Date: Tue, 25 Feb 2014 12:42:29 -0800 From: "R. Tyler Croy" <tyler@monkeypox.org> To: Zach Leslie <zach@puppetlabs.com> Cc: puppet-bsd@googlegroups.com, gecko@FreeBSD.org Subject: Re: SSL verification issues when installing modules from the Forge Message-ID: <20140225204229.GX85115@kiwi> In-Reply-To: <20140225194628.GK83500@prozach.local> References: <20140224003807.GD85115@kiwi> <20140224175709.GH83500@prozach.local> <20140224181517.GK85115@kiwi> <20140225194628.GK83500@prozach.local>
next in thread | previous in thread | raw e-mail | index | archive | help
--+9WMDU/RdULAIC7Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello gecko@! I'm CC'ing you on this thread already in progress, I hope you
don't mind!
On Tue, 25 Feb 2014, Zach Leslie wrote:
> > Bingo! This works:
> >=20
> > % pkg install puppet ca_root_nss
> > % ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem
> > % puppet module install zleslie/pkgng
> >=20
> > Perhaps I should file a bug against the puppet FreeBSD port to specify =
the
> > dependency correctly, and perhaps the puppet port should create the sym=
bolic
> > link?
>=20
> Linking as part of the puppet port would work, though I really think
> this is the job of the ca_root_nss port. I'm not sure why its disabled
> by default. It might be worth reaching out to the port maintainers.
Gecko, I'm curious whether it would be possible to update the ca_root_nss
port's ETCSYMLINK option to default to true? In the case of installing
ca_root_nss from pkgng, the option cannot be changed by a user installing t=
he
package, so the symlink won't exist, which causes problems :(
If this isn't something you're comfortable with changing, it'd be helpful to
understand why, so we could explore other means of solving the problem and
document them accordingly.
Cheers
- R. Tyler Croy
------------------------------------------------------
Code: <https://github.com/rtyler>;
Chatter: <https://twitter.com/agentdero>;
% gpg --keyserver keys.gnupg.net --recv-key 3F51E16F
------------------------------------------------------
--+9WMDU/RdULAIC7Q
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iEYEARECAAYFAlMNADUACgkQFCbH3D9R4W+YFwCdHqrx8/pv0Z88Q8XFvIv3Bvhl
JtAAn06JNB2f4QaIBTZOc5iixNq4YeVS
=KUkM
-----END PGP SIGNATURE-----
--+9WMDU/RdULAIC7Q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140225204229.GX85115>