This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Cygwin 1.7 deployment : disabling MD5 check?


On 25/02/2010 15:15, Nicolas Cuissard wrote:

> I'm on the edge of massively deploying Cygwin 1.7 from Cygwin 1.5 (+400
> workstations), and I'm concerned about the time setup.exe takes to
> verify MD5 packages signature.
> 
> When the repository is a remote SaMBa share, it looks that setup.exe
> download all packages one time to check the signature and another time
> to install the package.
> 
> Is there a possibly to disable this check? As a workaround, I can
> silently synchronize the repository on the local drive and launching the
> setup from there, but it's more complicated that using a single
> repository on the network.

  There's no command-line option for it - yet.  (And I'm not really sure if
there should be in general, either.  I'm already uncomfortable about the mere
existence of the -X option, but I had to be practical about it.)

  For situations like this, I'd recommend building and distributing internally
a custom version of setup.exe anyway, so that you can edit IDS_MIRROR_LST and
point it to your own internal mirror with its own mirrors.lst with just a
single entry pointing straight back at itself, and avoid any confused users
trying to install from an external mirror by accident.

  So if you're happy with hacking the code about, just delete all the contents
of the md5_one() function at the end of install.cc.  Or you could try the
attached patch if you want a command-line option for it.  Builds OK but not
tested yet.

  (Note that of course if you do this your users are vulnerable to tampering,
so make sure you have ACLs on the mirror well locked down, or otherwise that
the files are protected against tampering.  You are switching off security,
unbuckling all your seatbelts, and running headlong full tilt with scissors;
any resulting consequences are yours to enjoy!)

    cheers,
      DaveK

Index: install.cc
===================================================================
RCS file: /cvs/cygwin-apps/setup/install.cc,v
retrieving revision 2.94
diff -p -u -r2.94 install.cc
--- install.cc	28 Jan 2010 22:59:09 -0000	2.94
+++ install.cc	25 Feb 2010 19:22:04 -0000
@@ -76,6 +76,9 @@ static BoolOption NoReplaceOnReboot (fal
 				     "Disable replacing in-use files on next "
 				     "reboot.");
 
+static BoolOption NoMD5Sums (false, '5', "no-md5sums",
+	"Don't validate md5 checksums before installing packages");
+
 struct std_dirs_t {
   const char *name;
   mode_t mode;
@@ -713,6 +716,9 @@ do_install (HINSTANCE h, HWND owner)
 
 void md5_one (const packagesource& pkgsource)
 {
+  if (NoMD5Sums)
+    return;
+
   if (pkgsource.md5.isSet() && pkgsource.Cached ())
   {
     std::string fullname (pkgsource.Cached ());

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]