Hosting distfiles on HTTPS w/Let's Encrypt - how?

Jov zhao6014 at gmail.com
Thu Jun 1 01:25:33 UTC 2017 

can you dowload the file distfiles/INIT.2014-12-24.tgz
<https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz> using
browser such as chrome?

be sure to use full chain cert file,I rember I had similar problem and use
full chain cert fixed.

2017年6月1日 8:01 AM,"Marcin Cieslak" <saper at saper.info>写道:

Hello,

I have posted my port's local distfiles to a machine
that is serving them with SSL behind the Let's Encrypt
certificate (https://distfile.net). This is SSL-only.

However, poudriere fails on certificate check when trying
to fetch it:

=======================<phase: check-sanity   >============================
===>  License EPL accepted by the user
===========================================================================
=======================<phase: pkg-depends    >============================
===>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - not found
===>   Installing existing package /packages/All/pkg-1.10.1.txz
[ksh-test-amd64-exp-job-01] Installing pkg-1.10.1...
[ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done
===>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - found
===>   Returning to build of ksh93-20160716
===========================================================================
=======================<phase: fetch-depends  >============================
===========================================================================
=======================<phase: fetch          >============================
===>  License EPL accepted by the user
=> INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93.
=> Attempting to fetch https://distfile.net/local-
ports-distfiles/INIT.2014-12-24.tgz
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed:/usr/src/secure/lib/libssl/../../../crypto/
openssl/ssl/s3_clnt.c:1264:
fetch: https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz:
Authentication error
=> Attempting to fetch http://distcache.FreeBSD.org/
ports-distfiles/ksh93/INIT.2014-12-24.tgz
fetch: http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT.
2014-12-24.tgz: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ksh93 and try again.
*** Error code 1

What is the best solution here?

so I really have to add security/ca_root_nss (... and perl)
as a fetch dependency? Any other solution?

A quick look at bsd.sites.mk shows that we have some https-only distfile
sources.

Marcin Cieślak

More information about the freebsd-ports mailing list