tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Enabling SSL in pkg_install

On 01/25/18 16:47, Jonathan Perkin wrote:
* On 2018-01-25 at 21:58 GMT, Jason Bacon wrote:

I'd like to use https with pkgin but...

[root@unixdev2 bacon]# pkgin avail
reading local summary...
processing local summary...
SSL support disabled
SSL support disabled
SSL support disabled
pkgin: Could not fetch

The problem appears to be in pkg_install.  What's the canonical way to
enable SSL during bootstrap?

Just add openssl to PKG_DEFAULT_OPTIONS or PKG_OPTIONS.libfetch?
You can't do it during bootstrap if you use openssl from pkgsrc as
bootstrap doesn't support building security/openssl, but you can
rebuild pkg_install afterwards with the ssl option enabled and then
use that package in your bootstrap kit, which is what we do.

I also use

which, yes, is a hack, but there are too many corner cases where
linking pkg_install against pkgsrc openssl will screw you (think
through what happens when you upgrade openssl...)

Upon further examination, it seems that building libfetch and pkgin with PKG_OPTIONS.libfetch='inet6 openssl' is sufficient for my purposes.  pkgin seems work with SSL even if pkg_install is not rebuilt.

So I will test the strategy of adding this to mk.conf in auto-pkgsrc-setup and in my pbulk builds, so that only pkgin is SSL-enabled, and pkg_install can be a fallback if ever an SSL issue arises.

Earth is a beta site.

Home | Main Index | Thread Index | Old Index