Subject: Re: pkg/30246: download-vulnerability-list doesn't use FETCH_CMD
To: None <,,>
From: Quentin Garnier <>
List: pkgsrc-bugs
Date: 05/16/2005 18:34:01
The following reply was made to PR pkg/30246; it has been noted by GNATS.

From: Quentin Garnier <>
To: "Jeremy C. Reed" <>
Subject: Re: pkg/30246: download-vulnerability-list doesn't use FETCH_CMD
Date: Mon, 16 May 2005 20:37:42 +0200

 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 On Mon, May 16, 2005 at 11:24:47AM -0700, Jeremy C. Reed wrote:
 > On Mon, 16 May 2005, Quentin Garnier wrote:
 > > > And the end resulting script:
 > > >
 > > > utility=3D`echo "/usr/bin/ftp" | /usr/bin/awk '{ print $1 }'`
 > > > case "$utility" in
 > > > *curl)  /usr/bin/ftp ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
 > > > *ftp)   /usr/bin/ftp ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
 > > > *wget)  /usr/bin/ftp ${FETCH_ARGS} -O ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
 > > > *fetch) /usr/bin/ftp ${FETCH_ARGS} -o ${NEW_VUL_LIST} ${VUL_SOURCE} ;;
 > > >
 > > > The utility is hard-coded once you install as shown above.
 > > >
 > > > Notice that curl, wget, fetch would never match in examples (using de=
 > > > ftp) as this was implemented.
 > >
 > > The way I look at it, I believe this is the intended behaviour.  That
 > > way it supports about any FETCH_CMD you set for pkgsrc without having
 > > to do complicated patching in order to make sure the correct options
 > > are passed to the final command.
 > If that is the intended behaviour then the resulting script could just
 > have one line instead of several lines shown above.
 The logic would be in the package Makefile in that case, it's much easier
 to have it there.
 > > Also, note that FETCH_ARGS is documented as settable in
 > > audit-packages(8), while FETCH_CMD is not.
 > FETCH_CMD could easily be documented.
 Sure.  My point was: "it was the intended behaviour".  I.e., feature,
 not bug.  Now, maybe someone clever can say why it is better not to have
 FETCH_CMD settable at run-time.
 Not using tnftp for pkgsrc is dangerous, anyway.  Last time I checked,
 pkg_install used FETCH_CMD, and yet assumed it is tnftp (most notably
 for the automatic-download-using-interactive-ftp "feature").
 Quentin Garnier - -
 "When I find the controls, I'll go where I like, I'll know where I want
 to be, but maybe for now I'll stay right here on a silent sea."
 KT Tunstall, Silent Sea, Eye to the Telescope, 2004.
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 Version: GnuPG v1.2.6 (NetBSD)