Re: [Fink-devel] fink CVS does not install/selfupdate as well.
David R. Morrison wrote: [] I'll look into the the @INC problem you had. It seems that PostInstScripts are executed in whatever environment the shell had from which "fink install" was started. So if you don't have PERL5LIB set correctly, this particular script will crash. -- Martin --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] fink CVS does not install/selfupdate as well.
Darian Lanx <[EMAIL PROTECTED]> wrote: > David R. Morrison wrote: > > > > > I'm not sure if you realize this, but all of the mirrors you have recruited > > recently were not being used by anyone (other than a few Fink developers > > who use CVS), because the list of mirrors is only updated when the package > > manager is updated. > > > I know and I addressed this several times in Channel. Justin has the > "mirror" module which adresses this issue on a more global scale as far > as I understood. He was going to update it to HEAD as soon as his SHLIBS > stuff is in. > I didn't realize that Justin intended to work on this more. The CVS module he was using had been inactive for almost a year. I'm not sure in what sense Justin's implementation was "more global" than mine. Anyway, I saw a need, and I implmeneted it. It's done now. > > The security of the current system is no different than the security of > > the previous system. The list of mirrors is kept in CVS, and released > > as a fink package with an MD5 sum for the tarball. > My concern still remains. As I pointed out, I never thought the system > to be secure in the first place, thus it wasn't too bad that not many > were relying on it yet. Wew should have solved the security issues > before making this accessable to the broad public and thuis increasing > the risk involved with this system. > > I'll see to it, that I get GnuPG signing operational as soon as possible I'm not sure I understand your security concern here. The only people who can change the mirror lists that the average fink user gets are the people who can release source files using the SF file release system. That list consists of the fink core developers and one or two others. Could you please summarize the security of fink as you see it, and explain where we need improvement? I'd be happy to help improve things. -- Dave --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] fink CVS does not install/selfupdate as well.
> > I'll look into the the @INC problem you had. Which version of fink did > > you have installed when you tried to inject? > 0.17.1.cvs OK, the inject will only work if you have at least fink 0.17.2 installed. This inject method is *not* intended as the way most users will get updated lists of fink mirrors, by the way. They'll get them through selfupdate when the fink-mirrors package is updated. And the fink-mirrors package explicitly depends on fink >= 0.17.2. -- Dave --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] fink CVS does not install/selfupdate as well.
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 David R. Morrison wrote: I'm not sure if you realize this, but all of the mirrors you have recruited recently were not being used by anyone (other than a few Fink developers who use CVS), because the list of mirrors is only updated when the package manager is updated. I know and I addressed this several times in Channel. Justin has the "mirror" module which adresses this issue on a more global scale as far as I understood. He was going to update it to HEAD as soon as his SHLIBS stuff is in. The security of the current system is no different than the security of the previous system. The list of mirrors is kept in CVS, and released as a fink package with an MD5 sum for the tarball. My concern still remains. As I pointed out, I never thought the system to be secure in the first place, thus it wasn't too bad that not many were relying on it yet. Wew should have solved the security issues before making this accessable to the broad public and thuis increasing the risk involved with this system. I'll see to it, that I get GnuPG signing operational as soon as possible I'll look into the the @INC problem you had. Which version of fink did you have installed when you tried to inject? 0.17.1.cvs - -d -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/7uf1PMoaMn4kKR4RA60kAJ4ufFYK7mhzPrZW9egJx5yFzjDlxACfVmU0 ecXQl6ETfH3A1vmfTq52qjE= =jUzD -END PGP SIGNATURE- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] fink CVS does not install/selfupdate as well.
> And on a personal note. I am really not happya bout this new > mirror.info. Personally i think that was a premature deicsion, because > it introduces rather serious security problems. It was bad enough how we > had it, but having it in a seperate info file without _any_ validation > is even worse imho. I'm not sure if you realize this, but all of the mirrors you have recruited recently were not being used by anyone (other than a few Fink developers who use CVS), because the list of mirrors is only updated when the package manager is updated. The security of the current system is no different than the security of the previous system. The list of mirrors is kept in CVS, and released as a fink package with an MD5 sum for the tarball. I'll look into the the @INC problem you had. Which version of fink did you have installed when you tried to inject? -- Dave --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
[Fink-devel] fink CVS does not install/selfupdate as well.
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Just for your Info, I do nto know if this is known: ir.old /sw/src/root-fink-mirrors-0.0.2-2/sw/share/info/dir /sw/src/root-fink-mirrors-0.0.2-2/sw/share/info/dir.old /bin/rm -rf fink-mirrors-0.0.2-2 Writing control file... Finding prebound objects... Writing dependencies... Writing package script postinst... dpkg-deb -b root-fink-mirrors-0.0.2-2 /sw/fink/dists/unstable/main/binary-darwin-powerpc/base dpkg-deb: building package `fink-mirrors' in `/sw/fink/dists/unstable/main/binary-darwin-powerpc/base/fink-mirrors_0.0.2-2_darwin-powerpc.deb'. /bin/ln -sf /sw/fink/dists/unstable/main/binary-darwin-powerpc/base/fink-mirrors_0.0.2-2_darwin-powerpc.deb /sw/fink/debs/ /bin/rm -rf /sw/src/root-fink-mirrors-0.0.2-2 dpkg -i /sw/fink/dists/unstable/main/binary-darwin-powerpc/base/fink-mirrors_0.0.2-2_darwin-powerpc.deb Selecting previously deselected package fink-mirrors. (Reading database ... 13561 files and directories currently installed.) Unpacking fink-mirrors (from .../fink-mirrors_0.0.2-2_darwin-powerpc.deb) ... Setting up fink-mirrors (0.0.2-2) ... Can't locate Fink/Services.pm in @INC (@INC contains: /System/Library/Perl/5.8.1/darwin-thread-multi-2level /System/Library/Perl/5.8.1 /Library/Perl/5.8.1/darwin-thread-multi-2level /Library/Perl/5.8.1 /Library/Perl /Network/Library/Perl/5.8.1/darwin-thread-multi-2level /Network/Library/Perl/5.8.1 /Network/Library/Perl .) at /sw/lib/fink/mirror/postinstall.pl line 29. BEGIN failed--compilation aborted at /sw/lib/fink/mirror/postinstall.pl line 29. dpkg: error processing fink-mirrors (--install): subprocess post-installation script returned error exit status 2 Errors were encountered while processing: fink-mirrors ### execution of dpkg failed, exit code 1 Failed: can't install package fink-mirrors-0.0.2-2 And on a personal note. I am really not happya bout this new mirror.info. Personally i think that was a premature deicsion, because it introduces rather serious security problems. It was bad enough how we had it, but having it in a seperate info file without _any_ validation is even worse imho. :) - -d -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/7t+TPMoaMn4kKR4RAzAFAJ0XJ57BBAB0ahGwiYM3DPJPfIVJZQCglgzX uzQbg2/oCK4KivnX7mwV44U= =P+QS -END PGP SIGNATURE- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
