On 01/25/18 16:47, Jonathan Perkin wrote:
I'm thinking one would have to deliberately override dependency checks in order to upgrade pkgsrc openssl without rebuilding its dependents, correct?* On 2018-01-25 at 21:58 GMT, Jason Bacon wrote:I'd like to use https with pkgin but... [root@unixdev2 bacon]# pkgin avail reading local summary... processing local summary... SSL support disabled SSL support disabled SSL support disabled pkgin: Could not fetch https://mirror1.hpc.uwm.edu/pkgsrc/packages/usr/pkg/RHEL7/All/pkg_summary.gz The problem appears to be in pkg_install. What's the canonical way to enable SSL during bootstrap? Just add openssl to PKG_DEFAULT_OPTIONS or PKG_OPTIONS.libfetch?You can't do it during bootstrap if you use openssl from pkgsrc as bootstrap doesn't support building security/openssl, but you can rebuild pkg_install afterwards with the ssl option enabled and then use that package in your bootstrap kit, which is what we do. I also use https://github.com/joyent/pkgsrc/commit/98f279b475e9f1850cea14df4fe80af92cee2ec0 which, yes, is a hack, but there are too many corner cases where linking pkg_install against pkgsrc openssl will screw you (think through what happens when you upgrade openssl...)
On another note, it seems that building libfetch with openssl support is sufficient to enable SSL in pkg_install, but pkgin needs to be rebuilt as well. I've been using the attached script to retrofit my old trees with SSL support. I did not intend to enable SSL in pkg_install, but serendipitously discovered that it works after applying this fix.
-- Earth is a beta site.
#!/bin/sh -e
# If this fails, reinstall pkgin and libfetch via
# cd $pkgsrc/pkgtools/pkgin
# bmake clean
# bmake clean-depends
# bmake install
if [ `uname` = Linux ]; then
sed=sed
else
sed=gsed
fi
bmake=`which bmake`
# Fix bug in bmake wrapper from old auto-pkgsrc-setup
$sed -i'' -e 's|bmake.bin $@|bmake.bin "$@"|g' $bmake || true
prefix=${bmake%%/bin/*}
pkgsrc=`echo $prefix | sed -e 's|pkg|pkgsrc|g'`
# Minimum base compilers for 2017Q3 and later
pkg_add gcc48 gcc5
# Rebuild libfetch and pkgin with openssl support
pkg_delete -f libfetch pkgin
cd $pkgsrc/pkgtools/pkgin
bmake clean
bmake clean-depends
bmake install PKG_OPTIONS.libfetch="inet6 openssl"
$sed -i'' -e 's|http:|https:|g' $prefix/etc/pkgin/repositories.conf
grep http $prefix/etc/pkgin/repositories.conf
pkgin avail|wc