Re: upgrades no longer allow ftp for sets
On 2014-03-29 Sat 19:26 PM |, Ted Unangst wrote: Eventually, will base ftpd be removed? The program (some might say pogrom) to delete old shit doesn't really need any more suggestions at this time. I'm happily using it was wondering if I should plan to stop doing so.
Re: upgrades no longer allow ftp for sets
On 2014-03-26 Wed 16:06 PM |, Craig R. Skinner wrote: On 2014-03-25 Tue 18:34 PM |, Theo de Raadt wrote: The 5.5 release will support FTP releases, but after that we are disabling FTP and thus pushing people to use HTTP installs. In this day and age, it is somewhat irresponsible for us to put people into a situation where they might install new FTP servers on the internet. We've known it is a dangerous protocol for over 20 years. Use a HTTP server to serve the sets, please. Would these pages summarise it? http://cr.yp.to/ftp/security.html http://tools.ietf.org/html/rfc2577 http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security http://daniel.haxx.se/docs/ftp-vs-http.html Eventually, will base ftpd be removed? e.g: telnetd, rshd, uucpd, rmail,...
Re: upgrades no longer allow ftp for sets
geez! there are better technologies out here. SUre, if a technology works for 20 years, then go with it. However, there are loads faster ways (and a lot more secure too). Why not use bit torrent? Its fast, reliable and really only needs a half dozen seeds at various places across the net . THe problem with FTP is that you can have only so many connections before the bandwidth the host uses gets jammed. It also doesn't have very good resume functionality. If the guys at OpenBSD decide to change technologies, thats their choice. Besides, I would rather be able to get the distribution and ports trees at my full internet connection, not some slower speed limited by old technology. So, when are the rest of you lot going to get with the 21st century? -eric On Mar 29, 2014, at 1:47 AM, Craig R. Skinner wrote: On 2014-03-26 Wed 16:06 PM |, Craig R. Skinner wrote: On 2014-03-25 Tue 18:34 PM |, Theo de Raadt wrote: The 5.5 release will support FTP releases, but after that we are disabling FTP and thus pushing people to use HTTP installs. In this day and age, it is somewhat irresponsible for us to put people into a situation where they might install new FTP servers on the internet. We've known it is a dangerous protocol for over 20 years. Use a HTTP server to serve the sets, please. Would these pages summarise it? http://cr.yp.to/ftp/security.html http://tools.ietf.org/html/rfc2577 http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security http://daniel.haxx.se/docs/ftp-vs-http.html Eventually, will base ftpd be removed? e.g: telnetd, rshd, uucpd, rmail,...
Re: upgrades no longer allow ftp for sets
On 2014-03-29 Sat 02:10 AM |, Eric Oyen wrote: . On 2014-03-26 Wed 16:06 PM |, Craig R. Skinner wrote: Eventually, will base ftpd be removed? *BASE*
Re: upgrades no longer allow ftp for sets
Couldn't agree more! :) Andy Sent from my iPhone On 29 Mar 2014, at 09:10, Eric Oyen eric.o...@gmail.com wrote: geez! there are better technologies out here. SUre, if a technology works for 20 years, then go with it. However, there are loads faster ways (and a lot more secure too). Why not use bit torrent? Its fast, reliable and really only needs a half dozen seeds at various places across the net . THe problem with FTP is that you can have only so many connections before the bandwidth the host uses gets jammed. It also doesn't have very good resume functionality. If the guys at OpenBSD decide to change technologies, thats their choice. Besides, I would rather be able to get the distribution and ports trees at my full internet connection, not some slower speed limited by old technology. So, when are the rest of you lot going to get with the 21st century? -eric On Mar 29, 2014, at 1:47 AM, Craig R. Skinner wrote: On 2014-03-26 Wed 16:06 PM |, Craig R. Skinner wrote: On 2014-03-25 Tue 18:34 PM |, Theo de Raadt wrote: The 5.5 release will support FTP releases, but after that we are disabling FTP and thus pushing people to use HTTP installs. In this day and age, it is somewhat irresponsible for us to put people into a situation where they might install new FTP servers on the internet. We've known it is a dangerous protocol for over 20 years. Use a HTTP server to serve the sets, please. Would these pages summarise it? http://cr.yp.to/ftp/security.html http://tools.ietf.org/html/rfc2577 http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security http://daniel.haxx.se/docs/ftp-vs-http.html Eventually, will base ftpd be removed? e.g: telnetd, rshd, uucpd, rmail,...
