r253680 in CURRENT breaks GH ports and maybe others
Baptiste Daroussin
bapt at FreeBSD.org
Wed Jul 31 13:30:42 UTC 2013
On Wed, Jul 31, 2013 at 03:24:07PM +0200, Michael Gmelin wrote:
> On Wed, 31 Jul 2013 08:10:28 -0500
> Mark Felder <feld at FreeBSD.org> wrote:
>
> > On Wed, Jul 31, 2013, at 8:05, Nikolai Lifanov wrote:
> > >
> > > I fully agree. We already checksum the *distfiles*.
> > > It shouldn't be important what the source is.
> > >
> > > Are there any objections to adding --no-verify-peer to FETCH_ARGS
> > > across the board?
> > >
> >
> > Won't that break fetch for users whose fetch doesn't support
> > --no-verify-peer?
>
> True, it probably makes more sense to set SSL_NO_VERIFY_PEER in the
> environment, since older versions of fetch will just ignore that.
> bsd.port.mk already provides FETCH_ENV for that, so we could utilize
> it for that purpose.
>
> While you're on it you might also want to set SSL_NO_VERIFY_HOSTNAME
> to disable host name verification in the cert (this is required less
> often, but I could still see problems cause for incorrectly configured
> master sites).
>
> So this would mean adding something like this to bsd.port.mk around
> line 2215:
>
> FETCH_ENV?= SSL_NO_VERIFY_PEER=1 SSL_NO_VERIFY_HOSTNAME=1
>
> Michael
>
Committed thanks
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20130731/36c2b9d1/attachment.sig>
More information about the freebsd-ports
mailing list