PKG not quite ready for prime time

scratch65535 at att.net scratch65535 at att.net
Sat Oct 11 13:36:12 UTC 2014 

On Fri, 10 Oct 2014 13:49:54 -0500, you wrote:

>On Fri, Oct 10, 2014, at 13:29, Auld Besom wrote:
>> 
>> I had it as ${ABI} to begin with, but had no luck that way either
>> (see below).  Then I changed it, unaware that that first 8 was
>> the version, or even that there are o/s version-dependent
>> versions of pkg.
>> 
>Pkg itself is compiled, not interpreted like Yum which is Python, so it
>does matter.

> And you of course want to ensure you're installing packages
>built for FreeBSD 9 on your FreeBSD 9 server.

[sigh] Yes.  I'm old enough that I'm always sleep-deprived, and
after 8-10 hours of concentrated work I'm so foggy that my brain
goes unserviceable.


>
>The next error you're seeing is this:
>
>> pkg: Error loading trusted certificates
>
>This is due to your missing certificates in /usr/share/keys/pkg which
>are required due to your repository having:
>
> signature_type: "fingerprints",
> fingerprints: "/usr/share/keys/pkg",
>
>You could remove those lines to work around that, but you are lowering
>the security of your system as you cannot verify the integrity of your
>packages anymore. The fix is to populate your /usr/share/keys/pkg. I do
>not know why it did not come populated after your upgrade, but that's a
>discussion for another day. Let's get your keys:
>
># mkdir -p /usr/share/keys/pkg/trusted /usr/share/keys/pkg/revoked
># fetch -o /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
>"https://svnweb.freebsd.org/base/head/share/keys/pkg/trusted/pkg.freebsd.org.2013102301?revision=260605&view=co"
># chown root:wheel
>/usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
># chmod 644 /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301

Thank you.  Those seem to fill in the gap.  It's a pity that the
installer for pkg didn't do that part of the job.

>
>
>If you have problems with fetch because of the https you might have to
>use --no-verify-peers but at least compare the certificate and/or ensure
>the contents of the key match what's in the repository....
>_______________________________________________
>freebsd-ports at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ports
>To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"

More information about the freebsd-ports mailing list