Re: upgrades no longer allow ftp for sets
Eventually, will base ftpd be removed? Unlikely.
Re: upgrades no longer allow ftp for sets
On Sat, Mar 29, 2014, at 09:44 AM, Theo de Raadt wrote: Eventually, will base ftpd be removed? Unlikely. Why not? You got rid of base telnetd a while back. -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
Eventually, will base ftpd be removed? Unlikely. Why not? You got rid of base telnetd a while back. Because telnet is a protocol that people chose to use, and actively could decide to move to the ssh server protocol. Whereas ftp is a protocol that is often used in scripts. So there are lots of ftp-based things hiding in the background. If we removed the our ftp server (which I think is a pretty safe ftp server) from action, people would go into the ports tree and have to install one of those. They are probably worse. People get hurt. Noone benefits.
Re: upgrades no longer allow ftp for sets
On Sat, Mar 29, 2014 at 08:47, Craig R. Skinner wrote: Eventually, will base ftpd be removed? The program (some might say pogrom) to delete old shit doesn't really need any more suggestions at this time. The situation is well in hand (some might say out of hand).
Re: upgrades no longer allow ftp for sets
TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No.
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? So I sent a long mail yesterday explaining this, and that's the best you two can do? How do you even retain jobs??
Re: upgrades no longer allow ftp for sets
Hello Theo, Wednesday, March 26, 2014, 3:18:59 PM, you wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. -- Best regards, Borismailto:bo...@twopoint.com
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? jirib
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014, at 09:14 AM, Jiri B wrote: On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? My educated guess is that ssh and sftp would not fit on the install disks. Though there are probably other reasons as well, including the fact that to truly be secure you'd have to verify the host keys beforehand as they could not be stored on the install disks. -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
So I sent a long mail yesterday explaining this, and that's the best you two can do? How do you even retain jobs?? Dramatic arts class on elementary school :D j.
Re: upgrades no longer allow ftp for sets
Em 27-03-2014 11:28, Shawn K. Quinn escreveu: On Thu, Mar 27, 2014, at 09:14 AM, Jiri B wrote: On Thu, Mar 27, 2014 at 08:10:05AM -0600, Theo de Raadt wrote: TdR ... placing openssl there is not part of any solution that would work. TdR What are other possible solutions? Do you think sftp would fit? Can you replace ftp with sftp? I'd prefer to maintain a limited access sftp server rather than a http one. Wow. No. Could you please elaborate why not sftp for sets (and/or for pkg_add)? My educated guess is that ssh and sftp would not fit on the install disks. Though there are probably other reasons as well, including the fact that to truly be secure you'd have to verify the host keys beforehand as they could not be stored on the install disks. Yes, and although the crypto algorithms that ssh uses are better than tls/ssl, there also side channel attacks on them to infer things, although things would be better obfuscated. So if you can't authenticate the host, nor the client in the installation, there isn't really a point in having sftp on the installer. I believe that it would even hurt security since you could be much more susceptible to impersonation attacks since many many people blindly accepts ssh host keys. Signify, provided you trust the initial key, completely solves the problem of the insecure medium. If you want to obfuscate what you are installing, you're better off using a proxy. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
Hello misc, Thursday, March 27, 2014, 9:14:00 AM, Jiri wrote: JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. -- Best regards, Borismailto:bo...@twopoint.com
Re: upgrades no longer allow ftp for sets
On 27 March 2014 11:30, Boris Goldberg bo...@twopoint.com wrote: Hello misc, Thursday, March 27, 2014, 9:14:00 AM, Jiri wrote: JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. -- Best regards, Borismailto:bo...@twopoint.com 1) It's not useful. 2) It's too complicated. 3) It's impossible to fit on the install media. Ken
Re: upgrades no longer allow ftp for sets
JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). psftp Great, so you can't even use the right example. Classy. As it happens, sftp is just a wrapper around ssh, and ssh itself statically linked is: textdatabss dec hex 1445154 24580 52312 1522046 17397e So, even bigger than openssl. BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. First off, you are suggesting that we double the size of the large thing on the install media. You are showing that you can't do any research at all, but want to throw ideas out. My main reason is Taste. I'll stand against the addition of useless stuff that people can't use correctly. You are throwing sftp out there as an idea, without any deep consideration. I don't know who you are asking us to keep serving your needs. Never heard of you before.
