pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkgin from 8.0/amd64 -> "SSL support disabled"?


I just upgraded one of my systems using "pkgin -y fug", using the
NetBSD-built packages for 8.0/amd64, via

This is on a host running 9.0 (packages for 9.0 were not
available at the time...)

So after the upgrade I changed repositories.conf to

and did "pkgin up", and was met with

   processing remote summary (
   SSL support disabled
   SSL support disabled
   SSL support disabled
   pkgin: Could not fetch

Digging around with some hints from fellow developers reveals that
this message comes from libfetch, and its common.c shows that this
message appears if the program isn't built with WITH_SSL.  Libfetch is
linked statically into pkgin, by the looks of it.

libfetch's has


and apparently some code to use the builtin OpenSSL via

CHECK_BUILTIN.openssl:= yes
.include "../../security/openssl/"
CHECK_BUILTIN.openssl:= no

.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])

However, it appears that the package you get of pkgin if you
update via

you end up with a pkgin which is built with a libfetch which is *not*
build with the openssl option.  How that happened I have no further
insight into, I'm afraid.

Thus, if you rely on using "pkgin" and have a strong preference for
fetching the packages using https, you will find yourself at a dead
end (which is pretty terrible).

To recover from this, you will need to rebuild and re-install libfetch
using pksrc, and then rebuild and re-install pkgin.  In libfetch you
can do "make show-var VARNAME=PKG_SUGGESTED_OPTIONS" to make sure
"openssl" is among the suggested options.


- Håvard

Home | Main Index | Thread Index | Old Index