New binary packages available (Sync Sept 6th 2020)

Lanir lanir at cisns.net
Thu Oct 8 18:51:26 PDT 2020


That worked, thanks!

I was wondering if the instructions on the webpage needed to be changed
or not. If I just missed something then ignore the rest of this. But if
i didn't, I'm wondering if before step 3 the instructions should have a
user doing something like "pkg clean -y" then "pkg fetch ca_root_nss"
then "pkg delete -ay" and finally "pkg install ca_root_nss" before
continuing with "pkg upgrade"?

Thanks again for the help and apologies if I misunderstood something.



On 10/7/20 5:47 PM, Antonio Huete Jiménez wrote:
> Hi,
>
> The problem is that once you remove all packages, you remove also
> ca_root_nss, which includes the CA certificates that pkg (via
> libfetch) needs to verify a certificate against its CA.
>
> There are several workarounds:
>
> 1) Probably the simplest one to try is adding the text below to your
> /usr/local/etc/pkg.conf, then installing ca_root_nss. Don't forget to
> remove it afterwards:
>
> PKG_ENV {
>  SSL_NO_VERIFY_PEER=1
> }
>
>
> 2) Use the still enabled HTTP protocol in the main mirror. Ideally
> you'd just use this to upgrade pkg and retrieve ca_root_nss, then
> you'd switch again to your regular mirror via HTTPS.
>
> Avalon: {
>         url             :
> http://mirror-master.dragonflybsd.org/dports/${ABI}/LATEST,
>         mirror_type     : NONE,
>         signature_type  : NONE,
>         pubkey          : NONE,
>         fingerprints    : /usr/share/fingerprints,
>         enabled         : yes
> }
>
> 3) Provide your own /etc/ssl/cert.pem until you've been able to pull
> ca_root_nss. According to fetch(1) manpage (in the --ca-cert option),
> it tries first /usr/local/etc/ssl/cert.pem and then /etc/ssl/cert.pem.
> Problem is that ca_root_nss has /etc/ssl/cert.pem in its PLIST, so it
> might complain if the file already exists.
>
> Let us know if it worked for you.
>
> Regards,
> Antonio Huete
>
>
>
> Quoting Lanir <lanir at cisns.net>:
>
>> Hi,
>>
>> I tried upgrading packages using the conflict-proof upgrade technique
>> linked below. I got to the point where I was running "pkg upgrade" and
>> that's when this error starts appearing:
>>
>> # pkg upgrade
>> Updating Avalon repository catalogue...
>> Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's
>> Encrypt Authority X3
>> 34371318292:error:14007086:SSL routines:CONNECT_CR_CERT:certificate
>> verify
>> failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/ssl_clnt.c:1121:
>>
>> It repeats several times but looks the same. Looking at the URL in my
>> web browser I don't see any obvious problems with the certificate.
>>
>> What can I do to get this sorted out?
>>
>>
>> Thanks!
>>
>>
>> On 10/5/20 7:06 PM, Antonio Huete Jiménez wrote:
>>> Dear users,
>>>
>>> There is a new binary package set for master and RELEASE available.
>>>
>>> It's based in FreeBSD Ports as of Sep 6 20:03:11 2020 with a few minor
>>> cherry-picks.
>>>
>>> You can use the "Bullet-proof (conflict-proof) upgrade technique" as
>>> described here:
>>> https://www.dragonflybsd.org/docs/howtos/HowToDPorts/#index4h1
>>>
>>> Users that wish to report issues with specific packages, please open
>>> an issue here: https://github.com/DragonFlyBSD/DPorts/issues
>>>
>>> Developers tthat wish to submit fixes, please go here:
>>> https://github.com/DragonFlyBSD/DeltaPorts/pulls
>>>
>>> RELEASE-5.8
>>> 30960 packages available
>>>
>>> master
>>> 30986 packages available
>>>
>>>
>>> - The DragonFly BSD team
>>>
>
>
>



More information about the Users mailing list