First-time user: Expired mirror-master certificate - and other problems :(

Marcin Cieslak saper at saper.info
Fri May 31 07:30:14 PDT 2024 

Hello,

I just installed DragonFlyBSD for a first time
yesterday and unfortunately:

1) pkg bootstrap broke pkg (as described last month
in https://lists.dragonflybsd.org/pipermail/users/2024-April/452255.html
The "Avalon" repository (whatever it is) was
unreachable.

2) I gave up troubleshooting pkg yesterday but today
the cause is certain: the certificate of 
https://mirror-master.dragonflybsd.org/ expired.
This also got reported to this list a month ago,
so it must be a recurring event (Let's Encrypt?)

3) Out of panic I tried to reinstall pkg, ca_root_nss
and other stuff out of dports only to find out that
for example security/openssl cannot be installed due to
security vulnerability.

Also many dports do not get installed because they are
"unmaintained", but there does not seem to be a clear
way to override that.

I was fighting some DNS issues (unrelated to DragonFly)
and I was sadly surprised that there is no DNS server
in the base anymore. (And I could not install bind9
due to security issue in the port).

Is there Kerberos in the base? I couldn't find
kinit/klist but some ports give me "base Heimdal"
as an option - is it just some leftover from FreeBSD
ports?

Initial installation also didn't go smoothly:

I asked the installer to encrypt /boot and the root filesystem.
It nicely refused to encrypt /boot but I could mark the root fs
as encrypted.

During customization phase it asked me for the encryption password
again asking for password confirmation, as if we were setting
the password again (not just mounting). This was confusing.

In the end, it didn't work - mountroot bailed out trying
to mount stuff from md0 partitions, which apparently didn't get
set up during the booting process.

So I had to go unencrypted.

I am sure for every problem I have mentioned there can
be a fix or a workaround if we go patiently through
the troubleshooting.  It was just very frustrating
and I simply gave up, and I have to send this email
from the FreeBSD system instead :(

There was a one positive surprose though: ACPI event
messages are set up properly out of the box
(unlike FreeBSD -CURRENT I use as my daily driver).

Marcin

More information about the Users mailing list