From owner-freebsd-ports@FreeBSD.ORG  Sat Apr 13 19:55:24 2013
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 55E5458E
 for <freebsd-ports@freebsd.org>; Sat, 13 Apr 2013 19:55:24 +0000 (UTC)
 (envelope-from freebsd@grem.de)
Received: from mail.grem.de (outcast.grem.de [213.239.217.27])
 by mx1.freebsd.org (Postfix) with SMTP id A52D211B1
 for <freebsd-ports@freebsd.org>; Sat, 13 Apr 2013 19:55:22 +0000 (UTC)
Received: (qmail 15943 invoked by uid 89); 13 Apr 2013 19:48:40 -0000
Received: from unknown (HELO bsd64.grem.de) (mg@grem.de@80.137.98.61)
 by mail.grem.de with ESMTPA; 13 Apr 2013 19:48:40 -0000
Date: Sat, 13 Apr 2013 21:48:39 +0200
From: Michael Gmelin <freebsd@grem.de>
To: freebsd-ports@freebsd.org
Subject: Setting fetch environment in pkg.conf (pkgng)
Message-ID: <20130413214839.3d59a743@bsd64.grem.de>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd9.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Apr 2013 19:55:24 -0000

Hi,

I recently converted a host from to pkgng and getting the following
error:

Checking for packages with security vulnerabilities:
pkg: http://portaudit.FreeBSD.org/auditfile.tbz: No route to host
pkg: Cannot fetch audit file!

Portaudit was configured to use a proxy
in /usr/local/etc/portaudit.conf:

portaudit_fetch_env="HTTP_PROXY=http://192.168.1.2:8080/"

I'm aware that pkg uses libfetch directly, but since most
configuration in libfetch happens through setting environment
variables, it would be great if it could be set before calls to
libfetch's fetchGet* functions instead of setting it in the
environment used (modify cron jobs etc.). Since there are different
applications for fetch in pkg I would suggest the following settings
(examples):

# environment for fetching auditfile (pkg-audit(8))
audit_fetch_env = "HTTP_PROXY=http://192.168.1.2:8080/"

# environment for talking to the repo (pkg-update(8), pkg-upgrade(8)...)
repo_fetch_env = "SSL_CLIENT_KEY_FILE=/etc/ssl/pkgclient01.key \
                  SSL_CLIENT_CERT_FILE=/etc/ssl/pkgclient01.crt \
                  SSL_CA_CERT_FILE=/etc/ssl/pkgmaster.pem"

In case there are other uses of libfetch in the code, further settings
could be added - also for talking to multiple repositories.

Thoughts?

Cheers,
Michael

PS: The example for repo_fetch_env assumes that
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/175514 has been
applied.

-- 
Michael Gmelin