Please help regarding usage of client certifcates with pkg command used on freeBSD
Mohit Hasija
MH00122988 at TechMahindra.com
Mon Jan 19 12:58:18 UTC 2015
Dear Baptiste,
we have found from the pkg source code that the environment variables SSL_CLIENT_CERT_FILE and SSL_CLIENT_KEY_FILE are required to be set before using client certificates with pkg.
In order to automate the setting of environment variables, before pkg begins https authentication with a remote repository server, we decided to use plugins feature of pkg.We decided to write a callback function that would be called at appropriate time and set the environment variables.
However, after much R&D, we could not find any HOOK that could be used to register a callback function, which could be called before https authentication takes place.
Hence, we have decided to use pkg_plugin_init() function for setting the environment variables.This function is called every time a pkg command is executed and hence we can set the environment variables.In pkg_plugin_shutdown() function, we can remove the environment variables.
Please suggest any better method to set the environment variables or provide your feedback on our approach.
regards
Mohit Hasija
Mobile No.: +91-9958302266
________________________________________
From: Baptiste Daroussin <baptiste.daroussin at gmail.com> on behalf of Baptiste Daroussin <bapt at freebsd.org>
Sent: Monday, January 19, 2015 4:37 PM
To: Mohit Hasija; portmgr at FreeBSD.org
Cc: pkg at freebsd.org
Subject: Re: Please help regarding usage of client certifcates with pkg command used on freeBSD
January 1 2015 8:09 AM, "Mohit Hasija" <mh00122988 at techmahindra.com> wrote:
> Dear Pkg port Manager,
>
> We intend to use client certificates for https authentication during retreival of a package from a
> custom repository built at remote location.
>
> We want to know the following:
>
> 1.Is there inbuilt support for usage of client certifcates with "pkg" comamnd on freeBSD 10.1
> release?
>
> In case Yes, how can we use the client certifcates with pkg on freeBSD?
>
> In case No, how can we add support to pkg with minimal effrts for using client certifcates?
>
> Awaiting an early reply...
>
> regards
>
> Mohit Hasija
> Mobile No.: +91-9958302266
pkg(8) is using libfetch to handle http(s) and I'm not sure libfetch does support such feature.
Adding such feature to libfetch would be great but that would also means it will not find its way to FreeBSD 10.1 as FreeBSD 10.1 is already released.
FYI: I added pkg at FreeBSD.org to CC as it is the right list to discuss such things.
Best regards,
Bapt
============================================================================================================================
Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra.
============================================================================================================================
More information about the freebsd-pkg
mailing list