Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#66382 - [bird] switch to https

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Friday, 24 April 2020, 21:59 GMT
Last edited by Sébastien Luttringer (seblu) - Tuesday, 19 May 2020, 22:16 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Sébastien Luttringer (seblu)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Patch switches source line to HTTPS.
   bird.diff (0.5 KiB)
This task depends upon

Closed by  Sébastien Luttringer (seblu)
Tuesday, 19 May 2020, 22:16 GMT
Reason for closing:  Implemented
Comment by Sébastien Luttringer (seblu) - Saturday, 25 April 2020, 11:59 GMT
$ curl https://bird.network.cz/pub/bird/bird-2.0.7.tar.gz
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
Comment by T.J. Townsend (blakkheim) - Saturday, 25 April 2020, 14:38 GMT
I'll contact upstream to get it sorted and post another comment here when it's fixed.
Comment by Sébastien Luttringer (seblu) - Saturday, 25 April 2020, 14:56 GMT
I checked several times all my packages to switch them to https.
So, don't open a bug report to fix something which is not fixable.
Https is not mandatory, it's a privacy first solution for our links.
Comment by Pascal Ernster (hardfalcon) - Sunday, 26 April 2020, 16:19 GMT
  • Field changed: Percent Complete (100% → 0%)
https://bird.network.cz/debian/pool/main/b/bird2/bird2_2.0.7.orig.tar.gz
Comment by Sébastien Luttringer (seblu) - Sunday, 26 April 2020, 17:39 GMT
That's a path inside a debian shared pool. It's not clean, I prefer stick with the official path.
Cleaner solution would be to grab the sources via their https gitlab, but requires to change from released tarballs to sources based, and as they use autotools, it's not equivalent.
Comment by Pascal Ernster (hardfalcon) - Monday, 27 April 2020, 19:11 GMT
That tarball has exactly the same sha256sum and md5sum as the one you're currently using, so it is clean in that regard.

Also, I don't see why the URL should be an issue. It's the same official server, run by the same project. If it is good enough for upstream to build their official Debian packages from that tarball, why shouldn't it be good enough for Archlinux to use?

Moreover, as upstream doesn't seem to sign their release tarballs nor publish any cryptographic checksums on their HTTPS site, I'd actually consider it a security benefit to use HTTPS instead of FTP.
Comment by T.J. Townsend (blakkheim) - Monday, 11 May 2020, 15:04 GMT
Can the following URL be used for the PKGBUILD?

https://bird.network.cz/download/

It appears to serve a regular tarball:

https://bird.network.cz/download/bird-2.0.7.tar.gz
Comment by Sébastien Luttringer (seblu) - Tuesday, 19 May 2020, 22:16 GMT
Looks great. Updated!

Loading...