If you edit /etc/pkg/HardenedBSD.conf and change the URI from https://
to http://, pkg should work for you. You can then install the
ca_root_nss package, which will bring in the right trusted root
certificates.
FreeBSD has an issue with certctl where it might not succeed in some
cases, cases that HardenedBSD users might be more susceptible to
hitting:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275449
FreeBSD's certctl bug might be the underlying cause of recent errors
with hbsd-update:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/91
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
On Thu, Dec 07, 2023 at 08:53:27AM -0800, Anonymous95 wrote:
> It appears maybe I was right on this one. Running pkg in debug mode says
> "SSL certificate problem: unable to get local certificate". Looking into
> /etc/ssl/untrusted shows all the links are broken, but the files do exist
> in /usr/share/certs/untrusted (at least the few I checked). This isn't
> normal, is it?
>
> Is there any way to bypass the ssl check so I can at least update?
> Attempting to fix the problem with basically everything broken is
> incredibly difficult.
>
> If not, is there any way to fix SSL now that it's so broken? I *really* do
> not want to reinstall not the least of which reason is I had *just* gotten
> it how I wanted it before all of this BS.
>
> I'd really appreacte some help here...if there is any more information you
> need please let me know.
> On Tuesday, November 14, 2023 at 9:21:25 AM UTC Anonymous95 wrote:
>
> > One other thing: it appears the packages for this version have finished
> > according to the website linked in my previous post
> > <
https://hbsd-pkg-current-01.hardenedbsd.org/build.html?mastername=current-default&build=2023-11-01_13h00m06s>.
> > So if I read it wrong please let me know.
> >
> > On Tuesday, November 14, 2023 at 9:17:08 AM UTC Anonymous95 wrote:
> >
> >>
> >> So. Finally was able to get pkg to work, but it said I was at an older
> >> version. Okay...so I upgraded HardednedBSD, now pkg doesn't work anymore!
> >>
> >> Bootstraping appears to work fine, as I can get the latest pkg and it
> >> installs, but when I attempt to update I am met with the error:
> >> "pkg: An error occured while fetching package"
> >>
> >> My uname prints I am on 1500002 however when I attempted to install it,
> >> it complained about errors related to some ssl certs that apparently
> >> weren't there. Since I can still pull the package and it still attempts to
> >> install here is a screencapture <
https://ibb.co/9nm9Ffj> of some of the