r253680 in CURRENT breaks GH ports and maybe others
Michael Gmelin
freebsd at grem.de
Wed Jul 31 13:24:10 UTC 2013
On Wed, 31 Jul 2013 08:10:28 -0500
Mark Felder <feld at FreeBSD.org> wrote:
> On Wed, Jul 31, 2013, at 8:05, Nikolai Lifanov wrote:
> >
> > I fully agree. We already checksum the *distfiles*.
> > It shouldn't be important what the source is.
> >
> > Are there any objections to adding --no-verify-peer to FETCH_ARGS
> > across the board?
> >
>
> Won't that break fetch for users whose fetch doesn't support
> --no-verify-peer?
True, it probably makes more sense to set SSL_NO_VERIFY_PEER in the
environment, since older versions of fetch will just ignore that.
bsd.port.mk already provides FETCH_ENV for that, so we could utilize
it for that purpose.
While you're on it you might also want to set SSL_NO_VERIFY_HOSTNAME
to disable host name verification in the cert (this is required less
often, but I could still see problems cause for incorrectly configured
master sites).
So this would mean adding something like this to bsd.port.mk around
line 2215:
FETCH_ENV?= SSL_NO_VERIFY_PEER=1 SSL_NO_VERIFY_HOSTNAME=1
Michael
--
Michael Gmelin
More information about the freebsd-ports
mailing list