[MacPorts] #38265: selfupdate should fetch tarball over HTTP

MacPorts noreply at macports.org
Sat Jul 6 13:04:49 UTC 2024 

#38265: selfupdate should fetch tarball over HTTP
--------------------------+--------------------------------
  Reporter:  raimue       |      Owner:  macports-tickets@…
      Type:  enhancement  |     Status:  closed
  Priority:  Normal       |  Milestone:  MacPorts Future
 Component:  base         |    Version:  2.1.3
Resolution:  fixed        |   Keywords:
      Port:               |
--------------------------+--------------------------------
Changes (by neverpanic):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"dd3acc4b974d274d922b705a9115ba1dc786104f/macports-base"
 dd3acc4b974d274d922b705a9115ba1dc786104f/macports-base] (master):
 {{{
 #!ConfigurableCommitTicketReference repository="macports-base"
 revision="dd3acc4b974d274d922b705a9115ba1dc786104f"
 macports1.0: Selfupdate using HTTP(S)

 Refactor the selfupdate package into smaller functions and switch to
 a control flow of:

  1. checking for newer versions by downloading a single URL
  2. downloading the new version using HTTP when available
  3. verifying the signature using EdDSA with ed25519 elliptic curve
     crypto with the help of OpenBSD's signify(1)
  4. Fall back to the old rsync method if the above fails.

 This allows us to automatically fall back to other mirrors should our
 main mirror not be available. We did not have this functionality
 available for our previous rsync-based mechanism.

 Additionally, the use of our standard curl wrapper enables displaying
 a progress bar for the download and automatically uses any proxies that
 might already be configured for HTTP.

 Since we currently do not have a standard mechanism to sign the source
 code tarballs uploaded to our distfiles server and github releases page
 (we only sign the tarball pushed to rsync), I've taken the liberty to
 introduce a new modern signature scheme for this channel – if we have to
 touch this anyway, we might as well use modern tools and algorithms.

 Co-authored-by: Joshua Root <jmr at macports.org>

 Closes: https://trac.macports.org/ticket/38265
 Closes: https://github.com/macports/macports-base/pull/184
 }}}

-- 
Ticket URL: <https://trac.macports.org/ticket/38265#comment:7>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list