Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-03 Thread army.of.root

Am 02/11/13 23:19, schrieb Mark Felder:


On Nov 2, 2013, at 3:27 PM, Adrian Chadd adr...@freebsd.org wrote:


A lot of HTTP infrastructure lives on anycast DNS, HTTP redirects and
geoip records. Saying it's broken and not feasible is nonsense.


More specifically what I was referring to was the fact that traditionally HTTP 
failover with round-robin A records is very unreliable; every client can act 
differently. You really need to be doing anycast as well to ensure those 
records are always available which adds additional architecture complexity that 
the project may not have the resources to throw at. GeoDNS also adds a layer of 
complexity, but as it turns out there are members of the project with extensive 
experience running it. SRV would give us very simple, cheap, reliable failover. 
It seems we do have some blockers, though.

The good news is that we fully control the client. Hopefully we can just work 
around these issues.


Hi,

I like green better than purple!

Everybody is just rationalizing their positions with great sophistication.

I think the new behavior is a POLA violation. I was pretty annoyed when i could 
not browse the given URL.


And this will probably result in lots of wasted time for admins, becuase we are 
doing it differently from everybody else.


Everybody else is doing pretty fine with the status quo. There should be a 
better reason than the listed to roll our own. - With this threshold, we 
could also start to replace (smtp, http, dns, pam, posix ). [*cough* systemd]


I am not a FreeBSD developer, so see it as the opinion of a non-paying consumer 
:)

Thanks for pkg-ng, its awesome so far!
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-03 Thread RW
On Sat, 02 Nov 2013 12:28:06 +
Matthew Seaman wrote:


  Which is not always true, especially in heavily firewalled
  environments.
 
 I feel no obligation to do anything to encourage people that
 deliberately break the DNS.  They've made their bed, and now they have
 to lie in it.

In other words, one more reason to choose Linux. You can only afford to
say no soup for you if you're the only soup-nazi in town.

I think there's an important distinction between broken dns and local
dns. If someone wants to provide controlled web access through a web
cache without giving general internet access then I don't see why they
shouldn't.  This doesn't affect admins running servers, it affect
people trying to install FreeBSD on the locked-down part of the
network - typically the desktop machines of developers.

It also seems to be a fundamentally bad idea for a client that knows
it's connected to a proxy to be choosing the server in the first place.



___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Matthew Seaman
On 02/11/2013 01:55, Eric van Gyzen wrote:
 This kind of proxy configuration is not uncommon.  It would be awesome
 if this would Just Work.  It would remove an impediment to adoption,
 which is especially important in the kind of environments that have this
 kind of proxy configuration.
 
 Simply adding the mirrors' A (and ) records to pkg.freebsd.org might
 suffice.

You seem hung up on the idea that pkg.freebsd.org should resolve to a
list of IP addresses.  It doesn't and for very good reasons.
Admittedly, using eg. 'http://' as the URL scheme for PACKAGESITE URLs
was an error -- it contravenes RFC 2616 -- which is why we will be
switching to a new 'pkg+http://' (or 'pkg+https://', 'pkg+ftp://', etc.)
set of URL schemes with pkg-1.2.x

There certainly are all of the necessary A and  records in the DNS
for the real servers that host the repositories.

If I understand what you're complaining about is that you see behavious
like the following:

   * You download package foo-1.2.3.txz from pkg.freebsd.org

   * Internally, that gets resolved to an HTTP request to eg.
 pkg0.isc.freebsd.org

   * Your web proxy caches this package

   * On another host, you also want to download foo-1.2.3.txz

   * This time the SRV record gets resolved to a different mirror,
 say pkg1.nyi.freebsd.org

   * Your proxy has no way of knowing that foo-1.2.3.txz from pkg1.nyi
 is exactly the same file as foo-1.2.3.txz from pkg0.isc so it
 downloads the whole package all over again.

Yes, this is certainly undesirable behaviour.  I need to run some tests
to determine if this is actually what does happen in practice.  If so,
I've an idea about how this problem might be addressed, but it will
require some changes to the repository configuration.

