Hi all, I was in trouble for a while because I was using FreeBSD behind an http proxy (a palo alto for what it means) and the portsnap command was unable to handle updates reporting always "file does not exist". After digging I found that the problem was in the phttpget command used internally from portsnap: phttpget is not able to handle an http_proxy variable in the form of http://user:password at proxy:port since the first colon is understood as a port separator and therefore phttpget tries to connect to the host "user" on port "password at proxy:port". Since I did not found much documentation about how to solve the problem, and nobody on the forum was able to point me in any direction (see http://forums.freebsd.org/showthread.php?t=28849) I wrote a simple patch to modify portsnap to use wget instead of phttpget. Of course, this means you have to install wget first, and also the laminating of the files to download has slightly changed within portsnap, but I'm using it from several days and updates now and it seems to work well. Now the question is: should this patch, or better the idea of using wget or another alike substitute to phttpget, be integrated into the system? I've tested it on FreeBSD-9-STABLE. Regards, Luca -------------- next part -------------- A non-text attachment was scrubbed... Name: portsnap_wget.patch Type: application/octet-stream Size: 1593 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20121127/de4fece9/attachment.obj>
Do you aware that if wget tries download from https, and there is self-signed certificate, then it fails, and ask for --no-check-certificate option? How do your patch deal in that case? 2012/11/27 Luca Ferrari <fluca1978 at infinito.it>> Hi all, > I was in trouble for a while because I was using FreeBSD behind an > http proxy (a palo alto for what it means) and the portsnap command > was unable to handle updates reporting always "file does not exist". > After digging I found that the problem was in the phttpget command > used internally from portsnap: phttpget is not able to handle an > http_proxy variable in the form of http://user:password at proxy:port > since the first colon is understood as a port separator and therefore > phttpget tries to connect to the host "user" on port > "password at proxy:port". Since I did not found much documentation about > how to solve the problem, and nobody on the forum was able to point me > in any direction (see > http://forums.freebsd.org/showthread.php?t=28849) I wrote a simple > patch to modify portsnap to use wget instead of phttpget. > Of course, this means you have to install wget first, and also the > laminating of the files to download has slightly changed within > portsnap, but I'm using it from several days and updates now and it > seems to work well. > Now the question is: should this patch, or better the idea of using > wget or another alike substitute to phttpget, be integrated into the > system? > I've tested it on FreeBSD-9-STABLE. > > Regards, > Luca > > _______________________________________________ > freebsd-stable at freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org" >-- Regards, Alexander Yerenkow
Sorry, back to list. On Tue, Nov 27, 2012 at 9:22 AM, Alexander Yerenkow <yerenkow at gmail.com> wrote:> Do you aware that if wget tries download from https, and there is > self-signed certificate, then it fails, and ask for --no-check-certificate > option? > How do your patch deal in that case?It simply does not. Are the usage of ports allowed to provide self-signed certificates over https? However I think it is possible to make an option in portsnap.conf to allow for no-check-certificate option for wget. Luca
On Tue, 2012-11-27 at 08:52 +0100, Luca Ferrari wrote:> Now the question is: should this patch, or better the idea of using > wget or another alike substitute to phttpget, be integrated into the > system? > I've tested it on FreeBSD-9-STABLE.Certainly not with a dependency on wget, which is not part of the base system. Use fetch instead. Thanks.