Can't UPDATE on latest HBSD 15 version 150002

35 views
Skip to first unread message

Anonymous95

unread,
Nov 14, 2023, 4:17:08 AM11/14/23
to HardenedBSD Users

So. Finally was able to get pkg to work, but it said I was at an older version. Okay...so I upgraded HardednedBSD, now pkg doesn't work anymore!

Bootstraping appears to work fine, as I can get the latest pkg and it installs, but when I attempt to update I am met with the error:
"pkg: An error occured while fetching package"

My uname prints I am on 1500002 however when I attempted to install it, it complained about errors related to some ssl certs that apparently weren't there. Since I can still pull the package and it still attempts to install here is a screencapture of some of the errors. I could pull all of them if need be. If you could just let me know where to look so I don't have to search, I'd appreciate it.

Pinging google works so it's not my internet.

I changed nothing this time except what was required to upgrade and that was done automatically...I am so confused.
Message has been deleted

Anonymous95

unread,
Nov 14, 2023, 4:21:25 AM11/14/23
to HardenedBSD Users, Anonymous95
One other thing: it appears the packages for this version have finished according to the website linked in my previous post. So if I read it wrong please let me know.

Anonymous95

unread,
Dec 7, 2023, 11:53:27 AM12/7/23
to HardenedBSD Users, Anonymous95
It appears maybe I was right on this one. Running pkg in debug mode says "SSL certificate problem: unable to get local certificate". Looking into /etc/ssl/untrusted shows all the links are broken, but the files do exist in /usr/share/certs/untrusted (at least the few I checked). This isn't normal, is it?

Is there any way to bypass the ssl check so I can at least update? Attempting to fix the problem with basically everything broken is incredibly difficult.

If not, is there any way to fix SSL now that it's so broken? I really do not want to reinstall not the least of which reason is I had just gotten it how I wanted it before all of this BS.

I'd really appreacte some help here...if there is any more information you need please let me know.

Shawn Webb

unread,
Dec 7, 2023, 11:59:02 AM12/7/23
to Anonymous95, HardenedBSD Users
If you edit /etc/pkg/HardenedBSD.conf and change the URI from https://
to http://, pkg should work for you. You can then install the
ca_root_nss package, which will bring in the right trusted root
certificates.

FreeBSD has an issue with certctl where it might not succeed in some
cases, cases that HardenedBSD users might be more susceptible to
hitting:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275449

FreeBSD's certctl bug might be the underlying cause of recent errors
with hbsd-update:

https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/91

Thanks,

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

On Thu, Dec 07, 2023 at 08:53:27AM -0800, Anonymous95 wrote:
> It appears maybe I was right on this one. Running pkg in debug mode says
> "SSL certificate problem: unable to get local certificate". Looking into
> /etc/ssl/untrusted shows all the links are broken, but the files do exist
> in /usr/share/certs/untrusted (at least the few I checked). This isn't
> normal, is it?
>
> Is there any way to bypass the ssl check so I can at least update?
> Attempting to fix the problem with basically everything broken is
> incredibly difficult.
>
> If not, is there any way to fix SSL now that it's so broken? I *really* do
> not want to reinstall not the least of which reason is I had *just* gotten
> it how I wanted it before all of this BS.
>
> I'd really appreacte some help here...if there is any more information you
> need please let me know.
> On Tuesday, November 14, 2023 at 9:21:25 AM UTC Anonymous95 wrote:
>
> > One other thing: it appears the packages for this version have finished
> > according to the website linked in my previous post
> > <https://hbsd-pkg-current-01.hardenedbsd.org/build.html?mastername=current-default&build=2023-11-01_13h00m06s>.
> > So if I read it wrong please let me know.
> >
> > On Tuesday, November 14, 2023 at 9:17:08 AM UTC Anonymous95 wrote:
> >
> >>
> >> So. Finally was able to get pkg to work, but it said I was at an older
> >> version. Okay...so I upgraded HardednedBSD, now pkg doesn't work anymore!
> >>
> >> Bootstraping appears to work fine, as I can get the latest pkg and it
> >> installs, but when I attempt to update I am met with the error:
> >> "pkg: An error occured while fetching package"
> >>
> >> My uname prints I am on 1500002 however when I attempted to install it,
> >> it complained about errors related to some ssl certs that apparently
> >> weren't there. Since I can still pull the package and it still attempts to
> >> install here is a screencapture <https://ibb.co/9nm9Ffj> of some of the
signature.asc

Anonymous95

unread,
Dec 7, 2023, 12:36:10 PM12/7/23
to HardenedBSD Users, Shawn Webb, HardenedBSD Users, Anonymous95
I tried this but it says the fetcher used for curl is still https, so it still fails the same way.

Anonymous95

unread,
Dec 7, 2023, 1:41:09 PM12/7/23
to HardenedBSD Users, Anonymous95, Shawn Webb, HardenedBSD Users
Looked to be a fluke or something, it appears to work now. I have to update my kernel, again, so we'll see how that goes but I need to save that for later. I'll get back to the thread once I know more.

Anonymous95

unread,
Dec 8, 2023, 4:23:52 AM12/8/23
to HardenedBSD Users, Anonymous95, Shawn Webb, HardenedBSD Users
So I had to update, others may have to reinstall, but I was able to fix it! At least as it appears, if anything new pops up I'll let you know.

Anonymous95

unread,
Dec 8, 2023, 7:14:03 AM12/8/23
to HardenedBSD Users, Anonymous95, Shawn Webb, HardenedBSD Users
So I have performed several reboots while in a virtual machine and it works fine, but I'll need to boot to be absolutely sure. Still, there's a very, very good chance the problem has been solved. You may wish to keep this open in case this particular thing is an issue again, but it's probably safe to delete or lock the thread.

Anonymous95

unread,
Dec 8, 2023, 7:14:35 AM12/8/23
to HardenedBSD Users, Anonymous95, Shawn Webb, HardenedBSD Users
>I'll need to boot
I'll need to boot baremetal*
Reply all
Reply to author
Forward
0 new messages