In the mean time, I suggest just choosing which ever of the
pkg.freebsd.org repositories is closest to you and using it directly -- eg.

cat EOF  /usr/local/etc/pkg/repos/myrepo.conf
pkg0.isc {
url: http://pkg0.isc.freebsd.org/${ABI}/latest
enabled: yes
mirror_type: none
}
EOF

Obviously, substitute which ever one of

   pkg0.isc.freebsd.org   (US West)
   pkg1.nyi.freebsd.org   (US East)
   pkg0.bme.freebsd.org   (Europe)

is appropriate.  And be prepared to deal with that specific mirror being
down or replaced by some other server.

 Alternatively, running an HTTP-redirection service on a host named
 pkg.freebsd.org would offer as much flexibility as the SRV records, if
 not more.  However, it would require maintenance of yet another central
 service.

This is already supported in pkg when using the HTTP mirror type.  This
would entail significantly more administrative effort and hardware
requirement to maintain and keep consistent in the specific case of
pkg.freebsd.org  which is exactly why the SRV mirror type was selected.

Cheers,

Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Matthias Andree


Matthew Seaman matt...@freebsd.org schrieb:
On 02/11/2013 01:55, Eric van Gyzen wrote:
 This kind of proxy configuration is not uncommon.  It would be
awesome
 if this would Just Work.  It would remove an impediment to adoption,
 which is especially important in the kind of environments that have
this
 kind of proxy configuration.
 
 Simply adding the mirrors' A (and ) records to pkg.freebsd.org
might
 suffice.

You seem hung up on the idea that pkg.freebsd.org should resolve to a
list of IP addresses.  It doesn't and for very good reasons.
Admittedly, using eg. 'http://' as the URL scheme for PACKAGESITE URLs
was an error -- it contravenes RFC 2616 -- which is why we will be
switching to a new 'pkg+http://' (or 'pkg+https://', 'pkg+ftp://',
etc.)
set of URL schemes with pkg-1.2.x

There certainly are all of the necessary A and  records in the DNS
for the real servers that host the repositories.

If I understand what you're complaining about is that you see behavious
like the following:

   * You download package foo-1.2.3.txz from pkg.freebsd.org

   * Internally, that gets resolved to an HTTP request to eg.
 pkg0.isc.freebsd.org

   * Your web proxy caches this package

   * On another host, you also want to download foo-1.2.3.txz

   * This time the SRV record gets resolved to a different mirror,
 say pkg1.nyi.freebsd.org

   * Your proxy has no way of knowing that foo-1.2.3.txz from pkg1.nyi
 is exactly the same file as foo-1.2.3.txz from pkg0.isc so it
 downloads the whole package all over again.

Yes, this is certainly undesirable behaviour.  I need to run some tests
to determine if this is actually what does happen in practice.  If so,
I've an idea about how this problem might be addressed, but it will
require some changes to the repository configuration.

In the mean time, I suggest just choosing which ever of the
pkg.freebsd.org repositories is closest to you and using it directly --
eg.

cat EOF  /usr/local/etc/pkg/repos/myrepo.conf
pkg0.isc {
url: http://pkg0.isc.freebsd.org/${ABI}/latest
enabled: yes
mirror_type: none
}
EOF

Obviously, substitute which ever one of

   pkg0.isc.freebsd.org   (US West)
   pkg1.nyi.freebsd.org   (US East)
   pkg0.bme.freebsd.org   (Europe)

is appropriate.  And be prepared to deal with that specific mirror
being
down or replaced by some other server.

 Alternatively, running an HTTP-redirection service on a host named
 pkg.freebsd.org would offer as much flexibility as the SRV records,
if
 not more.  However, it would require maintenance of yet another
central
 service.

This is already supported in pkg when using the HTTP mirror type.  This
would entail significantly more administrative effort and hardware
requirement to maintain and keep consistent in the specific case of
pkg.freebsd.org  which is exactly why the SRV mirror type was selected.

   Cheers,

   Matthew


-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey

I understand from Eric's pist that the issue is that through his limiting 
proxies, the SRV are not available at all so he does not even get to the point 
where he could get the pkgN.nyi.freebsd.org name back.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Matthew Seaman
On 02/11/2013 10:15, Matthias Andree wrote:
 I understand from Eric's pist that the issue is that through his
 limiting proxies, the SRV are not available at all so he does not even
 get to the point where he could get the pkgN.nyi.freebsd.org
 http://pkgN.nyi.freebsd.org name back.

