Date: Fri, 11 Sep 2020 16:22:23 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Andrew Savchenko <andrew@lists.savchenko.net> Cc: freebsd-pkg@freebsd.org Subject: Re: Switching `pkg` to HTTPS by default Message-ID: <20200911142223.kt7cfs5zbu7qwtsn@ivaldir.net> In-Reply-To: <20200911141457.yzrirgbvlhjtrnrr@ivaldir.net> References: <8310678484.20200911231037@savchenko.net> <20200911141457.yzrirgbvlhjtrnrr@ivaldir.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Fri, Sep 11, 2020 at 04:14:57PM +0200, Baptiste Daroussin wrote:
> On Fri, Sep 11, 2020 at 11:11:37PM +0930, Andrew Savchenko wrote:
> > Hello,
> >
> > I have added the following snippet under the
> > /usr/local/etc/pkg/repos/FreeBSD.conf:
> >
> > ```
> > FreeBSD: {
> > url: "pkg+https://pkg.FreeBSD.org/${ABI}/quarterly",
> > mirror_type: "srv",
> > signature_type: "fingerprints",
> > fingerprints: "/usr/share/keys/pkg",
> > enabled: yes
> > }
> > ```
> >
> > Note the "https" part of the address. Regardless, `pkg` continued fetching
> > binaries over unencrypted http. I had to change the /etc/pkg/FreeBSD.conf for
> > this to have any effect.
>
> This discussion happened many time in the past, regarding the pkg repository the
> https does not bring much as everything is signed and checked against checksums.
>
> That said the point of not having https by default is only related to the fact
> that by default there is no CAROOT so no way to validate the certificates in
> base, so the bootstrap will fail.
>
> Note that this is doable now in CURRENT.
Sorry I completly miss read your report
yes this is a bug I will look into it
What does pkg -vv tell you ?
Best regards,
Bapt
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAl9biB8ACgkQY4mL3PG3
PlpvzA/8CivEel6kB0RehK74iWcLVA0fNWLrEo5ifiwBy3qOUNOa75JKwXDYRP0O
lzIg8Lb9LGYnHjxzrRdBu0g/yfzK93RmKemT5F5dMqYs3mhGzLVnr1bxhAz1di3K
4ZGAxwaLHfKeZymgnvlFIy6vvidpt8ph1PLfqxhvFi9vX6RHMv6m+AI4abrIE2ZA
g5JE1lXCBjRTqy4i9CZ3T5sUkor80ZPoXQbrjNmiWcOt0yHVks6Y34M1Y/9sPrGw
EixhvGdfRRqyZmyeeKann0fe15tKObxhLnVnhgQ7TnOwxNCRVBhx4pPHRppTlkfR
myRSCP+pkre4gf2ONPxEYqCKJROzgyYoiSfzKXZ6eZVINuXjb6aeyb7aRw+ij1uk
ODUwlc18mcYFFa9UL1a9pBGvwPHnuwjvpWVWSYjXLcRrfPCzrDOfLkalUeErqBSJ
+opzTVX4nEAv7vEBmWBAAutoCNIAL7xTwNutVPlGzil/RK587ptJl37EV/G22pwi
wR3DJ5DSxakmps7EVRMcCfPxzxap5n3jq9LvUy6hdg4yOFJFtN6moEVHi2UDiSJj
wEIj4EeLxogX955vFuPdtNwbG102Vw3VKhK1ZNo0mF0oWJj9s9PD4jWeXJK/MOeK
iADvwzrGVdnYmr4jFl70uXc56eOK8juxe5wmNfyKktie93atiHk=
=WFDF
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200911142223.kt7cfs5zbu7qwtsn>