Sysinstall and packages

Matthew Seaman m.seaman at
Wed Feb 14 07:27:01 UTC 2007

Jerry McAllister wrote:
> On Tue, Feb 13, 2007 at 08:00:11PM -0500, Mark Jacobs wrote:
>> On Tue, 2007-02-13 at 19:54 -0500, Jerry McAllister wrote:
>>> On Tue, Feb 13, 2007 at 06:54:10PM -0500, Mark Jacobs wrote:
>>>> At work I run 6.2 stable and due to firewall problems I cannot download
>>>> packages or port sources using http.

>> Like I said I have firewall problems at work. I can update my ports file
>> fine,but cannot download the source archives using http.
> I don't think it uses http. 
> I think it uses ftp - even handles passive ftp which is needed
> for some firewall situations.
> I never looked closely.  

When downloading the distfiles required for a port, it is at the port
maintainer's discretion as to what mechanism to use.  Nowadays, HTTP
is probably the most popular, with FTP in decline.  Together those two
account for perhaps 99% of the ports, but there is the capability for
a port maintainer to write some more customised download if needed.

Only being able to use FTP seems perverse to me: the arcane way in
which FTP uses multiple connections between source and destination
makes it much, much harder to firewall effectively, whereas HTTP
is a nice clean simple modern protocol.

It is common for many companies to require HTTP traffic to pass
through some sort of proxy -- generally so they can stop the windows
users downloading malware and stop users in general browsing for
inappropriate pink bits.  However you should still be able to pull
down source tarballs through such a proxy by setting environment
variables -- see fetch(3) for details, but the main ones are 

If that doesn't work, then the distfiles for any ports that have
been compiled on the package building cluster should be available
from -- that's
the vast majority of software available via the ports, but usually
it takes a few days for the package building cluster to get round to
rebuilding updated ports (so the distfiles may not be there yet),
and this won't help you for the ports marked not to be built on the

You can even set the following in /etc/make.conf to cause the ports
system to try using the distfile cache before it
tries the upstream distribution points, although don't do this unless
you absolutely need to, or could end up horribly


See ports(7) for details.  You'll still have a problem downloading
the ports INDEX (ie 'make fetchindex') as that uses HTTP by default.
Locating an FTP accessible source for the INDEX, and finding out what
to put in make.conf to cause the make system to use it is left as an
exercise for  the student.  Or you can use my p5-FreeBSD-Portindex port
to build and maintain your own, or you can even just do without an INDEX
at all...



Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP:         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list