That doesn't make sense.  All the DNS SRV lookups on pkg.freebsd.org are
done internally to pkg(8), which then issues an HTTP GET to the specific
mirror selected by its internal algorithms.  The web cache won't see
literal 'pkg.freebsd.org' anywhere in the HTTP traffic -- as far as it
is concerned, it's a simple HTTP request to a specific mirror
'pkg1.nyi.freebsd.org', and can be cached using the usual processes.

What makes it cache unfriendly is that as far as the web cache is
concerned each of the different mirrors appears to be completely
independent of the others.  So at the moment the chance of getting a
cache hit is reduced by a factor of three because of the traffic
distribution across the three mirrors.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Matthew Seaman
On 02/11/2013 11:37, Kurt Jaeger wrote:
 Hi!
 
 On 02/11/2013 10:15, Matthias Andree wrote:
 I understand from Eric's pist that the issue is that through his
 limiting proxies, the SRV are not available at all so he does not even
 get to the point where he could get the pkgN.nyi.freebsd.org
 http://pkgN.nyi.freebsd.org name back.

 That doesn't make sense.  All the DNS SRV lookups on pkg.freebsd.org are
 done internally to pkg(8),
 
 ... which only works, if the DNS server queried answers SRV queries
 with SRV values.
 
 Which is not always true, especially in heavily firewalled environments.

I feel no obligation to do anything to encourage people that
deliberately break the DNS.  They've made their bed, and now they have
to lie in it.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Eric van Gyzen

On 11/02/2013 07:28 AM, Matthew Seaman wrote:

On 02/11/2013 11:37, Kurt Jaeger wrote:

Hi!


On 02/11/2013 10:15, Matthias Andree wrote:

I understand from Eric's pist that the issue is that through his
limiting proxies, the SRV are not available at all so he does not even
get to the point where he could get the pkgN.nyi.freebsd.org
http://pkgN.nyi.freebsd.org name back.


That doesn't make sense.  All the DNS SRV lookups on pkg.freebsd.org are
done internally to pkg(8),


... which only works, if the DNS server queried answers SRV queries
with SRV values.

Which is not always true, especially in heavily firewalled environments.


I feel no obligation to do anything to encourage people that
deliberately break the DNS.  They've made their bed, and now they have
to lie in it.


Eric Camachat didn't break the DNS:  his network administrator did. 
Matthew, you're right:  that doesn't make sense.  But people do it, 
often for security, either real or perceived.  In this kind of 
environment, many other things are typically equally broken.  I imagine 
Eric needs all the encouragement he can get.


Yes, he can reconfigure pkg to use a specific mirror.  I only suggest 
that it could be made to work without that manual step (and the research 
necessary to determine that step).


Lest anyone think I'm complaining:  I am very impressed with pkg, and I 
appreciate all the technical and non-technical effort that Bryan, 
Baptiste, and many others spent on making it real.  Instead of a 
complaint, consider this a feature request.  That is, after all, the 
expected response to a feature announcement.  :)


Eric (van Gyzen)
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Kurt Jaeger
Hi!

 On 02/11/2013 10:15, Matthias Andree wrote:
  I understand from Eric's pist that the issue is that through his
  limiting proxies, the SRV are not available at all so he does not even
  get to the point where he could get the pkgN.nyi.freebsd.org
  http://pkgN.nyi.freebsd.org name back.
 
 That doesn't make sense.  All the DNS SRV lookups on pkg.freebsd.org are
 done internally to pkg(8),

... which only works, if the DNS server queried answers SRV queries
with SRV values.

Which is not always true, especially in heavily firewalled environments.

-- 
p...@opsec.eu+49 171 3101372 7 years to go !
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Bernhard Fröhlich
Am 02.11.2013 11:51 schrieb Matthew Seaman matt...@freebsd.org:

 On 02/11/2013 10:15, Matthias Andree wrote:
  I understand from Eric's pist that the issue is that through his
  limiting proxies, the SRV are not available at all so he does not even
  get to the point where he could get the pkgN.nyi.freebsd.org
  http://pkgN.nyi.freebsd.org name back.

