Switching `pkg` to HTTPS by default
Andrew Savchenko
andrew at lists.savchenko.net
Fri Sep 11 13:41:51 UTC 2020
Hello,
I have added the following snippet under the
/usr/local/etc/pkg/repos/FreeBSD.conf:
```
FreeBSD: {
url: "pkg+https://pkg.FreeBSD.org/${ABI}/quarterly",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
```
Note the "https" part of the address. Regardless, `pkg` continued fetching
binaries over unencrypted http. I had to change the /etc/pkg/FreeBSD.conf for
this to have any effect.
Setting `VULNXML_SITE` to HTTPS in /usr/local/etc/pkg.conf worked as expected.
Is this a valid bug to report over to freebsd-bugs at freebsd.org?
--
Regards,
A
More information about the freebsd-pkg
mailing list