Date: Thu, 1 Jun 2017 00:00:58 +0000 From: Marcin Cieslak <saper@saper.info> To: ports@FreeBSD.org Subject: Hosting distfiles on HTTPS w/Let's Encrypt - how? Message-ID: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb>
next in thread | raw e-mail | index | archive | help
--1563967779-2010439985-1496275258=:37923 Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: 8BIT Hello, I have posted my port's local distfiles to a machine that is serving them with SSL behind the Let's Encrypt certificate (https://distfile.net). This is SSL-only. However, poudriere fails on certificate check when trying to fetch it: =======================<phase: check-sanity >============================ ===> License EPL accepted by the user =========================================================================== =======================<phase: pkg-depends >============================ ===> ksh93-20160716 depends on file: /usr/local/sbin/pkg - not found ===> Installing existing package /packages/All/pkg-1.10.1.txz [ksh-test-amd64-exp-job-01] Installing pkg-1.10.1... [ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done ===> ksh93-20160716 depends on file: /usr/local/sbin/pkg - found ===> Returning to build of ksh93-20160716 =========================================================================== =======================<phase: fetch-depends >============================ =========================================================================== =======================<phase: fetch >============================ ===> License EPL accepted by the user => INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93. => Attempting to fetch https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1264: fetch: https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz: Authentication error => Attempting to fetch http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT.2014-12-24.tgz fetch: http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT.2014-12-24.tgz: Not Found => Couldn't fetch it - please try to retrieve this => port manually into /portdistfiles/ksh93 and try again. *** Error code 1 What is the best solution here? so I really have to add security/ca_root_nss (... and perl) as a fetch dependency? Any other solution? A quick look at bsd.sites.mk shows that we have some https-only distfile sources. Marcin Cieślak --1563967779-2010439985-1496275258=:37923 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: BASE64 Content-Description: S/MIME Cryptographic Signature Content-Disposition: attachment; filename=smime.p7s MIIOSwYJKoZIhvcNAQcCoIIOPDCCDjgCAQExDzANBglghkgBZQMEAgEFADAL BgkqhkiG9w0BBwGgggqQMIIElzCCA3+gAwIBAgIOSBtqCKJEiNNcmz3JSA0w DQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNp Z24wHhcNMTYwNjE1MDAwMDAwWhcNMjQwNjE1MDAwMDAwWjBdMQswCQYDVQQG EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xv YmFsU2lnbiBQZXJzb25hbFNpZ24gMSBDQSAtIFNIQTI1NiAtIEczMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrCba00KOKyGuwh9h+/MAcZm ZUF9OxGKA56AADHaDE08rB0WEbgm6J4XvJP3OGQ7cgHdVJu6XMZkRd6EcfjD yRrIwE6oAVWJe57co3gKk/XxvuubSZuUahrcOiv3D2qaHwva4zumubxQQI4f unEzRIJHPiNjaq0cCcZsMcp5pxsEz8aG0sr8Oh80sxKNnzPmuUETLESktfMC pQKHUGmWXLsG6sgCZOezUjDjKpPKW7l4PUt0TEBEyqLhifv9/YPn5C4o10PP daDazZPeKNif2PVQ5u0HRnkFrHh4wmmrMtY22Mse3eR01gD6rEEGWf+gdzuy EQE+ZVlNhCP4gXjdBQIDAQABo4IBZDCCAWAwDgYDVR0PAQH/BAQDAgEGMCcG A1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwkwEgYDVR0T AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlifCwqX3HPgCenpkr2NvMtKYwrEw HwYDVR0jBBgwFoAUj/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEE MjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20v cm9vdHIzMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2ln bi5jb20vcm9vdC1yMy5jcmwwWQYDVR0gBFIwUDALBgkrBgEEAaAyASgwQQYJ KwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNp