PKG not quite ready for prime time
Mark Felder
feld at FreeBSD.org
Fri Oct 10 18:49:56 UTC 2014
On Fri, Oct 10, 2014, at 13:29, Auld Besom wrote:
>
> I had it as ${ABI} to begin with, but had no luck that way either
> (see below). Then I changed it, unaware that that first 8 was
> the version, or even that there are o/s version-dependent
> versions of pkg.
>
Pkg itself is compiled, not interpreted like Yum which is Python, so it
does matter. And you of course want to ensure you're installing packages
built for FreeBSD 9 on your FreeBSD 9 server.
The next error you're seeing is this:
> pkg: Error loading trusted certificates
This is due to your missing certificates in /usr/share/keys/pkg which
are required due to your repository having:
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
You could remove those lines to work around that, but you are lowering
the security of your system as you cannot verify the integrity of your
packages anymore. The fix is to populate your /usr/share/keys/pkg. I do
not know why it did not come populated after your upgrade, but that's a
discussion for another day. Let's get your keys:
# mkdir -p /usr/share/keys/pkg/trusted /usr/share/keys/pkg/revoked
# fetch -o /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
"https://svnweb.freebsd.org/base/head/share/keys/pkg/trusted/pkg.freebsd.org.2013102301?revision=260605&view=co"
# chown root:wheel
/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
# chmod 644 /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
If you have problems with fetch because of the https you might have to
use --no-verify-peers but at least compare the certificate and/or ensure
the contents of the key match what's in the repository....
More information about the freebsd-ports
mailing list