From owner-freebsd-ports@freebsd.org  Thu Jun  1 01:25:33 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66377BEF1A2
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Thu,  1 Jun 2017 01:25:33 +0000 (UTC)
 (envelope-from zhao6014@gmail.com)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 4255C74133
 for <freebsd-ports@freebsd.org>; Thu,  1 Jun 2017 01:25:33 +0000 (UTC)
 (envelope-from zhao6014@gmail.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 416DEBEF1A1; Thu,  1 Jun 2017 01:25:33 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 40E2DBEF1A0
 for <ports@mailman.ysv.freebsd.org>; Thu,  1 Jun 2017 01:25:33 +0000 (UTC)
 (envelope-from zhao6014@gmail.com)
Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com
 [IPv6:2607:f8b0:4003:c06::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 03C4074132
 for <ports@freebsd.org>; Thu,  1 Jun 2017 01:25:33 +0000 (UTC)
 (envelope-from zhao6014@gmail.com)
Received: by mail-oi0-x234.google.com with SMTP id l18so37096787oig.2
 for <ports@freebsd.org>; Wed, 31 May 2017 18:25:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=EhavxaEqSLCAMxzwk+SGV2lhTf6S6UUl0jqnGO6cxzU=;
 b=r4qmI417xR0tx07RKk/LpoRHRHLBStpxgI9rB5FZNItmNXK9U6gJznDYhei5359P6P
 VnR7cRbMfj2riWRJp/SOyXAso1uaXiUxmfV3OL1H32B5nfTjsWd48v745ICVGWfsyONE
 yc2PlfLd6jAAcDyUuUEn61cBfubU189DAa14thKbx+BoSlHuqvozI2iBUYVisUimIu7W
 joofQgJQmFGtCBbKf16DzqlLopXALKp0djCzzK/Jke5fPg4KFm9LSpTnP1M4YbeoZo06
 wS7IffBfOK7lyDIGb1IMkD1mqxuYLchg8fkLevB7DuiStg9SgZhOhq5zr6StEHm+plHq
 uK7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=EhavxaEqSLCAMxzwk+SGV2lhTf6S6UUl0jqnGO6cxzU=;
 b=G7ZHYHMeZ/0Jj4f6oEdxltLB7eAK/K7N8QHEF9zzRLWJLqMJieH5Ms0nL/acdmk6FH
 pCVV49qanYphpVVFrK6Iu/HELHC+YSrCf+niGVdQqkykKISbRBbMkFz1Wu9gSUtLPMj6
 Sg0lJ5qZSm1BycLl+YrdcULQowA2SBfTZW3d4kDHg1VgXmUK13JI2xddAv0Gsv4DvdHZ
 RcvZ0xkaRTRIx7q8CeaPV4NeFYNIk3V6vdpJIUGkoZdtaY5532oxD/tF80uIwJ73Z6h1
 d5/v+OmlPNNv+Nw7CXXo55YdnbQ7c1NaI5Ui+3NAq4/syb04vGBqg60j1tV6o8S3qdmZ
 ivXQ==
X-Gm-Message-State: AODbwcDWN2wUM3U+g4DbQllBmZeV+7HEx97ZC/DspVrFowQYLZ7Q+4Nx
 dgjo7yycgsT8K4KiOOutlLtyTX0ukx2K
X-Received: by 10.202.74.142 with SMTP id x136mr11821265oia.7.1496280332098;
 Wed, 31 May 2017 18:25:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.134.72 with HTTP; Wed, 31 May 2017 18:25:31 -0700 (PDT)
Received: by 10.74.134.72 with HTTP; Wed, 31 May 2017 18:25:31 -0700 (PDT)
In-Reply-To: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb>
References: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb>
From: Jov <zhao6014@gmail.com>
Date: Thu, 1 Jun 2017 09:25:31 +0800
Message-ID: <CADyrUxPNzd_49dxg0yfjEC8vjb-OgqOCnVZQTjDM3wJ9D2bcnQ@mail.gmail.com>
Subject: Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?
To: Marcin Cieslak <saper@saper.info>
Cc: ports@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 01:25:33 -0000

can you dowload the file distfiles/INIT.2014-12-24.tgz
<https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz> using
browser such as chrome=EF=BC=9F

be sure to use full chain cert file=EF=BC=8CI rember I had similar problem =
and use
full chain cert fixed.

2017=E5=B9=B46=E6=9C=881=E6=97=A5 8:01 AM=EF=BC=8C"Marcin Cieslak" <saper@s=
aper.info>=E5=86=99=E9=81=93=EF=BC=9A

Hello,

I have posted my port's local distfiles to a machine
that is serving them with SSL behind the Let's Encrypt
certificate (https://distfile.net). This is SSL-only.

However, poudriere fails on certificate check when trying
to fetch it:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase=
: check-sanity   >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D>  License EPL accepted by the user
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase=
: pkg-depends    >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - not foun=
d
=3D=3D=3D>   Installing existing package /packages/All/pkg-1.10.1.txz
[ksh-test-amd64-exp-job-01] Installing pkg-1.10.1...
[ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done
=3D=3D=3D>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - found
=3D=3D=3D>   Returning to build of ksh93-20160716
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase=
: fetch-depends  >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase=
: fetch          >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=3D=3D>  License EPL accepted by the user
=3D> INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93.
=3D> Attempting to fetch https://distfile.net/local-
ports-distfiles/INIT.2014-12-24.tgz
Certificate verification failed for /C=3DUS/O=3DLet's Encrypt/CN=3DLet's En=
crypt
Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certifi=
cate
verify failed:/usr/src/secure/lib/libssl/../../../crypto/
openssl/ssl/s3_clnt.c:1264:
fetch: https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz:
Authentication error
=3D> Attempting to fetch http://distcache.FreeBSD.org/
ports-distfiles/ksh93/INIT.2014-12-24.tgz
fetch: http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT.
2014-12-24.tgz: Not Found
=3D> Couldn't fetch it - please try to retrieve this
=3D> port manually into /portdistfiles/ksh93 and try again.
*** Error code 1

What is the best solution here?

so I really have to add security/ca_root_nss (... and perl)
as a fetch dependency? Any other solution?

A quick look at bsd.sites.mk shows that we have some https-only distfile
sources.

Marcin Cie=C5=9Blak