Date: Fri, 11 Sep 2020 16:22:23 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Andrew Savchenko <andrew@lists.savchenko.net> Cc: freebsd-pkg@freebsd.org Subject: Re: Switching `pkg` to HTTPS by default Message-ID: <20200911142223.kt7cfs5zbu7qwtsn@ivaldir.net> In-Reply-To: <20200911141457.yzrirgbvlhjtrnrr@ivaldir.net> References: <8310678484.20200911231037@savchenko.net> <20200911141457.yzrirgbvlhjtrnrr@ivaldir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--zyy7aogssyxfw7ld Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 11, 2020 at 04:14:57PM +0200, Baptiste Daroussin wrote: > On Fri, Sep 11, 2020 at 11:11:37PM +0930, Andrew Savchenko wrote: > > Hello, > >=20 > > I have added the following snippet under the=20 > > /usr/local/etc/pkg/repos/FreeBSD.conf: > >=20 > > ``` > > FreeBSD: { > > url: "pkg+https://pkg.FreeBSD.org/${ABI}/quarterly", > > mirror_type: "srv", > > signature_type: "fingerprints", > > fingerprints: "/usr/share/keys/pkg", > > enabled: yes > > } > > ``` > >=20 > > Note the "https" part of the address. Regardless, `pkg` continued fetch= ing=20 > > binaries over unencrypted http. I had to change the /etc/pkg/FreeBSD.co= nf for=20 > > this to have any effect. >=20 > This discussion happened many time in the past, regarding the pkg reposit= ory the > https does not bring much as everything is signed and checked against che= cksums. >=20 > That said the point of not having https by default is only related to the= fact > that by default there is no CAROOT so no way to validate the certificates= in > base, so the bootstrap will fail. >=20 > Note that this is doable now in CURRENT. Sorry I completly miss read your report yes this is a bug I will look into it What does pkg -vv tell you ? Best regards, Bapt --zyy7aogssyxfw7ld Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAl9biB8ACgkQY4mL3PG3 PlpvzA/8CivEel6kB0RehK74iWcLVA0fNWLrEo5ifiwBy3qOUNOa75JKwXDYRP0O lzIg8Lb9LGYnHjxzrRdBu0g/yfzK93RmKemT5F5dMqYs3mhGzLVnr1bxhAz1di3K 4ZGAxwaLHfKeZymgnvlFIy6vvidpt8ph1PLfqxhvFi9vX6RHMv6m+AI4abrIE2ZA g5JE1lXCBjRTqy4i9CZ3T5sUkor80ZPoXQbrjNmiWcOt0yHVks6Y34M1Y/9sPrGw EixhvGdfRRqyZmyeeKann0fe15tKObxhLnVnhgQ7TnOwxNCRVBhx4pPHRppTlkfR myRSCP+pkre4gf2ONPxEYqCKJROzgyYoiSfzKXZ6eZVINuXjb6aeyb7aRw+ij1uk ODUwlc18mcYFFa9UL1a9pBGvwPHnuwjvpWVWSYjXLcRrfPCzrDOfLkalUeErqBSJ +opzTVX4nEAv7vEBmWBAAutoCNIAL7xTwNutVPlGzil/RK587ptJl37EV/G22pwi wR3DJ5DSxakmps7EVRMcCfPxzxap5n3jq9LvUy6hdg4yOFJFtN6moEVHi2UDiSJj wEIj4EeLxogX955vFuPdtNwbG102Vw3VKhK1ZNo0mF0oWJj9s9PD4jWeXJK/MOeK iADvwzrGVdnYmr4jFl70uXc56eOK8juxe5wmNfyKktie93atiHk= =WFDF -----END PGP SIGNATURE----- --zyy7aogssyxfw7ld--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200911142223.kt7cfs5zbu7qwtsn>