 That doesn't make sense.  All the DNS SRV lookups on pkg.freebsd.org are
 done internally to pkg(8), which then issues an HTTP GET to the specific
 mirror selected by its internal algorithms.  The web cache won't see
 literal 'pkg.freebsd.org' anywhere in the HTTP traffic -- as far as it
 is concerned, it's a simple HTTP request to a specific mirror
 'pkg1.nyi.freebsd.org', and can be cached using the usual processes.

 What makes it cache unfriendly is that as far as the web cache is
 concerned each of the different mirrors appears to be completely
 independent of the others.  So at the moment the chance of getting a
 cache hit is reduced by a factor of three because of the traffic
 distribution across the three mirrors.

Just to add another viewpoint. The redports backendmachines are put into an
IPv6 private address space without default router and without a dns server.
The only internet connection that they have is via an squid proxy.
This setup works fine now that libfetch supports http proxies also for
https urls. This all works based on the assumption that no direct dns
lookups are required on the machines itself but all dns stuff is done on
the proxy.

Your description makes me believe that this won't work for pkgng. So it's
not that people in the real world break their network setups but we also
use that in our own FreeBSD infrastructure.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Walter Hurry
On Sat, 02 Nov 2013 09:01:56 -0500, Eric van Gyzen wrote:

 On 11/02/2013 07:28 AM, Matthew Seaman wrote:

 I feel no obligation to do anything to encourage people that
 deliberately break the DNS.  They've made their bed, and now they have
 to lie in it.
 
 Eric Camachat didn't break the DNS:  his network administrator did.
 Matthew, you're right:  that doesn't make sense.  But people do it,
 often for security, either real or perceived.  In this kind of
 environment, many other things are typically equally broken.  I imagine
 Eric needs all the encouragement he can get.
 
When Matthew mentioned people that deliberately break the DNS, I don't 
think he meant Eric personally; I think he was referring to Eric's 
*organisation*.


___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Adrian Chadd
On 2 November 2013 05:28, Matthew Seaman matt...@freebsd.org wrote:

 I feel no obligation to do anything to encourage people that
 deliberately break the DNS.  They've made their bed, and now they have
 to lie in it.


Holy, holy crap.

* We (as FreeBSD) are not big enough to dictate the direction that
technology takes. In this instance, the direction that DNS SRV
adoption should be;
* This design is inherently not cachable, and as you add more CDN
nodes, it will become less cachable;
* And as far as I know, you haven't approached any cache vendors (eg
Squid) which may have the infrastructure to _handle_ this (which
Squid-2.x does, and I think Squid-3.x should be growing soon if it
hasn't already.)



You've removed the possibility of _standards_ and _well accepted_ HTTP
caching techniques without also deploying technology extensions in
popular open source projects to cope. You're using a DNS feature which
isn't well adopted/supported and you haven't provided a fallback
legacy, well tested path.

In short, you've taken the least supported paths, glued it into the
least HTTP caching scalable paths and not created a suitable fallback.

I hate to say it, but pushing the CDN logic into pkgng is a cute but
stupid idea for this deployment.

Please reconsider this choice before it becomes more widely deployed
and you/others have moved onto other things, leaving it to others to
clean up.



-adrian
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Mark Felder

On Nov 2, 2013, at 11:54 AM, Adrian Chadd adr...@freebsd.org wrote:

 You're using a DNS feature which
 isn't well adopted/supported and you haven't provided a fallback
 legacy, well tested path.

But SRV has been widely deployed since… before 2000? It’s literally the 
backbone of Active Directory deployments. Here’s a list of things that his 
company’s network design probably breaks:

* Office 365 (cloud Exchange hosting by Microsoft; requires you use SRV records 
to get your company’s clients pointed to their cloud infrastructure)
* LDAP
* SIP
* XMPP
* CALDAV / CARDDAV
* SMTP, IMAP, and POP clients should also obey published SRV records. Not sure 
how many clients really do, though.
* Teamspeak 3 doesn’t force you to use SRV, but you can use only SRV records
* Minecraft
* Last I knew IRCv4 specs are slated to include SRV as a core feature

I can’t speak for the caching issues, but SRV is pretty active and only getting 
more popular because things like “round robin DNS” are a horrible, ugly, 
unreliable hack and things like Anycast or Geo-DNS isn’t always feasible.