Re: upgrades no longer allow ftp for sets
Em 27-03-2014 12:43, Theo de Raadt escreveu: JB Could you please elaborate why not sftp for sets (and/or JB for pkg_add)? I'll rephrase: can someone besides Theo elaborate? It was an obvious mistake to reply to his email (to be fair, I've addressed it to misc, not to him). In his long email Theo was talking about openssl. It's my understanding that openssh is going away from openssl, so I don't see a direct connection. I also see that psftp (from the putty) is about 300K, and I don't believe it has any important dependencies (kerberos could be ignored in this case). psftp Great, so you can't even use the right example. Classy. As it happens, sftp is just a wrapper around ssh, and ssh itself statically linked is: textdatabss dec hex 1445154 24580 52312 1522046 17397e So, even bigger than openssl. BTW, what is limiting the bsd.rd size? It's not for a floppy. I've tried searching and found only a rumor that there is might be the size limit. First off, you are suggesting that we double the size of the large thing on the install media. You are showing that you can't do any research at all, but want to throw ideas out. My main reason is Taste. I'll stand against the addition of useless stuff that people can't use correctly. You are throwing sftp out there as an idea, without any deep consideration. I don't know who you are asking us to keep serving your needs. Never heard of you before. Even if the size wasn't an issue, using ssh on the installer would only be really secure if associated with DNSSEC and SSHFP records for the server. There are sysadmins that blindly trust host keys, ssl certificates, so imagine a regular user trying to install OpenBSD and being prompted for an unknonw host key. And we are just talking about the installer side. Imagine the headache of configuring mirrors with sftp. Even if all mirrors host keys were somehow compressed and putted in the installer, this wouldn't solve the issue when installing from a personal mirror, and such. Please stop. It's bad enough having ftp. Yesterday I did a http install, very fast, and the best part, very easy. With 5.5 on the horizon, signify and all the good things that will come with it, the install process will be much more reliable. Just take as example all the linuxes installation and updates processes. They all use http, with no tls/ssl. I can't remember if any of them have ssl enabled on their mirrors. sftp? Good luck finding one. I hope that this is elaborate enough. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
Geez, all you complainers and/or suggesters get over it. The OpenBSD project makes decisions, sometimes you like them, some times you don't. Get used to it. If you feel that strongly about it quit using OpenBSD or code something really good and efficient then present it. FWIW, Anyone who is responsible for border firewalls deplores FTP protocol. diana Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005)
Re: upgrades no longer allow ftp for sets
previously on this list Kenneth Westerback contributed: 1) It's not useful. 2) It's too complicated. 3) It's impossible to fit on the install media. 4) With the advent of signify and one of it's goals being efficiency it would be a solution that needlessly wastes resources of many types.
