Date: Mon, 08 Dec 2025 16:45:03 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 291483] RELEASE installation fails to fetch from non-resolving pkgbase.FreeBSD.org: No error Message-ID: <bug-291483-32340-opXfbt9GeF@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-291483-32340@https.bugs.freebsd.org/bugzilla/> References: <bug-291483-32340@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291483 --- Comment #7 from Vassili Tchersky <vt+freebsd@vbcy.org> --- After some debugging with openssl s_client I got "certificate is not yet valid" and I knew ... the motherboard is pristine and so the RTC was set to year 2018. After running ntpdate from the installer console, pkg update works and so the installer. No obvious error was given by "pkg -dd" except for "curl_open, fetcher pkg+https" and then "pkg: Failed to fetch [...]: No Error". When using the binary /usr/bin/fetch that uses the same libfetch than pkg (or pkg-static), it returns "pkgbase.freebsd.org: Address family for host not supported" (and I get it now, the SRV looking is a pkg-specific behaviour). My problem is resolved, the bug may be closed. However, I think the certificate error should be more clearly reported in the pkg logs. (package signing with HTTP was good enough IMHO, and the security of HTTPS here is not obvious: the certificate is checked against whatever the SRV lookup returned and pkg/libfetch resolver does not seem to check for DNSSEC) -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-291483-32340-opXfbt9GeF>