-0.02c
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Matthias Andree
Am 02.11.2013 11:50, schrieb Matthew Seaman:
 On 02/11/2013 10:15, Matthias Andree wrote:
 I understand from Eric's pist that the issue is that through his
 limiting proxies, the SRV are not available at all so he does not even
 get to the point where he could get the pkgN.nyi.freebsd.org
 http://pkgN.nyi.freebsd.org name back.
 
 That doesn't make sense.  All the DNS SRV lookups on pkg.freebsd.org are
 done internally to pkg(8), which then issues an HTTP GET to the specific
 mirror selected by its internal algorithms.  The web cache won't see
 literal 'pkg.freebsd.org' anywhere in the HTTP traffic -- as far as it
 is concerned, it's a simple HTTP request to a specific mirror
 'pkg1.nyi.freebsd.org', and can be cached using the usual processes.
 
 What makes it cache unfriendly is that as far as the web cache is
 concerned each of the different mirrors appears to be completely
 independent of the others.  So at the moment the chance of getting a
 cache hit is reduced by a factor of three because of the traffic
 distribution across the three mirrors.

I think it does make sense - if the end user is behind a site where he
must use a proxy because his end user's computer does not resolve any
external addresses, then SRV is not getting you anywhere and you need a
HTTP(S)-based redirector.

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Adrian Chadd
On 2 November 2013 10:44, Mark Felder f...@freebsd.org wrote:

 But SRV has been widely deployed since… before 2000? It’s literally the 
 backbone of Active Directory deployments. Here’s a list of things that his 
 company’s network design probably breaks:

 * Office 365 (cloud Exchange hosting by Microsoft; requires you use SRV 
 records to get your company’s clients pointed to their cloud infrastructure)
 * LDAP
 * SIP
 * XMPP
 * CALDAV / CARDDAV
 * SMTP, IMAP, and POP clients should also obey published SRV records. Not 
 sure how many clients really do, though.
 * Teamspeak 3 doesn’t force you to use SRV, but you can use only SRV records
 * Minecraft
 * Last I knew IRCv4 specs are slated to include SRV as a core feature

Wonderful.

 I can’t speak for the caching issues, but SRV is pretty active and only 
 getting more popular because things like “round robin DNS” are a horrible, 
 ugly, unreliable hack and things like Anycast or Geo-DNS isn’t always 
 feasible.

I can speak for the caching issues. It's a non-starter.

I'd rather see patches to Squid and such that support more automated
SRV handling (if it doesn't already do it; I haven't checked lately!)
and make things work correctly with caching. With a fallback, of
course, to A records.

A lot of HTTP infrastructure lives on anycast DNS, HTTP redirects and
geoip records. Saying it's broken and not feasible is nonsense.

Also - all you have to do is require all the servers in your farm to
handle requests for 'pkg.freebsd.org' rather than
'somethinguniqueperhost.freebsd.org' and then teach pkgng to actually
issue requests for that, and caching will mostly just work again.
Right now you're having SRV return a set of named aliases to issue
requests to and this set of hostnames is what's breaking effective
caching.

Sheesh!



-adrian
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-02 Thread Mark Felder

On Nov 2, 2013, at 3:27 PM, Adrian Chadd adr...@freebsd.org wrote:

 A lot of HTTP infrastructure lives on anycast DNS, HTTP redirects and
 geoip records. Saying it's broken and not feasible is nonsense.

More specifically what I was referring to was the fact that traditionally HTTP 
failover with round-robin A records is very unreliable; every client can act 
differently. You really need to be doing anycast as well to ensure those 
records are always available which adds additional architecture complexity that 
the project may not have the resources to throw at. GeoDNS also adds a layer of 
complexity, but as it turns out there are members of the project with extensive 
experience running it. SRV would give us very simple, cheap, reliable failover. 
It seems we do have some blockers, though.

The good news is that we fully control the client. Hopefully we can just work 
around these issues.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-11-01 Thread Eric van Gyzen

On 10/31/2013 05:21 PM, Freddie Cash wrote:

tried pkg.freebsd.org it got below.
Our DNS server can resolve proxy server only.
Only proxy server can resolve internet sites, this is how our company force
all traffic went through proxy server.

Eric

Network Error (dns_server_failure)

   Your request could not be processed because an error occurred contacting
the DNS server.   The DNS server may be temporarily unavailable, or there
could be a network problem.
If problem persists, please open a ticket with Motorola help desk; and copy
and paste this page in ticket.