Re: upgrades no longer allow ftp for sets
On Thu, Mar 27, 2014 at 1:37 PM, Diana Eichert deich...@wrench.com wrote: FWIW, Anyone who is responsible for border firewalls deplores FTP protocol. And its cousin, FTPS, which, although encrypted, has the same dual port problem yet not curable via a proxy. Chris
Re: upgrades no longer allow ftp for sets
On 2014 Mar 25 (Tue) at 20:38:08 -0500 (-0500), Shawn K. Quinn wrote: :On Tue, Mar 25, 2014, at 08:10 PM, n...@leviacomm.net wrote: : Thanks and I understand the reasoning. The current ftp server won't be : able to do http and use of siteXX files prevents using an external : source. Will nfs be supported or am I going to need more hardware? : :What is preventing you from using, say, a USB thumb drive as the install :media? Also note you can install from multiple sources (http for :everything else, then a local disk for the siteXX files). : I am upgrading hundreds of boxes a day That is an *excellent* reason to not use usb thumb drives. Want another reason? Remote machines with serial console -- Rudin's Law: If there is a wrong way to do something, most people will do it every time.
Re: upgrades no longer allow ftp for sets
One other reason is that our ftp *client* is a pile of crud. Almost anyone who approaches it runs away screaming (or becomes berserk, grabs an axe, and starts cutting madly at the rest of the tree)
Re: upgrades no longer allow ftp for sets
On 2014-03-26, n...@leviacomm.net n...@leviacomm.net wrote: I am upgrading hundreds of boxes a day with only have serial access to them. Installing from an external source would bring any server I use to its knees (I end up using 4-5 Gbps of bandwidth during upgrades. Sounds like an excellent reason to setup a new infrastructure with HTTP server and using the new autoinstall/autoupgrade functionality in the installer. I assume packages will still be able to grabbed over ftp, although I suspect I should be planning for that to go away too at some point. I don't know, but I wouldn't want to use ftp to update packages anyway, it goes so much faster over HTTP.
Re: upgrades no longer allow ftp for sets
Em 25-03-2014 23:27, n...@leviacomm.net escreveu: I am upgrading hundreds of boxes a day with only have serial access to them. Installing from an external source would bring any server I use to its knees (I end up using 4-5 Gbps of bandwidth during upgrades. I assume packages will still be able to grabbed over ftp, although I suspect I should be planning for that to go away too at some point. Original Message Subject: Re: upgrades no longer allow ftp for sets From: Shawn K. Quinn skqu...@rushpost.com Date: Tue, March 25, 2014 6:38 pm To: misc@openbsd.org On Tue, Mar 25, 2014, at 08:10 PM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? What is preventing you from using, say, a USB thumb drive as the install media? Also note you can install from multiple sources (http for everything else, then a local disk for the siteXX files). Why don't you create your own internal mirror? Or your own external mirror if you have the bandwidth/server available? I did had a complete mirror for internal installs with siteXX and I didn't used ftp. Please, help us purge this protocol from the internet. If your siteXX has sensible information you can use ssl with authentication. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
On 03/25/14 21:09, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? I'm not understanding something here, and I think most of the rest of us are missing it, as well. You can pick up hardware capable of serving http to all your machines for upgrade off my curb today. Really, it takes almost nothing to build a very capable web server for static content. Since you are probably talking about only one or two platforms, a small SSD can hold all the files and packages, put into a seven year old computer with SATA interface, and ta-da, you got a $100 (or way less) http server that will absolutely kick ***. I find it unlikely your existing FTP server can't have a web server added and pointed at the same directory your FTP is being served from now, unless it is some bizarre little appliance thing, in which case, you would really benefit from an upgrade, performance-wise. So...is there a real problem in your environment that makes FTP more desirable? If so, I'm sure a lot of us would like to be educated on this...or is it just a reluctance to change? Nick.