Z24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCxh3ekjKKy RrUdfI6D1U7qUggdFLksiU+KiIqJzJG6GXcQ2KiBy2tF3+KYb0IixXMpIVli VXlcD5Vh4tiMxJ4WONMFt3f7/53gSXLf24WMwErubc+mGMzgUGE5HKC98PcK UV/5pPggQdzPxCBNeiXnLU1tCGYhPatFTDhUBGaVhBeuUCbgR9gpXJ9guqrD OVwouKvovdIeI5KEAcoAAiSL6naeLk/GbKUaBFa2RxXC17e+YyBWtWlWDEM3 1V8pUIx76lkO8IJYREhLcg/LnyoYy5wcrzI6pbX2vw1x/jR3GHSC1AEdoqbE xui2XLLlSa6y9yQNgdkPz7GTLmpwIT+dMIIF8TCCBNmgAwIBAgIMGk4Oe/1h 2+wMOby/MA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQK ExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIFBlcnNv bmFsU2lnbiAxIENBIC0gU0hBMjU2IC0gRzMwHhcNMTcwNTI1MDg0NDE2WhcN MjAwNTI1MDg0NDE2WjA8MRkwFwYDVQQDDBBzYXBlckBzYXBlci5pbmZvMR8w HQYJKoZIhvcNAQkBFhBzYXBlckBzYXBlci5pbmZvMIICIjANBgkqhkiG9w0B AQEFAAOCAg8AMIICCgKCAgEA2sO3aQNus/oe4ZBZ4fu1Y1mzxnUYAkb4k/dw gMFc2Kd0eRoOY0AHj4rTEi/vVzzizxjLbEwXzQ9cBEAu/PqS8WsOmhZXtlfi szPDmP7ZpOwmNTWKSd9O7jHu9uTCGfEOsocQNYH2ULD1gVFkgKb8jHf+3u9d uCzh6qMomTtwLrCGEP70Lq385xUzRaD6qbOeIB99tpzgvMR6Z0GPTt4z8tLM kfdtohq5llwZ5vYnj/hJohVS9iLMQMHW4nuLj/mLZNaYE1CWJBT1rBwn5YPJ uR6811O9eAP7aX4iG8k1jkiBh+QNgGRBIK4GIdqy7IVRhA7v2OlpLYHMk4zP 9Fs3M+56QromVKBnxfzLhuYMUK6ugj9jwskNVitqlEFUeyfgvmR1jnPRp1Nd XGJllTNwGicR8wkaRj14RxfrvTZfwXs8OBODKFupqun/tNzdpOgyHMGQACss 9yv2SnLGCJvJK3rGIdRZEiUhLZH/Ct4L92dBhev+SjUqWKbHb4yIlGMgLdoh nwqatuWw7iyOeInjcinX7ghiIKDWhulUN493Fzl6kaUBtIIcrb7jzZ2pHAQT WUmuVnCTHk6NtoWB09lvuK77fw4GfxLWDFWkBQiJYPVBrmxlrkCKzrWdTMfS W9BiEC10jT1sSimUBIjDz22RkfsApeBJoAIWjiOZogILu9MCAwEAAaOCAdAw ggHMMA4GA1UdDwEB/wQEAwIFoDCBngYIKwYBBQUHAQEEgZEwgY4wTQYIKwYB BQUHMAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dz cGVyc29uYWxzaWduMXNoYTJnM29jc3AuY3J0MD0GCCsGAQUFBzABhjFodHRw Oi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3NwZXJzb25hbHNpZ24xc2hhMmcz MEwGA1UdIARFMEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBz Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAw RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9n c3BlcnNvbmFsc2lnbjFzaGEyZzMuY3JsMBsGA1UdEQQUMBKBEHNhcGVyQHNh cGVyLmluZm8wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1Ud DgQWBBReBINaGUKUo7HCrIjsKLKERu6ooTAfBgNVHSMEGDAWgBSWJ8LCpfcc +AJ6emSvY28y0pjCsTANBgkqhkiG9w0BAQsFAAOCAQEAC0VK968ySq/6B+Kd ecjVThQOKtVXuG17Krfk0xz7OPYR/V+qZtBFm2Uc6tkUEmAmq3Tyf+SE3TTX Q58eJFq0uCTUhIY714ioJs1uVWBz8rPyJ3swkOfDaUXUxkQsBsf73VfKjUk4 kB5MTrApLYUe35NmEY3FqyyX13elhW1tp864vOKM2Git61cYoRn/bwd/z2JM Zkxwkd5JgvmM+p4Da+WO4CUsGzdrZEH8X/8NQIzWtUDIh7VEQZFX5fot/KvH Am8AajtpmNqTfMyg6LfcfJUXSFqXn/KEWu4Td62vX6Pd70dYKUZxnLwYvGqG A4Ktrp9zyrUzxLbmdaPln7CstjGCA38wggN7AgEBMG0wXTELMAkGA1UEBhMC QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExMzAxBgNVBAMTKkdsb2Jh bFNpZ24gUGVyc29uYWxTaWduIDEgQ0EgLSBTSEEyNTYgLSBHMwIMGk4Oe/1h 2+wMOby/MA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG 9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE3MDYwMTAwMDA1OFowLwYJKoZIhvcN AQkEMSIEIOdA67ERMmFejtO5rRHiVoZ5P1lYE4TYAtYlrh7iuh1ZMHkGCSqG SIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgB ZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIC ALfnoxVe/RE0beHzPJuW53dE3Ek7uvZwSWia+TkpknFOROKNj8jQNYX4fBzy 7JtFY9VPJTjTq5PXlSf3Znm08WRnfULWjf6euwp1YJsNai9m3Q90zef507rX zn1LgvM7gRdhHg+SGDqgZjhZUmJKQ0b4pe+vH5l+reluudGD7yCxSlY25/yR Xr7gTmcOPDOLVXDgpVl6EjqPGCrA/OS0qDSRIdmuo8qlbsKvn/AhdyAGMLBk 4kmw4dzrJQpJMuTUHZbL1Ds4psC3SP87i0l946yh3UmRRVKaYFCWJes9s/WV p/57gKDV5c5Um3PB1LF+cN8gVJEzfDU7pVseVI9Ns97FKI97NAsk79LRUHF0 Ff8y/naIxKXoxJsWNDC3uK0LBaQYZL8djY+IVgg+gTvHAS6iRVCgalrkQVXT x3dAaFKnJjSLuy0Ty4gAzBzfuQWHEQoGeT34L3QeBYD3IyynCw7KyFriS4iX 9bb2bp0KfyA9LgC0h1AniKcFGcHPBqipXXST6fVROjXEx0fXQWWLCitYVQ4p BGu7fHU3PGrq0qDtAvV5ZhgCRUewJWoRdCWg0AiX1BbjvNkRAyyXOteTL9yd 1QS5fuvCC/3ULSzd1cCPrqxfvX8AZGZ8xrZ5PUuI5I08mbBtDDqcPKjPw+QB UqmZ4zTLgK6vDkphNazfKU8Y --1563967779-2010439985-1496275258=:37923--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1705312355300.37923>