Date/Time: 2013-10-31 22:11:37 Request: GEThttp://pkg.freebsd.org/  Error:
(dns_server_failure) Proxy Name:proxy
Proxy IP: xxx.xxx.xxx.xxx Client IP: zzz.zzz.zzz.zzz
Referer URL:


​So, then manually specific a specific pkg mirror and by-pass the DNS SRV
record resolution step.​


This kind of proxy configuration is not uncommon.  It would be awesome 
if this would Just Work.  It would remove an impediment to adoption, 
which is especially important in the kind of environments that have this 
kind of proxy configuration.


Simply adding the mirrors' A (and ) records to pkg.freebsd.org might 
suffice.


Alternatively, running an HTTP-redirection service on a host named 
pkg.freebsd.org would offer as much flexibility as the SRV records, if 
not more.  However, it would require maintenance of yet another central 
service.


Eric
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Eric Camachat
It doesn't work with our (microsoft) proxy server, see below.

root@basay:/usr/local/etc/pkg/repos # pkg update -f
Updating repository catalogue
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: Service
Unavailable
pkg: No digest falling back on legacy catalog format
pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz: Service
Unavailable
root@basay:/usr/local/etc/pkg/repos #

Eric


On Wed, Oct 30, 2013 at 7:10 PM, Bryan Drewery bdrew...@freebsd.org wrote:

 We are pleased to announce that official binary packages are now
 available for pkg, the next generation package management tool for FreeBSD.

 Pkg allows you to either use ports with portmaster/portupgrade or to
 have binary remote packages without ports.

 We have binary packages available for i386 and amd64 on
 8.3,8.4,9.1,9.2,10.0 and 11 (head).

 Pkg will be the default starting in FreeBSD 10.

 The pkg_install suite of tools pkg_create(1), pkg_add(1), and
 pkg_info(1) (which ports also use), are deprecated and will be
 discontinued in roughly 6 months. A communication regarding the
 deprecation of the pkg_install suite of tools will be sent separately in
 the future.

 If you are currently not using pkg and wish to, run the following as
 root. Be sure not to add WITH_PKGNG=yes to your make.conf until after
 pkg is installed.

   # cd /usr/ports/ports-mgmt/pkg  make install clean
   # echo WITH_PKGNG=yes  /etc/make.conf
   # pkg2ng

 You can now either continue to use ports with portmaster/portupgrade, as
 before or switch to using binary packages only.


 To use binary packages:

 1. Ensure your pkg(8) is up-to-date. 'pkg -v' should say at least
1.1.4_8. If it does not, first upgrade from ports.
 2. Remove any repository-specific configuration from
/usr/local/etc/pkg.conf, such as PACKAGESITE, MIRROR_TYPE, PUBKEY.
If this leaves your pkg.conf empty, just remove it.
 3. mkdir -p /usr/local/etc/pkg/repos
 4. Create the file /usr/local/etc/pkg/repos/FreeBSD.conf with:
 FreeBSD: {
   url: http://pkg.FreeBSD.org/${ABI}/latest;,
   mirror_type: srv,
   enabled: yes
 }

 * Note that pkg.FreeBSD.org does not have a browsable web page on it and
 does not have a DNS A record. This is intended as it is an SRV host.
 pkg(8) knows how to properly use it. You can use 'pkg search' to browse
 the available packages in the repository.

 Mirrors you may use instead of the global pkg.FreeBSD.org:

 pkg.eu.FreeBSD.org
 pkg.us-east.FreeBSD.org
 pkg.us-west.FreeBSD.org

 Your system is now ready to use packages!

 Refer to the handbook section on pkgng for usage at
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html
 .
 Also see 'man pkg' for examples or 'pkg help'.


 Packages are built weekly from a snapshot of the Ports Collection every
 Wednesday morning 01:00 UTC. They typically will be available in the
 repository after a few days.

 Pkg 1.2 will be released in the coming month which will bring many
 improvements including officially signed packages. FreeBSD 10's pkg
 bootstrap now also supports signed pkg(8) installation.