Re: upgrades no longer allow ftp for sets
On 2014-03-25 Tue 18:34 PM |, Theo de Raadt wrote: The 5.5 release will support FTP releases, but after that we are disabling FTP and thus pushing people to use HTTP installs. In this day and age, it is somewhat irresponsible for us to put people into a situation where they might install new FTP servers on the internet. We've known it is a dangerous protocol for over 20 years. Use a HTTP server to serve the sets, please. Would these pages summarise it? http://cr.yp.to/ftp/security.html http://tools.ietf.org/html/rfc2577 http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security http://daniel.haxx.se/docs/ftp-vs-http.html
Re: upgrades no longer allow ftp for sets
On Wed, Mar 26, 2014 at 10:41, Marc Espie wrote: One other reason is that our ftp *client* is a pile of crud. Almost anyone who approaches it runs away screaming (or becomes berserk, grabs an axe, and starts cutting madly at the rest of the tree) I have seen no evidence of this ever happening.
Re: upgrades no longer allow ftp for sets
On 26 March 2014 13:46, Ted Unangst t...@tedunangst.com wrote: On Wed, Mar 26, 2014 at 10:41, Marc Espie wrote: One other reason is that our ftp *client* is a pile of crud. Almost anyone who approaches it runs away screaming (or becomes berserk, grabs an axe, and starts cutting madly at the rest of the tree) I have seen no evidence of this ever happening. The first thing and last thing axed is always the log. :-) Ken
Re: upgrades no longer allow ftp for sets
On 2014-03-26, Giancarlo Razzolini grazzol...@gmail.com wrote: If your siteXX has sensible information you can use ssl with authentication. The installer doesn't include openssl.
Re: upgrades no longer allow ftp for sets
On 2014-03-26, Giancarlo Razzolini grazzol...@gmail.com wrote: If your siteXX has sensible information you can use ssl with authentication. The installer doesn't include openssl. Funny, Stuart. My processs is to always look at the size of a statically linked binary to make a guess as to whether it could go onto the installer. At the very least, it should fit. (Whether it belongs there is a different question) For this check, the vax is convenient. Binaries are still static. They are actually smaller than they might be on other architectures, so let's compare: textdatabss dec hex 1406523 42740 41692 1490955 16c00b Wow. Only a small part of that is libc code that might be shared by other stuff on the instbin binary which makes the install media work. Whereas the amd64 instbin binary, which contains EVERYTHING you need to install is, today: textdatabss dec hex 1276644 35040 652568 1964252 1df8dc Good luck making it fit.
Re: upgrades no longer allow ftp for sets
Em 26-03-2014 16:48, Stuart Henderson escreveu: On 2014-03-26, Giancarlo Razzolini grazzol...@gmail.com wrote: If your siteXX has sensible information you can use ssl with authentication. The installer doesn't include openssl. I forgot this. I'm so used to ssl webservers, that I forget that the bsd.rd kernel has it's limitations, as all installers have. But I had in the past a complete http mirror of openbsd for amd64 with packages and everything and my own siteXX. It simplified a lot the installation process. And now with the complete automation of the install that has been recently developed, things would be even simpler. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
Em 26-03-2014 16:59, Theo de Raadt escreveu: On 2014-03-26, Giancarlo Razzolini grazzol...@gmail.com wrote: If your siteXX has sensible information you can use ssl with authentication. The installer doesn't include openssl. Funny, Stuart. My processs is to always look at the size of a statically linked binary to make a guess as to whether it could go onto the installer. At the very least, it should fit. (Whether it belongs there is a different question) For this check, the vax is convenient. Binaries are still static. They are actually smaller than they might be on other architectures, so let's compare: textdatabss dec hex 1406523 42740 41692 1490955 16c00b Wow. Only a small part of that is libc code that might be shared by other stuff on the instbin binary which makes the install media work. Whereas the amd64 instbin binary, which contains EVERYTHING you need to install is, today: textdatabss dec hex 1276644 35040 652568 1964252 1df8dc Good luck making it fit. Theo, I agree with you that the installer must be as small as possible, and still offer a good mix of ways to install the software. With signify, the security of the underlying security of the protocol being used in the installation, becomes irrelevant, as long as you trust the initial key and as long as you are not trying to obfuscate which platform/sets/packages you are installing. Personally I don't do network installs, only as last resort. I prefer using a usb stick. Our OP apparently does not has physical access to the machines so it has to rely on network installs/upgrades, whatever. If he can dedicate a machine for making it's own mirror, it's the best alternative. It would be nice to have openssl in the installer, but it surely isn't much of a problem nowadays. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
