Re: Enabling SSL in pkg_install

[Jason Bacon <bacon4000%gmail.com@localhost>]

On 01/25/18 16:47, Jonathan Perkin wrote:
> * On 2018-01-25 at 21:58 GMT, Jason Bacon wrote:
>
> > I'd like to use https with pkgin but...
> >
> > [root@unixdev2 bacon]# pkgin avail
> > reading local summary...
> > processing local summary...
> > SSL support disabled
> > SSL support disabled
> > SSL support disabled
> > pkgin: Could not fetch
> > https://mirror1.hpc.uwm.edu/pkgsrc/packages/usr/pkg/RHEL7/All/pkg_summary.gz
> >
> > The problem appears to be in pkg_install.  What's the canonical way to
> > enable SSL during bootstrap?
> >
> > Just add openssl to PKG_DEFAULT_OPTIONS or PKG_OPTIONS.libfetch?
> You can't do it during bootstrap if you use openssl from pkgsrc as
> bootstrap doesn't support building security/openssl, but you can
> rebuild pkg_install afterwards with the ssl option enabled and then
> use that package in your bootstrap kit, which is what we do.
>
> I also use
>
>    https://github.com/joyent/pkgsrc/commit/98f279b475e9f1850cea14df4fe80af92cee2ec0
>
> which, yes, is a hack, but there are too many corner cases where
> linking pkg_install against pkgsrc openssl will screw you (think
> through what happens when you upgrade openssl...)
Upon further examination, it seems that building libfetch and pkgin with 
PKG_OPTIONS.libfetch='inet6 openssl' is sufficient for my purposes.  
pkgin seems work with SSL even if pkg_install is not rebuilt.

So I will test the strategy of adding this to mk.conf in 
auto-pkgsrc-setup and in my pbulk builds, so that only pkgin is 
SSL-enabled, and pkg_install can be a fallback if ever an SSL issue arises.

--
Earth is a beta site.