pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/58273: pkgin cannot download repo index over SSL in default install



The following reply was made to PR pkg/58273; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: zip100 <2857%gmx.de@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: pkg/58273: pkgin cannot download repo index over SSL in default install
Date: Wed, 22 May 2024 18:08:53 +0000

 > I've picked an option to add pkgin during the install, but that
 > didn't work, [...]
 
 What does `that didn't work' mean?  What was the symptom?
 
 > it seems to me that root certs are missing in default install and
 > thus even NetBSD mirrors are affected.
 
 This is probably what happened, but it's not clear why it happened.
 
 The mozilla-rootcerts-openssl package should no longer be necessary as
 of 10.  If you delete it and run `certctl list', that will tell you
 what root certs NetBSD thinks should be configured in
 /etc/openssl/certs, and `certctl rehash' will clear out
 /etc/openssl/certs and repopulate it to make it so.
 
 If you have more time, can you:
 
 1. boot the installer in a fresh VM,
 2. enter the utility menu and enable logging and scripting,
 3. otherwise run through the same installation procedure again, and
 4. reproduce the pkgin failure?
 
 If so, can you break into a shell (hit ^Z or go into the utility menu
 and start a shell) and share /tmp/sysinst.log and /tmp/sysinst.sh?
 (E.g., transmit them with nc(1) to another host.)
 
 Once you've done all that, can you:
 
 5. reboot into the fresh installation,
 6. check whether pkg_add and pkgin work with https,
 7. check whether `ls /etc/openssl/certs' is empty,
 8. run `certctl rehash', and
 9. check again whether whether pkg_add and pkgin work with https, and
 10. check again wehther `ls /etc/openssl/certs' is empty?
 
 > Maybe they're installed as some dependencies of X set, that's why
 > it's not always triggered in a console install.
 
 The certificates are in the base set, and they are always configured
 in /etc/openssl/certs when extracting sets during installation.
 


Home | Main Index | Thread Index | Old Index