On Wed, Sep 13, 2006, Adam D. Morley wrote: > On Wed, Sep 06, 2006 at 06:03:18PM -0700, Bill Campbell wrote: > > On Wed, Sep 06, 2006, Adam D. Morley wrote: > > >Hi, > > >The recent OpenSSL security announcement: > > >http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.018-openssl.html > > > > > >hints that I need to build a new OpenSSL pacakge for OpenPKG. However, > > >after looking at programs that depend on OpenSSL (openldap), I'm > > >wondering if I also need to rebuild other packages --- as it seems that > > >OpenPKG is statically linking things like OpenLDAP to OpenSSL. Is this > > >the case, or am I totally missing something? > > > > There was a security announcement from the OpenPKG group today > > with references to updates packages for 2.5, stable and current. > > > > The ``openpkg build -KUa '' should take care of all dependencies. > > That sure is a neat command, especially compared to manually downloading > and upgrading. However, production systems are way way behind a > firewall. Can I put in another vote for proxy-capable openpkg build? > I'm currently just wget'ing them and using build's -r, which is fairly > functional, but I'd love to see it happen.
The problem is two-fold: first, cURL has to be proxy-aware to fetch the RDF indices and second, RPM has to be proxy-aware for fetching the RPM packages. The problem is that making cURL proxy-aware is simply a matter of setting the "ftp_proxy" environment variable. Unfortunately, our RPM 4.2 supports only HTTP(!) proxies or REAL FTP(!) proxies, i.e., it does NOT support a WWW proxy to which you speak HTTP but request a FTP URL. It really just supports real old-style FTP proxies (most people have even never seen those beasts ;-). RPM 4.4 seems to be smarter there (as it uses NEON) and should allow regular proxies to be used if I looked correctly into its source. > Could it be done, or would > this be something that the community would have to pay for? It certainly _is_ doable. Either by doing the RPM 4.4 upgrade (which we need sometime in the future anyway and which I would recommend to do) or by hacking in support for FTP-via-HTTP proxying into RPM 4.2 (which I do not really recommend, but which could be an acceptable hack). But you already got it, Adam: both are larger and rather thankless tasks which certainly will never be done by anybody of the community in their private freetime -- or else it would have already been done, as the issue is a well known one since a longer time. But that doesn't mean the issue never can be resolved for OpenPKG: one can order the Development Services of the OpenPKG GmbH (see http://www.openpkg.com/services/) and let this issue be resolved for a fee. The RPM 4.4 upgrade I expect to require about 5-10 man-days, the RPM 4.2 proxy hack I expect to require about 4-6 man-days. The total amount of efforts is more for the RPM 4.4 upgrade but one also gets a lot of really good new things (optional rock-solid SQLite instead of the sensible Berkeley-DB for the RPM DB, NEON for network I/O, XML exports, transactions, FTP EPSV support, etc) beside just the proxy feature. Well, as nobody is neither willing to contribute the upgrade itself nor pay for letting it done by someone else, perhaps we should do some official "community fundraising" for finally gettings those longer standing tasks to be resolved... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ The OpenPKG Project www.openpkg.org User Communication List openpkg-users@openpkg.org
