* bug#46482: [core-updates] u-boot source cannot be downloaded @ 2021-02-13 2:37 Danny Milosavljevic 2021-02-13 3:19 ` Leo Famulari ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Danny Milosavljevic @ 2021-02-13 2:37 UTC (permalink / raw) To: 46482 [-- Attachment #1: Type: text/plain, Size: 967 bytes --] failed to download "/gnu/store/1idpm6f9pcm9dajm90qgk6x1r6qywfv8-u-boot-2021.01.tar.bz2" from "ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2" builder for `/gnu/store/5s92y4l66f8qh4p4gx79jvsjaxhl208k-u-boot-2021.01.tar.bz2.drv' failed to produce output path `/gnu/store/1idpm6f9pcm9dajm90qgk6x1r6qywfv8-u-boot-2021.01.tar.bz2' build of /gnu/store/5s92y4l66f8qh4p4gx79jvsjaxhl208k-u-boot-2021.01.tar.bz2.drv failed View build log at '/var/log/guix/drvs/5s/92y4l66f8qh4p4gx79jvsjaxhl208k-u-boot-2021.01.tar.bz2.drv.bz2'. cannot build derivation `/gnu/store/m09apasn4glhf2lvsq8bn2ci5ncjq0fz-u-boot-tools-2021.01.drv': 1 dependencies couldn't be built building /gnu/store/5s4pczxlp3v8yfavmgjf93093msfaxym-ucommon-7.0.0.tar.gz.drv... Changing the URL to "https" instead of "ftp" would work. Changing it to "http" instead of "ftp" would also work. Which should we use? Reason is bug #46481. But do we maybe want to change over to http or https anyway? [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#46482: [core-updates] u-boot source cannot be downloaded 2021-02-13 2:37 bug#46482: [core-updates] u-boot source cannot be downloaded Danny Milosavljevic @ 2021-02-13 3:19 ` Leo Famulari 2021-02-13 18:34 ` Bengt Richter 2021-02-19 15:26 ` Ludovic Courtès 2 siblings, 0 replies; 6+ messages in thread From: Leo Famulari @ 2021-02-13 3:19 UTC (permalink / raw) To: Danny Milosavljevic; +Cc: 46482 [-- Attachment #1: Type: text/plain, Size: 508 bytes --] On Sat, Feb 13, 2021 at 03:37:52AM +0100, Danny Milosavljevic wrote: > Changing the URL to "https" instead of "ftp" would work. > Changing it to "http" instead of "ftp" would also work. > Which should we use? I recommend HTTPS over HTTP. Although we don't verify the HTTPS certificate with the X.509 PKI for this case [0], it still protects against passive eavesdropping. [0] https://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/perform-download.scm?id=0e3de2cf1108ed0226297046302079fab9057522#n84 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#46482: [core-updates] u-boot source cannot be downloaded 2021-02-13 2:37 bug#46482: [core-updates] u-boot source cannot be downloaded Danny Milosavljevic 2021-02-13 3:19 ` Leo Famulari @ 2021-02-13 18:34 ` Bengt Richter 2021-02-13 19:12 ` Leo Famulari 2021-02-19 15:26 ` Ludovic Courtès 2 siblings, 1 reply; 6+ messages in thread From: Bengt Richter @ 2021-02-13 18:34 UTC (permalink / raw) To: Danny Milosavljevic; +Cc: 46482 Hi, On +2021-02-13 03:37:52 +0100, Danny Milosavljevic wrote: > failed to download "/gnu/store/1idpm6f9pcm9dajm90qgk6x1r6qywfv8-u-boot-2021.01.tar.bz2" from "ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2" > builder for `/gnu/store/5s92y4l66f8qh4p4gx79jvsjaxhl208k-u-boot-2021.01.tar.bz2.drv' failed to produce output path `/gnu/store/1idpm6f9pcm9dajm90qgk6x1r6qywfv8-u-boot-2021.01.tar.bz2' > build of /gnu/store/5s92y4l66f8qh4p4gx79jvsjaxhl208k-u-boot-2021.01.tar.bz2.drv failed > View build log at '/var/log/guix/drvs/5s/92y4l66f8qh4p4gx79jvsjaxhl208k-u-boot-2021.01.tar.bz2.drv.bz2'. > cannot build derivation `/gnu/store/m09apasn4glhf2lvsq8bn2ci5ncjq0fz-u-boot-tools-2021.01.drv': 1 dependencies couldn't be built > building /gnu/store/5s4pczxlp3v8yfavmgjf93093msfaxym-ucommon-7.0.0.tar.gz.drv... > > Changing the URL to "https" instead of "ftp" would work. > Changing it to "http" instead of "ftp" would also work. > Which should we use? > > Reason is bug #46481. > > But do we maybe want to change over to http or https anyway? So long as you can check the hash of the downloaded file, IMO other considerations ought to dominate the choice. I would prefer something that fits in with mes-philosopy. ftp seems old and simple, so I would vote for push-back to fix the ftp client involved. FWIW: I clicked on the "ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2" URL in your "failed to download" message above, and got an open/save-as popup choice widget, and clicked save-as and successfully downloaded it, and can inspect it with tar -tjvf u-boot-2021.01.tar.bz2|less I am running pureos (debian variant): --8<---------------cut here---------------start------------->8--- 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) --8<---------------cut here---------------end--------------->8--- and was in a tilix terminal when I clicked the URL, which started Mozilla Firefox 78.7.0esr which gave me the open/save-as popup choice. IDK what firefox does with ftp://... but it worked. I guess I could strace it, but what does