pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Enabling SSL in pkg_install

On 01/27/18 08:57, Jason Bacon wrote:
On 01/25/18 16:47, Jonathan Perkin wrote:
* On 2018-01-25 at 21:58 GMT, Jason Bacon wrote:

I'd like to use https with pkgin but...

[root@unixdev2 bacon]# pkgin avail
reading local summary...
processing local summary...
SSL support disabled
SSL support disabled
SSL support disabled
pkgin: Could not fetch

The problem appears to be in pkg_install.  What's the canonical way to
enable SSL during bootstrap?

Just add openssl to PKG_DEFAULT_OPTIONS or PKG_OPTIONS.libfetch?
You can't do it during bootstrap if you use openssl from pkgsrc as
bootstrap doesn't support building security/openssl, but you can
rebuild pkg_install afterwards with the ssl option enabled and then
use that package in your bootstrap kit, which is what we do.

I also use

which, yes, is a hack, but there are too many corner cases where
linking pkg_install against pkgsrc openssl will screw you (think
through what happens when you upgrade openssl...)

I'm thinking one would have to deliberately override dependency checks in order to upgrade pkgsrc openssl without rebuilding its dependents, correct?

On another note, it seems that building libfetch with openssl support is sufficient to enable SSL in pkg_install, but pkgin needs to be rebuilt as well.  I've been using the attached script to retrofit my old trees with SSL support.  I did not intend to enable SSL in pkg_install, but serendipitously discovered that it works after applying this fix.


auto-pkgsrc-setup now enables SSL in pkg_add/pkgin by rebuilding libfetch and pkgin post-bootstrap.

Also see pkgsrc-enable-ssl at the above link to retrofit preexisting pkgsrc trees with SSL support.  It's tested on trees created by auto-pkgsrc-setup.  No guarantees on trees installed by other means.

Earth is a beta site.

Home | Main Index | Thread Index | Old Index