Switching `pkg` to HTTPS by default
    Kyle Evans 
    kevans at freebsd.org
       
    Fri Sep 11 14:18:42 UTC 2020
    
    
  
On Fri, Sep 11, 2020 at 9:15 AM Baptiste Daroussin <bapt at freebsd.org> wrote:
>
> On Fri, Sep 11, 2020 at 11:11:37PM +0930, Andrew Savchenko wrote:
> > Hello,
> >
> > I have added the following snippet under the
> > /usr/local/etc/pkg/repos/FreeBSD.conf:
> >
> > ```
> > FreeBSD: {
> >   url: "pkg+https://pkg.FreeBSD.org/${ABI}/quarterly",
> >   mirror_type: "srv",
> >   signature_type: "fingerprints",
> >   fingerprints: "/usr/share/keys/pkg",
> >   enabled: yes
> > }
> > ```
> >
> > Note the "https" part of the address. Regardless, `pkg` continued fetching
> > binaries over unencrypted http. I had to change the /etc/pkg/FreeBSD.conf for
> > this to have any effect.
>
> This discussion happened many time in the past, regarding the pkg repository the
> https does not bring much as everything is signed and checked against checksums.
>
In this case they were trying to do it for just the single machine,
presumably with caroot installed from ports... shouldn't the entries
have been merged and url from this one override?
    
    
More information about the freebsd-pkg
mailing list