First-time user: Expired mirror-master certificate - and other problems :(

Martin Ivanov marto1980 at gmail.com
Fri May 31 07:40:25 PDT 2024 

Hello Marcin,
welcome to DragonFlyBSD! To fix the pkg problem:
		    1.in /usr/local/etc/pkg/repos/, copy the df-latest.conf.sample to df-latest.conf
		    2. in /usr/local/etc/pkg/repos/df-latest.conf, disable the Avalon repository and enable the Wolfhound http repository. 
                  3. pkg install ca_root_nss
                   4. in /usr/local/etc/pkg/repos/df-latest.conf, enable the Avalon repository and disable Wolfhound again.

Best regards,
Martin


> On 31 May 2024, at 17:30, Marcin Cieslak <saper at saper.info> wrote:
> 
> Hello,
> 
> I just installed DragonFlyBSD for a first time
> yesterday and unfortunately:
> 
> 1) pkg bootstrap broke pkg (as described last month
> in https://lists.dragonflybsd.org/pipermail/users/2024-April/452255.html
> The "Avalon" repository (whatever it is) was
> unreachable.
> 
> 2) I gave up troubleshooting pkg yesterday but today
> the cause is certain: the certificate of https://mirror-master.dragonflybsd.org/ expired.
> This also got reported to this list a month ago,
> so it must be a recurring event (Let's Encrypt?)
> 
> 3) Out of panic I tried to reinstall pkg, ca_root_nss
> and other stuff out of dports only to find out that
> for example security/openssl cannot be installed due to
> security vulnerability.
> 
> Also many dports do not get installed because they are
> "unmaintained", but there does not seem to be a clear
> way to override that.
> 
> I was fighting some DNS issues (unrelated to DragonFly)
> and I was sadly surprised that there is no DNS server
> in the base anymore. (And I could not install bind9
> due to security issue in the port).
> 
> Is there Kerberos in the base? I couldn't find
> kinit/klist but some ports give me "base Heimdal"
> as an option - is it just some leftover from FreeBSD
> ports?
> 
> Initial installation also didn't go smoothly:
> 
> I asked the installer to encrypt /boot and the root filesystem.
> It nicely refused to encrypt /boot but I could mark the root fs
> as encrypted.
> 
> During customization phase it asked me for the encryption password
> again asking for password confirmation, as if we were setting
> the password again (not just mounting). This was confusing.
> 
> In the end, it didn't work - mountroot bailed out trying
> to mount stuff from md0 partitions, which apparently didn't get
> set up during the booting process.
> 
> So I had to go unencrypted.
> 
> I am sure for every problem I have mentioned there can
> be a fix or a workaround if we go patiently through
> the troubleshooting.  It was just very frustrating
> and I simply gave up, and I have to send this email
> from the FreeBSD system instead :(
> 
> There was a one positive surprose though: ACPI event
> messages are set up properly out of the box
> (unlike FreeBSD -CURRENT I use as my daily driver).
> 
> Marcin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20240531/d8f45184/attachment.htm>

More information about the Users mailing list