From owner-freebsd-gecko@FreeBSD.ORG Tue Feb 25 20:42:34 2014 Return-Path: Delivered-To: gecko@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 53B3294A for ; Tue, 25 Feb 2014 20:42:34 +0000 (UTC) Received: from starfish.geekisp.com (starfish.geekisp.com [216.168.135.166]) by mx1.freebsd.org (Postfix) with SMTP id E963016EE for ; Tue, 25 Feb 2014 20:42:33 +0000 (UTC) Received: (qmail 21254 invoked by uid 1003); 25 Feb 2014 20:42:33 -0000 Received: from unknown (HELO kiwi) (tyler@monkeypox.org@64.125.69.200) by mail.geekisp.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 25 Feb 2014 20:42:32 -0000 Date: Tue, 25 Feb 2014 12:42:29 -0800 From: "R. Tyler Croy" To: Zach Leslie Subject: Re: SSL verification issues when installing modules from the Forge Message-ID: <20140225204229.GX85115@kiwi> References: <20140224003807.GD85115@kiwi> <20140224175709.GH83500@prozach.local> <20140224181517.GK85115@kiwi> <20140225194628.GK83500@prozach.local> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+9WMDU/RdULAIC7Q" Content-Disposition: inline In-Reply-To: <20140225194628.GK83500@prozach.local> User-Agent: Mutt/1.5.22 (2013-10-16) Cc: puppet-bsd@googlegroups.com, gecko@FreeBSD.org X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Feb 2014 20:42:34 -0000 --+9WMDU/RdULAIC7Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello gecko@! I'm CC'ing you on this thread already in progress, I hope you don't mind! On Tue, 25 Feb 2014, Zach Leslie wrote: > > Bingo! This works: > >=20 > > % pkg install puppet ca_root_nss > > % ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem > > % puppet module install zleslie/pkgng > >=20 > > Perhaps I should file a bug against the puppet FreeBSD port to specify = the > > dependency correctly, and perhaps the puppet port should create the sym= bolic > > link? >=20 > Linking as part of the puppet port would work, though I really think > this is the job of the ca_root_nss port. I'm not sure why its disabled > by default. It might be worth reaching out to the port maintainers. Gecko, I'm curious whether it would be possible to update the ca_root_nss port's ETCSYMLINK option to default to true? In the case of installing ca_root_nss from pkgng, the option cannot be changed by a user installing t= he package, so the symlink won't exist, which causes problems :( If this isn't something you're comfortable with changing, it'd be helpful to understand why, so we could explore other means of solving the problem and document them accordingly. Cheers - R. Tyler Croy ------------------------------------------------------ Code: Chatter: % gpg --keyserver keys.gnupg.net --recv-key 3F51E16F ------------------------------------------------------ --+9WMDU/RdULAIC7Q Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlMNADUACgkQFCbH3D9R4W+YFwCdHqrx8/pv0Z88Q8XFvIv3Bvhl JtAAn06JNB2f4QaIBTZOc5iixNq4YeVS =KUkM -----END PGP SIGNATURE----- --+9WMDU/RdULAIC7Q--