 Regards,
 Bryan Drewery
 on behalf of portmgr@


 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org

___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Allan Jude

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
On 2013-10-31 16:47, Eric Camachat wrote:
 It doesn't work with our (microsoft) proxy server, see below.

 root@basay:/usr/local/etc/pkg/repos # pkg update -f
 Updating repository catalogue
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: Service
 Unavailable
 pkg: No digest falling back on legacy catalog format
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz: Service
 Unavailable
 root@basay:/usr/local/etc/pkg/repos #

 Eric


 On Wed, Oct 30, 2013 at 7:10 PM, Bryan Drewery bdrew...@freebsd.org
wrote:

 We are pleased to announce that official binary packages are now
 available for pkg, the next generation package management tool for
FreeBSD.

 Pkg allows you to either use ports with portmaster/portupgrade or to
 have binary remote packages without ports.

 We have binary packages available for i386 and amd64 on
 8.3,8.4,9.1,9.2,10.0 and 11 (head).

 Pkg will be the default starting in FreeBSD 10.

 The pkg_install suite of tools pkg_create(1), pkg_add(1), and
 pkg_info(1) (which ports also use), are deprecated and will be
 discontinued in roughly 6 months. A communication regarding the
 deprecation of the pkg_install suite of tools will be sent separately in
 the future.

 If you are currently not using pkg and wish to, run the following as
 root. Be sure not to add WITH_PKGNG=yes to your make.conf until after
 pkg is installed.

   # cd /usr/ports/ports-mgmt/pkg  make install clean
   # echo WITH_PKGNG=yes  /etc/make.conf
   # pkg2ng

 You can now either continue to use ports with portmaster/portupgrade, as
 before or switch to using binary packages only.


 To use binary packages:

 1. Ensure your pkg(8) is up-to-date. 'pkg -v' should say at least
1.1.4_8. If it does not, first upgrade from ports.
 2. Remove any repository-specific configuration from
/usr/local/etc/pkg.conf, such as PACKAGESITE, MIRROR_TYPE, PUBKEY.
If this leaves your pkg.conf empty, just remove it.
 3. mkdir -p /usr/local/etc/pkg/repos
 4. Create the file /usr/local/etc/pkg/repos/FreeBSD.conf with:
 FreeBSD: {
   url: http://pkg.FreeBSD.org/${ABI}/latest;,
   mirror_type: srv,
   enabled: yes
 }

 * Note that pkg.FreeBSD.org does not have a browsable web page on it and
 does not have a DNS A record. This is intended as it is an SRV host.
 pkg(8) knows how to properly use it. You can use 'pkg search' to browse
 the available packages in the repository.

 Mirrors you may use instead of the global pkg.FreeBSD.org:

 pkg.eu.FreeBSD.org
 pkg.us-east.FreeBSD.org
 pkg.us-west.FreeBSD.org

 Your system is now ready to use packages!

 Refer to the handbook section on pkgng for usage at

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html
 .
 Also see 'man pkg' for examples or 'pkg help'.


 Packages are built weekly from a snapshot of the Ports Collection every
 Wednesday morning 01:00 UTC. They typically will be available in the
 repository after a few days.

 Pkg 1.2 will be released in the coming month which will bring many
 improvements including officially signed packages. FreeBSD 10's pkg
 bootstrap now also supports signed pkg(8) installation.


 Regards,
 Bryan Drewery
 on behalf of portmgr@


 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to
freebsd-current-unsubscr...@freebsd.org

 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
I am guessing the proxy passes the full HTTP request, without doing the
SRV lookup, and then can't find the A record.

I wonder if the http+pkg:// protocol can solve this, likely will require
a patch to fetch to implement the logic to do the dns lookup and make
the proxies request for the real hostname

