Unable to relocate to new svn URL
Kevin Oberman
rkoberman at gmail.com
Thu Aug 6 03:44:08 UTC 2015
On Wed, Aug 5, 2015 at 8:04 PM, Kubilay Kocak <koobs at freebsd.org> wrote:
> On 6/08/2015 8:17 AM, David Wolfskill wrote:
> > On Wed, Aug 05, 2015 at 03:07:04PM -0700, Kevin Oberman wrote:
> >> ...
> >>> Which version of ca_root_nss do you have? Mine is 3.19.1_1, and it
> >>> definitely has the above root CA in /etc/ssl/cert.pem.
> >>>
> >>> -Dimitry
> >>>
> >>
> >> Thanks for the quick response! I'm still confused, though.
> >>
> >> I have 3.19.2, so it is just a bit newer. But I don't have
> >> /etc/ssl/cert.pem. The root certs are installed in
> >> /usr/local/share/certs/ca-root-nss.crt. Is something required to get
> them
> >> into /etc/ssl? I confirm that the fingerprints match.
> >
> > Looks as if the relevant option (on the port) is:
> >
> > ETCSYMLINK=off: Add symlink to /etc/ssl/cert.pem
> >
> > Apparently I had that on at one point (perhaps it was a default), as:
>
> It was off, but was made an OPTIONS_DEFAULT for out of the box SSL
> verification goodness:
>
> https://svnweb.freebsd.org/changeset/ports/388657
>
> There was a complementary change for ports software here committed earlier:
>
> https://svnweb.freebsd.org/changeset/ports/378720
>
> > g1-245(10.2-P)[7] ls -lT /etc/ssl/cert.pem
> > lrwxr-xr-x 1 root wheel 38 Feb 12 13:17:49 2015 /etc/ssl/cert.pem ->
> /usr/local/share/certs/ca-root-nss.crt
> >
> >
> >> ...
> >
> > Peace,
> > david
> >
>
>
Thanks, Koobs. That was it.
Bitten again when an option went from a default of "off" to "on". Not the
first time, either. Wish their was a way to note that a default had changed
when re-installing a port. We mark new options with '+'. If we added a
field in the config file for current defaults, this could be detected and
flagged when a port is updated. Any reason that this would not be practical?
This still leaves the issue of requiring SASL support in subversion. A note
in the handbook section on ports would help, though I'll admit that I
probably would not have found it in this case. Perhaps a note in
ports/UPDATING might be in order. At least that one was fairly easy to find
once I started looking.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-ports
mailing list