Em 26-03-2014 16:59, Theo de Raadt escreveu: On 2014-03-26, Giancarlo Razzolini grazzol...@gmail.com wrote: If your siteXX has sensible information you can use ssl with authentication. The installer doesn't include openssl. Funny, Stuart. My processs is to always look at the size of a statically linked binary to make a guess as to whether it could go onto the installer. At the very least, it should fit. (Whether it belongs there is a different question) For this check, the vax is convenient. Binaries are still static. They are actually smaller than they might be on other architectures, so let's compare: textdatabss dec hex 1406523 42740 41692 1490955 16c00b Wow. Only a small part of that is libc code that might be shared by other stuff on the instbin binary which makes the install media work. Whereas the amd64 instbin binary, which contains EVERYTHING you need to install is, today: textdatabss dec hex 1276644 35040 652568 1964252 1df8dc Good luck making it fit. Theo, I agree with you that the installer must be as small as possible, and still offer a good mix of ways to install the software. With signify, the security of the underlying security of the protocol being used in the installation, becomes irrelevant, as long as you trust the initial key and as long as you are not trying to obfuscate which platform/sets/packages you are installing. Personally I don't do network installs, only as last resort. I prefer using a usb stick. Our OP apparently does not has physical access to the machines so it has to rely on network installs/upgrades, whatever. If he can dedicate a machine for making it's own mirror, it's the best alternative. It would be nice to have openssl in the installer, but it surely isn't much of a problem nowadays. That's entirely true, but signify only works for the signed base sets. site*.tgz is now a pretty serious outlier. I feel we might have to do a rather large departure from the current model to make that file safe again. I know it is fetched locally, but there is this really twisted dependency on all three files SHA256.sig, SHA256, and index.txt. Regarding safey of site*.gz, placing openssl there is not part of any solution that would work. What are other possible solutions? I do not yet know. One development path may be to remove site*tgz from the main install sequence, and try to handle it in a more special way after base set installs. Even if we have to add an additional question for a while. Then maybe we can develop a better sequence that satisfies the same need. The install scripts are dynamic, something changes in them every release, so this is a natural process.
Re: upgrades no longer allow ftp for sets
Em 26-03-2014 17:18, Theo de Raadt escreveu: Theo, I agree with you that the installer must be as small as possible, and still offer a good mix of ways to install the software. With signify, the security of the underlying security of the protocol being used in the installation, becomes irrelevant, as long as you trust the initial key and as long as you are not trying to obfuscate which platform/sets/packages you are installing. Personally I don't do network installs, only as last resort. I prefer using a usb stick. Our OP apparently does not has physical access to the machines so it has to rely on network installs/upgrades, whatever. If he can dedicate a machine for making it's own mirror, it's the best alternative. It would be nice to have openssl in the installer, but it surely isn't much of a problem nowadays. That's entirely true, but signify only works for the signed base sets. site*.tgz is now a pretty serious outlier. I feel we might have to do a rather large departure from the current model to make that file safe again. I know it is fetched locally, but there is this really twisted dependency on all three files SHA256.sig, SHA256, and index.txt. Regarding safey of site*.gz, placing openssl there is not part of any solution that would work. What are other possible