firefox or icecat do on your box if directed to ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2 ? HTH -- Regards, Bengt Richter ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#46482: [core-updates] u-boot source cannot be downloaded 2021-02-13 18:34 ` Bengt Richter @ 2021-02-13 19:12 ` Leo Famulari 2021-02-14 3:57 ` Bengt Richter 0 siblings, 1 reply; 6+ messages in thread From: Leo Famulari @ 2021-02-13 19:12 UTC (permalink / raw) To: Bengt Richter; +Cc: 46482 On Sat, Feb 13, 2021 at 07:34:09PM +0100, Bengt Richter wrote: > I would prefer something that fits in with mes-philosopy. > ftp seems old and simple, so I would vote for push-back > to fix the ftp client involved. FTP is more complicated than HTTP in that it requires the use of multiple connections. Additionally, it's often blocked on corporate networks, whereas HTTP/S is never going to be blocked (HTTPS anyways). Based on experience in Guix, we have never had bug reports from users who could not access sources over HTTP/S, but there have been several reports of problems using FTP. The HTTP/S ports 80 and 443 are basically the only ports you can depend on being open on a network that is connected to the internet. The creator of curl compares them here: https://daniel.haxx.se/docs/ftp-vs-http.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#46482: [core-updates] u-boot source cannot be downloaded 2021-02-13 19:12 ` Leo Famulari @ 2021-02-14 3:57 ` Bengt Richter 0 siblings, 0 replies; 6+ messages in thread From: Bengt Richter @ 2021-02-14 3:57 UTC (permalink / raw) To: Leo Famulari; +Cc: 46482 Hi Leo et al, On +2021-02-13 14:12:13 -0500, Leo Famulari wrote: > On Sat, Feb 13, 2021 at 07:34:09PM +0100, Bengt Richter wrote: > > I would prefer something that fits in with mes-philosopy. > > ftp seems old and simple, so I would vote for push-back > > to fix the ftp client involved. > > FTP is more complicated than HTTP in that it requires the use of > multiple connections. Additionally, it's often blocked on corporate > networks, whereas HTTP/S is never going to be blocked (HTTPS anyways). > > Based on experience in Guix, we have never had bug reports from users > who could not access sources over HTTP/S, but there have been several > reports of problems using FTP. The HTTP/S ports 80 and 443 are basically > the only ports you can depend on being open on a network that is > connected to the internet. > > The creator of curl compares them here: > > https://daniel.haxx.se/docs/ftp-vs-http.html Thanks, that was interesting. He says (re download speed) "Ultimately the net outcome of course differs depending on specific details, but I would say that for single-shot static files, you won't be able to measure a difference." So in that case, what's minimal, and how vulnerable is it? Is there a minimal quic without google upstream? or X.25 -- dating myself ;-P and what about TFTP/PXE ?? What would the mes-people suggest for minimalist functionality, and minimal trust scope, and maximal monopoly-independence, I wonder? [meta-question] How does one gracefully go off-topic onto a tangential discussion? I thought my original comment re expired gpg key might have helped in some way, but my comment wanting to get the ftp fixed intead of (or in addition to) being bypassed provoked the explanation of how I was deluded (ok, no worries :), but I might want to say something about separate connections isolating meta-data and data as being a "feature" that I expect to see more of, but that would be another step along the tangent ... or osculating circle? NNTR :-D -- Regards, Bengt Richter ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#46482: [core-updates] u-boot source cannot be downloaded 2021-02-13 2:37 bug#46482: [core-updates] u-boot source cannot be downloaded Danny Milosavljevic 2021-02-13 3:19 ` Leo Famulari 2021-02-13 18:34 ` Bengt Richter @ 2021-02-19 15:26 ` Ludovic Courtès 2 siblings, 0 replies; 6+ messages in thread From: Ludovic Courtès @ 2021-02-19 15:26 UTC (permalink / raw) To: Danny Milosavljevic; +Cc: 46482 Hi, Danny Milosavljevic <dannym@scratchpost.org> skribis: > failed to download "/gnu/store/1idpm6f9pcm9dajm90qgk6x1r6qywfv8-u-boot-2021.01.tar.bz2" from "ftp://ftp.denx.de/pub/u-boot/u-boot-2021.01.tar.bz2" Can we add mirror URLs to the ‘origin’, similar to what I did in 9d01749feaa1586b1caf449712116e7518bb2303? Ludo’. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-02-19 15:32 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-02-13 2:37 bug#46482: [core-updates] u-boot source cannot be downloaded Danny Milosavljevic 2021-02-13 3:19 ` Leo Famulari 2021-02-13 18:34 ` Bengt Richter 2021-02-13 19:12 ` Leo Famulari 2021-02-14 3:57 ` Bengt Richter 2021-02-19 15:26 ` Ludovic Courtès
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.