Date: Thu, 1 Jun 2017 09:25:31 +0800 From: Jov <zhao6014@gmail.com> To: Marcin Cieslak <saper@saper.info> Cc: ports@freebsd.org Subject: Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? Message-ID: <CADyrUxPNzd_49dxg0yfjEC8vjb-OgqOCnVZQTjDM3wJ9D2bcnQ@mail.gmail.com> In-Reply-To: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb> References: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb>
next in thread | previous in thread | raw e-mail | index | archive | help
can you dowload the file distfiles/INIT.2014-12-24.tgz <https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz>; using browser such as chrome=EF=BC=9F be sure to use full chain cert file=EF=BC=8CI rember I had similar problem = and use full chain cert fixed. 2017=E5=B9=B46=E6=9C=881=E6=97=A5 8:01 AM=EF=BC=8C"Marcin Cieslak" <saper@s= aper.info>=E5=86=99=E9=81=93=EF=BC=9A Hello, I have posted my port's local distfiles to a machine that is serving them with SSL behind the Let's Encrypt certificate (https://distfile.net). This is SSL-only. However, poudriere fails on certificate check when trying to fetch it: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase= : check-sanity >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D> License EPL accepted by the user =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase= : pkg-depends >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D> ksh93-20160716 depends on file: /usr/local/sbin/pkg - not foun= d =3D=3D=3D> Installing existing package /packages/All/pkg-1.10.1.txz [ksh-test-amd64-exp-job-01] Installing pkg-1.10.1... [ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done =3D=3D=3D> ksh93-20160716 depends on file: /usr/local/sbin/pkg - found =3D=3D=3D> Returning to build of ksh93-20160716 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase= : fetch-depends >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<phase= : fetch >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D> License EPL accepted by the user =3D> INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93. =3D> Attempting to fetch https://distfile.net/local- ports-distfiles/INIT.2014-12-24.tgz Certificate verification failed for /C=3DUS/O=3DLet's Encrypt/CN=3DLet's En= crypt Authority X3 34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certifi= cate verify failed:/usr/src/secure/lib/libssl/../../../crypto/ openssl/ssl/s3_clnt.c:1264: fetch: https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz: Authentication error =3D> Attempting to fetch http://distcache.FreeBSD.org/ ports-distfiles/ksh93/INIT.2014-12-24.tgz fetch: http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT. 2014-12-24.tgz: Not Found =3D> Couldn't fetch it - please try to retrieve this =3D> port manually into /portdistfiles/ksh93 and try again. *** Error code 1 What is the best solution here? so I really have to add security/ca_root_nss (... and perl) as a fetch dependency? Any other solution? A quick look at bsd.sites.mk shows that we have some https-only distfile sources. Marcin Cie=C5=9Blak
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADyrUxPNzd_49dxg0yfjEC8vjb-OgqOCnVZQTjDM3wJ9D2bcnQ>