pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkgin from 8.0/amd64 -> "SSL support disabled"?
Hi,
I just upgraded one of my systems using "pkgin -y fug", using the
NetBSD-built packages for 8.0/amd64, via
https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/amd64/8.0/All
This is on a host running 9.0 (packages for 9.0 were not
available at the time...)
So after the upgrade I changed repositories.conf to
https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/amd64/9.0/All
and did "pkgin up", and was met with
processing remote summary (https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/amd64/8.0/All)...
SSL support disabled
SSL support disabled
SSL support disabled
pkgin: Could not fetch https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/amd64/8.0/All/pkg_summary.gz
Digging around with some hints from fellow developers reveals that
this message comes from libfetch, and its common.c shows that this
message appears if the program isn't built with WITH_SSL. Libfetch is
linked statically into pkgin, by the looks of it.
libfetch's options.mk has
PKG_SUPPORTED_OPTIONS= inet6 openssl
PKG_SUGGESTED_OPTIONS= inet6
and apparently some code to use the builtin OpenSSL via
CHECK_BUILTIN.openssl:= yes
.include "../../security/openssl/builtin.mk"
CHECK_BUILTIN.openssl:= no
.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
PKG_SUGGESTED_OPTIONS+= openssl
.endif
However, it appears that the package you get of pkgin if you
update via
https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/amd64/8.0/All
you end up with a pkgin which is built with a libfetch which is *not*
build with the openssl option. How that happened I have no further
insight into, I'm afraid.
Thus, if you rely on using "pkgin" and have a strong preference for
fetching the packages using https, you will find yourself at a dead
end (which is pretty terrible).
To recover from this, you will need to rebuild and re-install libfetch
using pksrc, and then rebuild and re-install pkgin. In libfetch you
can do "make show-var VARNAME=PKG_SUGGESTED_OPTIONS" to make sure
"openssl" is among the suggested options.
Regards,
- Håvard
Home |
Main Index |
Thread Index |
Old Index