#54069 closed defect (fixed)

gnupg: Fetch of IDEA code fails via FTP

Reported by: michael-j-oconnor Owned by: ryandesign (Ryan Schmidt)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: ionic
Port: gnupg

Description

The change resulting from #53710 needs to be backed out or rethought.

sudo port -N install gnupg +idea

fails, since the file idea.c.gz cannot be fetched via FTP. This can be readily seen with curl -v:

$ curl -v ftp://ftp.gnupg.dk/pub/contrib-dk/idea.c.gz
*   Trying 82.180.28.130...
* TCP_NODELAY set
* Connected to ftp.gnupg.dk (82.180.28.130) port 21 (#0)
< 220 pi FTP server (Version wu-2.6.2(1) Mon Apr 30 20:10:54 UTC 2012) ready.
> USER anonymous
< 331 Guest login ok, send your complete e-mail address as password.
> PASS ftp@example.com
< 230-The response 'ftp@example.com' is not valid
< 230-Next time please use your e-mail address as your password
< 230-        for example: joe@macportzzz.org
< 230-Welcome, archive user anonymous@macportzzz.org !
< 230-
< 230-The local time is: Mon May  1 01:29:15 2017
< 230-
< 230-This is an experimental FTP server.  If have any unusual problems,
< 230-please report them via e-mail to <root@pi>.
< 230-
< 230-If you do have problems, please try using a dash (-) as the first
< 230-character of your password -- this will turn off the continuation
< 230-messages that may be confusing your FTP client.
< 230-
< 230 Guest login ok, access restrictions apply.
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> CWD pub
* ftp_perform ends with SECONDARY: 0
< 250-Please read the file README
< 250-  it was last modified on Sun Apr 30 04:25:12 2017 - 1 day ago
< 250-Please read the file README~
< 250-  it was last modified on Sun Apr 30 04:25:12 2017 - 1 day ago
< 250 CWD command successful.
> CWD contrib-dk
< 250 CWD command successful.
> EPSV
* Connect data stream passively
< 500 'EPSV': command not understood.
* Failed EPSV attempt. Disabling EPSV
> PASV
< 227 Entering Passive Mode (192,168,0,3,87,244)
*   Trying 192.168.0.3...
* TCP_NODELAY set
* Connecting to 192.168.0.3 (192.168.0.3) port 22516
* Connection failed
* connect to 192.168.0.3 port 21 failed: Operation timed out
* Failed to connect to ftp.gnupg.dk port 21: Operation timed out
* Closing connection 0
curl: (7) Failed to connect to ftp.gnupg.dk port 21: Operation timed out

MacPorts FTP fetch operation uses PASV ftp, and ftp.gnupg.dk returns a bogus/private IP address in its PASV response. This is not uncommon, and command-line curl even has an option to deal with it:

       --ftp-skip-pasv-ip
              (FTP) Tell curl to not use the IP address the server suggests in
              its  response to curl's PASV command when curl connects the data
              connection. Instead curl will re-use  the  same  IP  address  it
              already uses for the control connection.

Many browser implementations may do the same thing, if not fall back to PORT FTP (which works with this site). However, neither seems to be readily configurable with MacPorts FTP fetch implementation. I'm writing this to show that this is NOT a "firewall issue" (at least at the downloading end), since there were concerns in #53710 about that.

Based on the HTTP redirect, the file can be downloaded from:

https://gnupg.dk/pub/contrib-dk/idea.c.gz

I'd suggest that as an alternative. Either that, or ship the file so the gnupg.dk site is not a single point of failure.

Change History (2)

comment:1 Changed 23 months ago by ryandesign (Ryan Schmidt)

Cc: ionic added
Owner: set to ryandesign
Port: gnupg added
Status: newaccepted
Summary: Fetch of IDEA code fails via FTPgnupg: Fetch of IDEA code fails via FTP

comment:2 Changed 23 months ago by ryandesign (Ryan Schmidt)

Resolution: fixed
Status: acceptedclosed

In ce74d28a9ab45a5628d2793fcb59dd3d560d93e5/macports-ports:

gnupg: Fetch idea source via https not troublesome ftp

Closes: #54069

Note: See TracTickets for help on using tickets.