X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.2 required=5.0 tests=AWL,BAYES_00,HK_OBFDOM X-Spam-Check-By: sourceware.org Message-ID: <4B86D30A.2020002@gmail.com> Date: Thu, 25 Feb 2010 19:44:10 +0000 From: Dave Korn User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Cygwin 1.7 deployment : disabling MD5 check? References: <4B8693FA DOT 90009 AT univ-paris1 DOT fr> In-Reply-To: <4B8693FA.90009@univ-paris1.fr> Content-Type: multipart/mixed; boundary="------------010306030801080905080407" Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com --------------010306030801080905080407 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 25/02/2010 15:15, Nicolas Cuissard wrote: > I'm on the edge of massively deploying Cygwin 1.7 from Cygwin 1.5 (+400 > workstations), and I'm concerned about the time setup.exe takes to > verify MD5 packages signature. > > When the repository is a remote SaMBa share, it looks that setup.exe > download all packages one time to check the signature and another time > to install the package. > > Is there a possibly to disable this check? As a workaround, I can > silently synchronize the repository on the local drive and launching the > setup from there, but it's more complicated that using a single > repository on the network. There's no command-line option for it - yet. (And I'm not really sure if there should be in general, either. I'm already uncomfortable about the mere existence of the -X option, but I had to be practical about it.) For situations like this, I'd recommend building and distributing internally a custom version of setup.exe anyway, so that you can edit IDS_MIRROR_LST and point it to your own internal mirror with its own mirrors.lst with just a single entry pointing straight back at itself, and avoid any confused users trying to install from an external mirror by accident. So if you're happy with hacking the code about, just delete all the contents of the md5_one() function at the end of install.cc. Or you could try the attached patch if you want a command-line option for it. Builds OK but not tested yet. (Note that of course if you do this your users are vulnerable to tampering, so make sure you have ACLs on the mirror well locked down, or otherwise that the files are protected against tampering. You are switching off security, unbuckling all your seatbelts, and running headlong full tilt with scissors; any resulting consequences are yours to enjoy!) cheers, DaveK --------------010306030801080905080407 Content-Type: text/x-c; name="setup-no-md5sums-option.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="setup-no-md5sums-option.diff" Index: install.cc =================================================================== RCS file: /cvs/cygwin-apps/setup/install.cc,v retrieving revision 2.94 diff -p -u -r2.94 install.cc --- install.cc 28 Jan 2010 22:59:09 -0000 2.94 +++ install.cc 25 Feb 2010 19:22:04 -0000 @@ -76,6 +76,9 @@ static BoolOption NoReplaceOnReboot (fal "Disable replacing in-use files on next " "reboot."); +static BoolOption NoMD5Sums (false, '5', "no-md5sums", + "Don't validate md5 checksums before installing packages"); + struct std_dirs_t { const char *name; mode_t mode; @@ -713,6 +716,9 @@ do_install (HINSTANCE h, HWND owner) void md5_one (const packagesource& pkgsource) { + if (NoMD5Sums) + return; + if (pkgsource.md5.isSet() && pkgsource.Cached ()) { std::string fullname (pkgsource.Cached ()); --------------010306030801080905080407 Content-Type: text/plain; charset=us-ascii -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple --------------010306030801080905080407--