Hosting distfiles on HTTPS w/Let's Encrypt - how?
Jov
zhao6014 at gmail.com
Thu Jun 1 01:25:33 UTC 2017
can you dowload the file distfiles/INIT.2014-12-24.tgz
<https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz> using
browser such as chrome?
be sure to use full chain cert file,I rember I had similar problem and use
full chain cert fixed.
2017年6月1日 8:01 AM,"Marcin Cieslak" <saper at saper.info>写道:
Hello,
I have posted my port's local distfiles to a machine
that is serving them with SSL behind the Let's Encrypt
certificate (https://distfile.net). This is SSL-only.
However, poudriere fails on certificate check when trying
to fetch it:
=======================<phase: check-sanity >============================
===> License EPL accepted by the user
===========================================================================
=======================<phase: pkg-depends >============================
===> ksh93-20160716 depends on file: /usr/local/sbin/pkg - not found
===> Installing existing package /packages/All/pkg-1.10.1.txz
[ksh-test-amd64-exp-job-01] Installing pkg-1.10.1...
[ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done
===> ksh93-20160716 depends on file: /usr/local/sbin/pkg - found
===> Returning to build of ksh93-20160716
===========================================================================
=======================<phase: fetch-depends >============================
===========================================================================
=======================<phase: fetch >============================
===> License EPL accepted by the user
=> INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93.
=> Attempting to fetch https://distfile.net/local-
ports-distfiles/INIT.2014-12-24.tgz
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed:/usr/src/secure/lib/libssl/../../../crypto/
openssl/ssl/s3_clnt.c:1264:
fetch: https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz:
Authentication error
=> Attempting to fetch http://distcache.FreeBSD.org/
ports-distfiles/ksh93/INIT.2014-12-24.tgz
fetch: http://distcache.FreeBSD.org/ports-distfiles/ksh93/INIT.
2014-12-24.tgz: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ksh93 and try again.
*** Error code 1
What is the best solution here?
so I really have to add security/ca_root_nss (... and perl)
as a fetch dependency? Any other solution?
A quick look at bsd.sites.mk shows that we have some https-only distfile
sources.
Marcin Cieślak
More information about the freebsd-ports
mailing list