You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 2000/06/09 21:58:17 UTC

.tar.gz.asc files causing problems

The newer versions of Netscape appear to be varfing on the
PGP signature files for the gzipped tarballs.  This appears to
be because the 'Content-encoding: x-gzip' field is included,
but the file isn't actually gzipped.  (And NS appears to try to
unzip it, or at least verify it, even on a shift-click..)

This is not good; people can't verify the signatures, which
sort of puts everything into question.

I see a couple of possible solutions to this:

1. Add a 'RemoveEncoding' directive, paralleling RemoveHandler,
   and use it on these files.  (On the plate for 2.0 in any event.)
   Or,
2. Actually gzip the signature files so the suffix indication is
   correct.
3. Rename the PGP signature files to something like 'tar_gz.asc'.

I think the last is cleanest, though bogus.  We don't have any
mechanism for ignoring specific suffixes.  Option 1 is difficult
for the immediate term because of all the mirrors; option 2
is distasteful because unzipping it is likely to remove the .gz
suffix, which will throw it out of name-sync with the file to which
it applies.

If we had a RemoveEncoding directive, the .htaccess file could
contain something like

<Files *.asc>
    RemoveEncoding .gz .Z
</Files>

The same thing (bogus Content-Encoding included) occurs with the
.Z.asc files -- but Netscape doesn't varf on those even though
it's a lie.

There's a basic badness to the current situation: Apache is currently
lying about the encoding of these files.  And currently the only
clean way to fix that (which will make the files usable to NS as
well) appears to involve making the naming UNclean.
-- 
#ken    P-)}

Ken Coar                    <http://Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Apache-Server.Com/>
"Apache Server Unleashed"   <http://ApacheUnleashed.Com/>

Re: .tar.gz.asc files causing problems

Posted by Rodent of Unusual Size <Ke...@Golux.Com>.

Rodent of Unusual Size wrote:
> 
> I'm going to cop out and just rename the .tar.{Z,gz}.asc files to
> .tar_{Z,gz}.asc.

Done.
-- 
#ken    P-)}

Ken Coar                    <http://Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Apache-Server.Com/>
"Apache Server Unleashed"   <http://ApacheUnleashed.Com/>

Re: .tar.gz.asc files causing problems

Posted by Rodent of Unusual Size <Ke...@Golux.Com>.

"Life is hard, and then you die" wrote:
> 
>   4. "clear" the encoding when a new content-type is set (while
>      parsing the extensions from left to right). This however means
>      that, e.g., .gz.tar would not be the same as .tar.gz anymore.
>      However, I do find it "natural". Patch appended.

As you say, that would be a change in behaviour for 1.3.  A *major*
change, which would violate the principle of least astonishment
even more than the CSS stuff.

I'm going to cop out and just rename the .tar.{Z,gz}.asc files to
.tar_{Z,gz}.asc.
-- 
#ken    P-)}

Ken Coar                    <http://Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Apache-Server.Com/>
"Apache Server Unleashed"   <http://ApacheUnleashed.Com/>

Re: .tar.gz.asc files causing problems

Posted by "Life is hard, and then you die" <ro...@innovation.ch>.

On Fri, Jun 09, 2000 at 03:58:17PM -0400, Rodent of Unusual Size wrote:
> The newer versions of Netscape appear to be varfing on the
> PGP signature files for the gzipped tarballs.  This appears to
> be because the 'Content-encoding: x-gzip' field is included,
> but the file isn't actually gzipped.  (And NS appears to try to
> unzip it, or at least verify it, even on a shift-click..)
> 
> This is not good; people can't verify the signatures, which
> sort of puts everything into question.
> 
> I see a couple of possible solutions to this:
> 
> 1. Add a 'RemoveEncoding' directive, paralleling RemoveHandler,
>    and use it on these files.  (On the plate for 2.0 in any event.)
>    Or,
> 2. Actually gzip the signature files so the suffix indication is
>    correct.
> 3. Rename the PGP signature files to something like 'tar_gz.asc'.

Here is fourth:

  4. "clear" the encoding when a new content-type is set (while
     parsing the extensions from left to right). This however means
     that, e.g., .gz.tar would not be the same as .tar.gz anymore.
     However, I do find it "natural". Patch appended.


  Cheers,

  Ronald


Index: mod_mime.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_mime.c,v
retrieving revision 1.54
diff -u -d -b -w -r1.54 mod_mime.c
--- mod_mime.c	2000/02/06 03:53:11	1.54
+++ mod_mime.c	2000/06/12 05:33:22
@@ -594,6 +594,7 @@
         if ((type = ap_table_get(conf->forced_types, ext))
             || (type = ap_table_get(hash_buckets[hash(*ext)], ext))) {
             r->content_type = type;
+            r->content_encoding = NULL;
             found = 1;
         }