SSL verification issues when installing modules from the Forge
R. Tyler Croy
tyler at monkeypox.org
Tue Feb 25 20:42:34 UTC 2014
Hello gecko@! I'm CC'ing you on this thread already in progress, I hope you
don't mind!
On Tue, 25 Feb 2014, Zach Leslie wrote:
> > Bingo! This works:
> >
> > % pkg install puppet ca_root_nss
> > % ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem
> > % puppet module install zleslie/pkgng
> >
> > Perhaps I should file a bug against the puppet FreeBSD port to specify the
> > dependency correctly, and perhaps the puppet port should create the symbolic
> > link?
>
> Linking as part of the puppet port would work, though I really think
> this is the job of the ca_root_nss port. I'm not sure why its disabled
> by default. It might be worth reaching out to the port maintainers.
Gecko, I'm curious whether it would be possible to update the ca_root_nss
port's ETCSYMLINK option to default to true? In the case of installing
ca_root_nss from pkgng, the option cannot be changed by a user installing the
package, so the symlink won't exist, which causes problems :(
If this isn't something you're comfortable with changing, it'd be helpful to
understand why, so we could explore other means of solving the problem and
document them accordingly.
Cheers
- R. Tyler Croy
------------------------------------------------------
Code: <https://github.com/rtyler>
Chatter: <https://twitter.com/agentdero>
% gpg --keyserver keys.gnupg.net --recv-key 3F51E16F
------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-gecko/attachments/20140225/67e7275c/attachment.sig>
More information about the freebsd-gecko
mailing list