solutions? I do not yet know. One development path may be to remove site*tgz from the main install sequence, and try to handle it in a more special way after base set installs. Even if we have to add an additional question for a while. Then maybe we can develop a better sequence that satisfies the same need. The install scripts are dynamic, something changes in them every release, so this is a natural process. As I mentioned, openssl would only make possible to obfuscate the platform, sets and packages being installed. There a lot of side channels attacks that make possible to tell exactly what you are installing, even if the connection is encrypted. For this reason, I think signify is a much more important change than putting openssl in the installer. The siteXX.tgz should be handled in a different way. Perhaps the way you proposed, of at some point someone can have a different solution. I thought for a while and nothing came up, besides what you already proposed. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
The FTP server is located on the head units for our dozen+ cabinet SAN/NAS monstrosity from $storage_vendor, getting the software on them to work the way it was shipped is already a huge pain. The plan is to set up a couple of new servers as web servers with a mounted iSCSI volume that points back to the LUN the FTP server was using. The problem being that by the time the hardware request gets processed and the servers installed, I'll be starting on upgrades to 5.7, so nfs will be a temporary measure to allow upgrades to proceed for the time being. Original Message Subject: Re: upgrades no longer allow ftp for sets From: Ted Unangst t...@tedunangst.com Date: Tue, March 25, 2014 9:11 pm To: n...@leviacomm.net Cc: misc@openbsd.org On Tue, Mar 25, 2014 at 18:10, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? nfs is supported, though finding a way to install an http server on your ftp server is still the better option.
Re: upgrades no longer allow ftp for sets
Em 26-03-2014 18:16, n...@leviacomm.net escreveu: The FTP server is located on the head units for our dozen+ cabinet SAN/NAS monstrosity from $storage_vendor, getting the software on them to work the way it was shipped is already a huge pain. It happens. Hardware vendors not shipping decent software? Not news. The plan is to set up a couple of new servers as web servers with a mounted iSCSI volume that points back to the LUN the FTP server was using. The problem being that by the time the hardware request gets processed and the servers installed, I'll be starting on upgrades to 5.7, so nfs will be a temporary measure to allow upgrades to proceed for the time being. You could use some older hardware laying around, if you have it. I don't know if you have many simultaneous installs/upgrades, if not, you can use a very modest hardware for the web server. Good luck. Cheers, Original Message Subject: Re: upgrades no longer allow ftp for sets From: Ted Unangst t...@tedunangst.com Date: Tue, March 25, 2014 9:11 pm To: n...@leviacomm.net Cc: misc@openbsd.org On Tue, Mar 25, 2014 at 18:10, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? nfs is supported, though finding a way to install an http server on your ftp server is still the better option. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: upgrades no longer allow ftp for sets
On Tue, Mar 25, 2014, at 06:58 PM, n...@leviacomm.net wrote: Since the 23 March snapshot I've no longer been able to get the sets via ftp during upgrade, is this intentional or is this an error on my end? This worked on the snapshot form 19 March and earlier using the amd64-snapshot bsd.rd indirectly from ftp3.usa.openbsd.org (Local ftp mirror with rsync daily pull from ftp3). I would guess it's intentional as there's no real reason to pick FTP over HTTP anymore. -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
Since the 23 March snapshot I've no longer been able to get the sets via ftp during upgrade, is this intentional or is this an error on my end? This worked on the snapshot form 19 March and earlier using the amd64-snapshot bsd.rd indirectly from ftp3.usa.openbsd.org (Local ftp mirror with rsync daily pull from ftp3). The 5.5 release will support FTP releases, but after that we are disabling FTP and thus pushing people to use HTTP installs. In this day and age, it is somewhat irresponsible for us to put people into a situation where they might install new FTP servers on the internet. We've known it is a dangerous protocol for over 20 years. Use a HTTP server to serve the sets, please.
