New binary packages available (Sync Sept 6th 2020)
Antonio Huete Jiménez
tuxillo at quantumachine.net
Wed Oct 7 15:47:09 PDT 2020
The problem is that once you remove all packages, you remove also
ca_root_nss, which includes the CA certificates that pkg (via
libfetch) needs to verify a certificate against its CA.
There are several workarounds:
1) Probably the simplest one to try is adding the text below to your
/usr/local/etc/pkg.conf, then installing ca_root_nss. Don't forget to
remove it afterwards:
2) Use the still enabled HTTP protocol in the main mirror. Ideally
you'd just use this to upgrade pkg and retrieve ca_root_nss, then
you'd switch again to your regular mirror via HTTPS.
mirror_type : NONE,
signature_type : NONE,
pubkey : NONE,
fingerprints : /usr/share/fingerprints,
enabled : yes
3) Provide your own /etc/ssl/cert.pem until you've been able to pull
ca_root_nss. According to fetch(1) manpage (in the --ca-cert option),
it tries first /usr/local/etc/ssl/cert.pem and then /etc/ssl/cert.pem.
Problem is that ca_root_nss has /etc/ssl/cert.pem in its PLIST, so it
might complain if the file already exists.
Let us know if it worked for you.
Quoting Lanir <lanir at cisns.net>:
> I tried upgrading packages using the conflict-proof upgrade technique
> linked below. I got to the point where I was running "pkg upgrade" and
> that's when this error starts appearing:
> # pkg upgrade
> Updating Avalon repository catalogue...
> Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's
> Encrypt Authority X3
> 34371318292:error:14007086:SSL routines:CONNECT_CR_CERT:certificate
> It repeats several times but looks the same. Looking at the URL in my
> web browser I don't see any obvious problems with the certificate.
> What can I do to get this sorted out?
> On 10/5/20 7:06 PM, Antonio Huete Jiménez wrote:
>> Dear users,
>> There is a new binary package set for master and RELEASE available.
>> It's based in FreeBSD Ports as of Sep 6 20:03:11 2020 with a few minor
>> You can use the "Bullet-proof (conflict-proof) upgrade technique" as
>> described here:
>> Users that wish to report issues with specific packages, please open
>> an issue here: https://github.com/DragonFlyBSD/DPorts/issues
>> Developers tthat wish to submit fixes, please go here:
>> 30960 packages available
>> 30986 packages available
>> - The DragonFly BSD team
More information about the Users