From nobody Sun Jul 17 07:05:21 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Llx1s6FB4z4TSHr for ; Sun, 17 Jul 2022 07:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Llx1s5Dczz430F for ; Sun, 17 Jul 2022 07:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Llx1s4Bh7zrGV for ; Sun, 17 Jul 2022 07:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 26H75LcG053968 for ; Sun, 17 Jul 2022 07:05:21 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 26H75LxC053967 for ports-bugs@FreeBSD.org; Sun, 17 Jul 2022 07:05:21 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 265250] ports-mgmt/portmaster -F does not suppress build of depends (for sysutils/restic, for one) Date: Sun, 17 Jul 2022 07:05:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: security X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: se@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Works As Intended X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658041521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hAGQE9YzeCjMmnzmMC/0eCq0utqbgUEV30C+MoBvUjQ=; b=DH7CQG5OfIOuTxX4DDGtrDOGlxZWqzVehCfxY79mKvbXSw2aw9YJ7cxEI16zQ2fMJVspXA 7mMZncOMKMM3yIykT9+yQJP4Rd3+sHZvz5tqkP7UuosumUi14UrjadzFVZFhd+LDpd4ee6 noYrEiRHvONbiZoJUvXLfDr70xCjV+X8AdAB8NRpG3I5QZn8dsBzohRZfZ2bT1ZXWttgwX yQXWTE5AJ0wTDroL4YirlzO5s5RC6gy/+VIOZ2HKOe47Fiw0FM/gJ70KV+6AlVwyz9oC2k 59KYLgnd8JJOPMtmuDc1/0JOUZzdi6dHklc/nQCewOX3HKFK6pvkmuW3j1erdQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658041521; a=rsa-sha256; cv=none; b=M+1OuyGCs2jvjpqEjvNWfdD4qvYHF6FI7y6IhSNfflOucBFltpkOP4ldQXjHC2GkFw3An/ NlZgOPWVPb9dE7l8uvfMsELlhh8zazh7nsURz1OtY0bryPy82HSHcVQGMJOZ0kx0QjqWt3 j1W9IC6wesai5Erzy/O2PDrmjaw3TvvH8tiqzq944BCQaORveFJ5YSSk1O5Q7qBLjmbw3J KWJvyUE9txGb4nDa7gI5XzFIvWHbw5wrhjBe8OhfFnrI5CabOmBYJylTnlxAqmIYSqV1Wq OCzmp/cRfbZ45kclBm1UtMa/O47/htEWXGoifm6MqbZNxIK+SpRAdphdodRZcw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265250 --- Comment #9 from Stefan E=C3=9Fer --- (In reply to Tatsuki Makino from comment #8) > These days, it seems that several root certificates are installed in the = base just like any other OS. > They are located in /usr/share/certs. > But I don't know if they are used when fetching distfile. Yes, and I had missed the fact that you specifically mentioned fetching distfiles from https URLs. The root certificates in the base system are used by "fetch" (it uses the default OpenSSL certificate path, unless a different path is requested by m= eans of the --ca-path option or the SSL_CA_CERT_PATH environment variable). I'd be surprised if ca_root_nss was required to fetch and distfile, today. The ca_root_nss port is required to provide Firefox and Thunderbird with the set of root certificates selected by these projects, but should not be depe= nded on for fetching distfiles, IMHO. There is a risk of the root certificates in the base system becoming stale = on systems that are not updated for a long time, though. I have not checked whether the root certificates in base of the currently maintained FreeBSD releases always cover the time until the expected EOL da= te of the respective FreeBSD release - this might be a useful step in the rele= ase process, and a warning should be issued if such root certificates become invalid during the life time of a release. --=20 You are receiving this mail because: You are the assignee for the bug.=