. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct