contrib/install_db4.sh fetching a patch from gist.githubusercontent.com #20722

issue alevchuk opened this issue on December 19, 2020
  1. alevchuk commented at 1:32 PM on December 19, 2020: none

    Berkeley DB installer in contrib makes a call over the internet to https://gist.githubusercontent.com to fetch a 141 line patch.

    https://github.com/bitcoin/bitcoin/blob/f1dbf92ff0475a01d20170ea422c1d086acbbc57/contrib/install_db4.sh#L71

    The gist has multiple revisions

    Expected behavior

    One less call over the internet during the build process. One less website to depend on.

    To reproduce

     ./contrib/install_db4.sh

    install_db4.sh is recommended by the doc/build-*.md for example https://github.com/bitcoin/bitcoin/blob/master/doc/build-unix.md#berkeley-db

    CC: @laanwj

  2. alevchuk added the label Bug on Dec 19, 2020
  3. MarcoFalke commented at 1:43 PM on December 19, 2020: member

    #20665

  4. alevchuk commented at 6:12 PM on December 19, 2020: none

    dupliacte

  5. alevchuk closed this on Dec 19, 2020
  6. alevchuk commented at 6:18 PM on December 19, 2020: none

    Never-mind, #20665 isn't actually getting rid of the dependency.

  7. alevchuk reopened this on Dec 19, 2020
  8. laanwj commented at 11:41 AM on December 20, 2020: member

    Yes I think #20665 would be better if it looked for the local patch.

    That said, I'm not convinced that this is an actual issue. It is a download script after all and an additional, verified download won't make it noticeably slower or less efficient, or less secure.

  9. alevchuk commented at 1:19 AM on December 21, 2020: none

    Any security concerns / what are implications if gist.githubusercontent.com compromised?

  10. laanwj commented at 4:25 PM on January 19, 2021: member

    Any security concerns / what are implications if gist.githubusercontent.com compromised?

    It would give an error as it validates the hash.

  11. laanwj closed this on Jan 19, 2021
  12. sidhujag referenced this in commit 599774e599 on Jan 20, 2021
  13. DrahtBot locked this on Aug 18, 2022
Contributors
alevchukMarcoFalkelaanwj
Labels
Bug
Linked (view graph)
#20906 contrib: embed C++11 patch in install_db4.sh
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 21:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me