Re: upgrades no longer allow ftp for sets
Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? Original Message Subject: Re: upgrades no longer allow ftp for sets From: Theo de Raadt dera...@cvs.openbsd.org Date: Tue, March 25, 2014 5:34 pm To: misc@openbsd.org, n...@leviacomm.net Since the 23 March snapshot I've no longer been able to get the sets via ftp during upgrade, is this intentional or is this an error on my end? This worked on the snapshot form 19 March and earlier using the amd64-snapshot bsd.rd indirectly from ftp3.usa.openbsd.org (Local ftp mirror with rsync daily pull from ftp3). The 5.5 release will support FTP releases, but after that we are disabling FTP and thus pushing people to use HTTP installs. In this day and age, it is somewhat irresponsible for us to put people into a situation where they might install new FTP servers on the internet. We've known it is a dangerous protocol for over 20 years. Use a HTTP server to serve the sets, please.
Re: upgrades no longer allow ftp for sets
On Tue, Mar 25, 2014, at 08:10 PM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? What is preventing you from using, say, a USB thumb drive as the install media? Also note you can install from multiple sources (http for everything else, then a local disk for the siteXX files). -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
On Tue, Mar 25, 2014, at 08:10 PM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? What is preventing you from using, say, a USB thumb drive as the install media? Also note you can install from multiple sources (http for everything else, then a local disk for the siteXX files). I also have some large concerns about how the siteXX files interact with the new signing mechanism. Obviously, they are not signed. But furthermore, it is inconvenient how they affect the install code, by following the same path. I would like to see this improve, but don't think anyone has a clear idea yet.
Re: upgrades no longer allow ftp for sets
On Wed, Mar 26, 2014 at 2:10 AM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? For more than 7 years, I have been using installation file sets as well as siteXX files on USB thumbdrives for installing and testing snapshots. So you don't need a lot of extra hardware at all. Adriaan
Re: upgrades no longer allow ftp for sets
Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? For more than 7 years, I have been using installation file sets as well as siteXX files on USB thumbdrives for installing and testing snapshots. So you don't need a lot of extra hardware at all. Another reason for doing this is so that in the future we can gut the fetching program to not have the totally enormous FTP code path.
Re: upgrades no longer allow ftp for sets
I am upgrading hundreds of boxes a day with only have serial access to them. Installing from an external source would bring any server I use to its knees (I end up using 4-5 Gbps of bandwidth during upgrades. I assume packages will still be able to grabbed over ftp, although I suspect I should be planning for that to go away too at some point. Original Message Subject: Re: upgrades no longer allow ftp for sets From: Shawn K. Quinn skqu...@rushpost.com Date: Tue, March 25, 2014 6:38 pm To: misc@openbsd.org On Tue, Mar 25, 2014, at 08:10 PM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? What is preventing you from using, say, a USB thumb drive as the install media? Also note you can install from multiple sources (http for everything else, then a local disk for the siteXX files). -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
Whatever you're doing, it is wrong. You think you cannot properly filter HTTP. But you can properly filter FTP. Right. Sre. Keep believing that. I am upgrading hundreds of boxes a day with only have serial access to them. Installing from an external source would bring any server I use to its knees (I end up using 4-5 Gbps of bandwidth during upgrades. I assume packages will still be able to grabbed over ftp, although I suspect I should be planning for that to go away too at some point. Original Message Subject: Re: upgrades no longer allow ftp for sets From: Shawn K. Quinn skqu...@rushpost.com Date: Tue, March 25, 2014 6:38 pm To: misc@openbsd.org On Tue, Mar 25, 2014, at 08:10 PM, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? What is preventing you from using, say, a USB thumb drive as the install media? Also note you can install from multiple sources (http for everything else, then a local disk for the siteXX files). -- Shawn K. Quinn skqu...@rushpost.com
Re: upgrades no longer allow ftp for sets
On Tue, Mar 25, 2014 at 18:10, n...@leviacomm.net wrote: Thanks and I understand the reasoning. The current ftp server won't be able to do http and use of siteXX files prevents using an external source. Will nfs be supported or am I going to need more hardware? nfs is supported, though finding a way to install an http server on your ftp server is still the better option.