Setting fetch environment in pkg.conf (pkgng)

Michael Gmelin freebsd at grem.de
Sat Apr 13 20:27:23 UTC 2013


On Sat, 13 Apr 2013 22:10:39 +0200
Baptiste Daroussin <bapt at FreeBSD.org> wrote:

> On Sat, Apr 13, 2013 at 09:48:39PM +0200, Michael Gmelin wrote:
> > Hi,
> > 
> > I recently converted a host from to pkgng and getting the following
> > error:
> > 
> > Checking for packages with security vulnerabilities:
> > pkg: http://portaudit.FreeBSD.org/auditfile.tbz: No route to host
> > pkg: Cannot fetch audit file!
> > 
> > Portaudit was configured to use a proxy
> > in /usr/local/etc/portaudit.conf:
> > 
> > portaudit_fetch_env="HTTP_PROXY=http://192.168.1.2:8080/"
> > 
> > I'm aware that pkg uses libfetch directly, but since most
> > configuration in libfetch happens through setting environment
> > variables, it would be great if it could be set before calls to
> > libfetch's fetchGet* functions instead of setting it in the
> > environment used (modify cron jobs etc.). Since there are different
> > applications for fetch in pkg I would suggest the following settings
> > (examples):
> > 
> > # environment for fetching auditfile (pkg-audit(8))
> > audit_fetch_env = "HTTP_PROXY=http://192.168.1.2:8080/"
> > 
> > # environment for talking to the repo (pkg-update(8),
> > pkg-upgrade(8)...) repo_fetch_env =
> > "SSL_CLIENT_KEY_FILE=/etc/ssl/pkgclient01.key \
> > SSL_CLIENT_CERT_FILE=/etc/ssl/pkgclient01.crt \
> > SSL_CA_CERT_FILE=/etc/ssl/pkgmaster.pem"
> > 
> > In case there are other uses of libfetch in the code, further
> > settings could be added - also for talking to multiple repositories.
> > 
> > Thoughts?
> > 
> 
> Just add HTTP_PROXY=... in pkg.conf and pkgng will do it :)
> 
> regards,
> Bapt

Does that work for all environment variables in pkg.conf (couldn't
find anything in the man page)? I'm asking because I'm using a specific
setup that requires me to set a couple of SSL_ environment variables
(that patch to libfetch, you know), which would be great if I could do
that on pkg.conf right away.

But this also means that those settings will be the same for all
repos and auditfile though, so there is no way to have different
settings for auditfile and individual repos, right?

Cheers,

-- 
Michael Gmelin


More information about the freebsd-ports mailing list