Date: Thu, 1 Jun 2017 09:25:31 +0800 From: Jov <zhao6014@gmail.com> To: Marcin Cieslak <saper@saper.info> Cc: ports@freebsd.org Subject: Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? Message-ID: <CADyrUxPNzd_49dxg0yfjEC8vjb-OgqOCnVZQTjDM3wJ9D2bcnQ@mail.gmail.com> In-Reply-To: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb>
index | next in thread | previous in thread | raw e-mail
can you dowload the file distfiles/INIT.2014-12-24.tgz <https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz>; using browser such as chrome? be sure to use full chain cert file,I rember I had similar problem and use full chain cert fixed. 2017年6月1日 8:01 AM,"Marcin Cieslak" <saper@saper.info>写道: Hello, I have posted my port's local distfiles to a machine that is serving them with SSL behind the Let's Encrypt certificate (https://distfile.net). This is SSL-only. However, poudriere fails on certificate check when trying to fetch it: =======================<phase: check-sanity >============================ ===> License EPL accepted by the user =========================================================================== =======================<phase: pkg-depends >============================ ===> ksh93-20160716 depends on file: /usr/local/sbin/pkg - not found ===> Installing existing package /packages/All/pkg-1.10.1.txz [ksh-test-amd64-exp-job-01] Installing pkg-1.10.1... [ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done ===> ksh93-20160716 depends on file: /usr/local/sbin/pkg - found ===> Returning to build of ksh93-20160716 =========================================================================== =======================<phase: fetch-depends >============================ =========================================================================== =======================<phase: fetch >============================ ===> License EPL accepted by the user => INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93. => Attempting to fetch https://distfile.net/local- ports-distfiles/INIT.2014-12-24.tgz Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/ openssl/ssl/s3_clnt.c:1264: fetch: https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz: Authentication error => Attempting to fetch http://distcache.FreeBSD.org/ ports-distfiles/ksh93/INIT.2014-12-24.tgz fetch: http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT. 2014-12-24.tgz: Not Found => Couldn't fetch it - please try to retrieve this => port manually into /portdistfiles/ksh93 and try again. *** Error code 1 What is the best solution here? so I really have to add security/ca_root_nss (... and perl) as a fetch dependency? Any other solution? A quick look at bsd.sites.mk shows that we have some https-only distfile sources. Marcin Cieślakhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADyrUxPNzd_49dxg0yfjEC8vjb-OgqOCnVZQTjDM3wJ9D2bcnQ>