openssh @6.1p1+hpn: fetch failure

[tomoyuki.kakuda@…]

I'm trying to install "sudo port install openssh +hpn +mute_fake_xauth". But, I can't fetch openssh. It's because, the checksum is not match.

I attached opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_net_openssh/openssh/main.log

I don't know why. Please help me.

[tomoyuki.kakuda@…]

error log

[cooljeanius (Eric Gallager)]

It says:

The file has been moved to: /opt/local/var/macports/distfiles/openssh/openssh-6.1p1-hpn13v14.diff.gz.html

Can you open that file and see what it says?

Edit: Also this isn't a server/hosting issue because Macports doesn't actually host openssh itself.

[larryv (Lawrence Velázquez)]

The HPN-SSH URL has moved to ​http://www.psc.edu/index.php/hpn-ssh. In addition, the patches do not seem to be directly linked anymore. The closest thing I can find to a direct link returns this header:

% curl -IL 'http://www.psc.edu/index.php/component/remository/func-download/861/chk,20152cee1847ff688dabbe20eab6505c/no_html,1/'
HTTP/1.1 200 OK
Date: Thu, 31 Jan 2013 20:16:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: 23f2db72f5fe1bbb4a68ff5137d557ec=t52nb8mq9r92d66ja5ottg98r1; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Accept-Ranges: bytes
Content-Length: 20146
Expires: -1
Content-Disposition: attachment; filename=openssh-6.1p1-hpn13v14.diff.gz
Content-Transfer-Encoding: binary
Connection: close
Content-Type: application/force-download

% 

which then initiates the download. The server also seems to keep track of how many downloads per day one performs, although that might be tied to a cookie.

It is not clear to me what the best way to deal with this is.

[ryandesign (Ryan Carsten Schmidt)]

wiki:PortfileRecipes#fetchwithgetparams

Or, we could download from somewhere else that has already mirrored the patch, e.g. ​http://code.google.com/p/latian-linux/downloads/list

Either way, the checksums don't match what's in the port. And that variant was just re-enabled last month in r100199. Jyrki, do you still have the copy of openssh-6.1p1-hpn13v14.diff.gz you used to update the variant then? If so, could you please attach it here so I can compare it to the version currently available, to determine whether it was a stealth update?

[ggm@…]

[removed. whining doesn't help. I learned how to make a ~/ports/.. subtree instance, and modified my own Portfile]

[jyrkiwahlstedt]

Replying to ryandesign@…:

wiki:PortfileRecipes#fetchwithgetparams

Or, we could download from somewhere else that has already mirrored the patch, e.g. ​http://code.google.com/p/latian-linux/downloads/list

Either way, the checksums don't match what's in the port. And that variant was just re-enabled last month in r100199. Jyrki, do you still have the copy of openssh-6.1p1-hpn13v14.diff.gz you used to update the variant then? If so, could you please attach it here so I can compare it to the version currently available, to determine whether it was a stealth update?

Hi, yes, I have it, I'll attach it here

[ryandesign (Ryan Carsten Schmidt)]

Thanks. That's obviously an HTML file, not a gzip-compressed diff. So now I feel comfortable committing my patch.

...except that the download link I put in the patch 6 days ago no longer works; it just delivers a file containing the string "Illegal download attempt". Searching Google for this, I see that this is part of the Joomla extension Remository, which is ​specifically designed to give you download links that are only good for a limited period of time, and to make it impossible to provide permanent links to files. Which makes it not useful for our needs so there's no point in us trying to use it.

I committed my patch in r102700 with a change to download the hpn patch from the Google Code mirror I mentioned above.

If for a future update of this patch we are required to use the Remository link because we can find no existing mirrors, we could employ a technique like that used by the curl-ca-bundle port to only attempt to use the upstream site for a limited time following the commit, and after that use only our mirrors.