Hi,
The problem is that once you remove all packages, you remove also
ca_root_nss, which includes the CA certificates that pkg (via
libfetch) needs to verify a certificate against its CA.
There are several workarounds:
1) Probably the simplest one to try is adding the text below to your
/usr/local/etc/pkg.conf, then installing ca_root_nss. Don't forget to
remove it afterwards:
PKG_ENV {
SSL_NO_VERIFY_PEER=1
}
2) Use the still enabled HTTP protocol in the main mirror. Ideally
you'd just use this to upgrade pkg and retrieve ca_root_nss, then
you'd switch again to your regular mirror via HTTPS.
Avalon: {
url :
http://mirror-master.dragonflybsd.org/dports/${ABI}/LATEST,
mirror_type : NONE,
signature_type : NONE,
pubkey : NONE,
fingerprints : /usr/share/fingerprints,
enabled : yes
}
3) Provide your own /etc/ssl/cert.pem until you've been able to pull
ca_root_nss. According to fetch(1) manpage (in the --ca-cert option),
it tries first /usr/local/etc/ssl/cert.pem and then /etc/ssl/cert.pem.
Problem is that ca_root_nss has /etc/ssl/cert.pem in its PLIST, so it
might complain if the file already exists.
Let us know if it worked for you.
Regards,
Antonio Huete
Quoting Lanir <[email protected]>:
Hi,
I tried upgrading packages using the conflict-proof upgrade technique
linked below. I got to the point where I was running "pkg upgrade" and
that's when this error starts appearing:
# pkg upgrade
Updating Avalon repository catalogue...
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's
Encrypt Authority X3
34371318292:error:14007086:SSL routines:CONNECT_CR_CERT:certificate
verify
failed:/usr/src/lib/libressl/../../crypto/libressl/ssl/ssl_clnt.c:1121:
It repeats several times but looks the same. Looking at the URL in my
web browser I don't see any obvious problems with the certificate.
What can I do to get this sorted out?
Thanks!
On 10/5/20 7:06 PM, Antonio Huete Jiménez wrote:
Dear users,
There is a new binary package set for master and RELEASE available.
It's based in FreeBSD Ports as of Sep 6 20:03:11 2020 with a few minor
cherry-picks.
You can use the "Bullet-proof (conflict-proof) upgrade technique" as
described here:
https://www.dragonflybsd.org/docs/howtos/HowToDPorts/#index4h1
Users that wish to report issues with specific packages, please open
an issue here: https://github.com/DragonFlyBSD/DPorts/issues
Developers tthat wish to submit fixes, please go here:
https://github.com/DragonFlyBSD/DeltaPorts/pulls
RELEASE-5.8
30960 packages available
master
30986 packages available
- The DragonFly BSD team