- -- 
Allan Jude
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
iQIcBAEBAgAGBQJScsXlAAoJEJrBFpNRJZKfvGUP/juCxjR30BPycq1wsPg/p1X9
oVorgOaFYYEo5Wg13J2UNj0vkOcFjl9hIdjKh3NmzTP9VOEbJPX4/WSFJOLdxsO+
FFmmYoPywQUnfyAgIJiWbFokL4JptDduvAO98oRm+DHUtTS1yMm4bnGt+Rkt4uuH
km6doAh79QuOEduTCA7Q2NLQxU2j1BFQ8dcGxMjtFbGm+o3QJX5/eToQdtCH6p/S
tQ2JnfCdV34gl1S8S7RrxxPqU9P5iKy65/w3B2L/DPd4NCJTJmge9C2uUIHMG/oE
+OK2ti/ya6u4WBxAJaPckCmSa72hOSp9aqTjztrhD7S2b9K3kdkMUKj9kTNViiAe
D6XW+glcu/H9W2ruWzQLAJMpjfPF1I+4anufbVvKhu++ENEpV5LUEgx+Iyp5thuY
ifNptmUXeoQiDHNUfrqlaT31yejY0nhlY2nGqmlnPNjLCMLo99RY5H9nPWUu/J4d
5Z0zuhT+WDjFR8t+WhXWGdIBlPvuk1Uqk+yGXKN5qIdp/J3Cs9U5Lgo4biXZP7nR
7iTNsRt4GpCTBB5fAzqSanezZGA2ekD/D9lDVwGnudXhVArKlPrCadiCbQQSkhgY
CZYQ96Tp39YV9i2J98/HhEtxWZQt9ibC/zSOHu142d89V1n0Ud/vLVc7eE256pW1
Ce3QQJRlg6rUVQuSWtf/
=cv2E
-END PGP SIGNATURE-

___
freebsd-current@freebsd.org 

Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Adrian Chadd
... I still think the SRV record stuff is a bad idea.

Well, I think it's a great idea - because I plan on supporting it in
the next HTTP thing I write - but not having an A record is going to
continue to bite things.

Also, http+pkg:// isn't a defined protocol either and some strict
proxies may actually reject it. You should go back to the http://
protocol.


-adrian

(with his HTTP hat on..)


On 31 October 2013 14:04, Allan Jude free...@allanjude.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 2013-10-31 16:47, Eric Camachat wrote:
 It doesn't work with our (microsoft) proxy server, see below.

 root@basay:/usr/local/etc/pkg/repos # pkg update -f
 Updating repository catalogue
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: Service
 Unavailable
 pkg: No digest falling back on legacy catalog format
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz: Service
 Unavailable
 root@basay:/usr/local/etc/pkg/repos #

 Eric


 On Wed, Oct 30, 2013 at 7:10 PM, Bryan Drewery bdrew...@freebsd.org
 wrote:

 We are pleased to announce that official binary packages are now
 available for pkg, the next generation package management tool for
 FreeBSD.

 Pkg allows you to either use ports with portmaster/portupgrade or to
 have binary remote packages without ports.

 We have binary packages available for i386 and amd64 on
 8.3,8.4,9.1,9.2,10.0 and 11 (head).

 Pkg will be the default starting in FreeBSD 10.

 The pkg_install suite of tools pkg_create(1), pkg_add(1), and
 pkg_info(1) (which ports also use), are deprecated and will be
 discontinued in roughly 6 months. A communication regarding the
 deprecation of the pkg_install suite of tools will be sent separately in
 the future.

 If you are currently not using pkg and wish to, run the following as
 root. Be sure not to add WITH_PKGNG=yes to your make.conf until after
 pkg is installed.

   # cd /usr/ports/ports-mgmt/pkg  make install clean
   # echo WITH_PKGNG=yes  /etc/make.conf
   # pkg2ng

 You can now either continue to use ports with portmaster/portupgrade, as
 before or switch to using binary packages only.


 To use binary packages:

 1. Ensure your pkg(8) is up-to-date. 'pkg -v' should say at least
1.1.4_8. If it does not, first upgrade from ports.
 2. Remove any repository-specific configuration from
/usr/local/etc/pkg.conf, such as PACKAGESITE, MIRROR_TYPE, PUBKEY.
If this leaves your pkg.conf empty, just remove it.
 3. mkdir -p /usr/local/etc/pkg/repos
 4. Create the file /usr/local/etc/pkg/repos/FreeBSD.conf with:
 FreeBSD: {
   url: http://pkg.FreeBSD.org/${ABI}/latest;,
   mirror_type: srv,
   enabled: yes
 }

 * Note that pkg.FreeBSD.org does not have a browsable web page on it and
 does not have a DNS A record. This is intended as it is an SRV host.
 pkg(8) knows how to properly use it. You can use 'pkg search' to browse
 the available packages in the repository.

 Mirrors you may use instead of the global pkg.FreeBSD.org:

 pkg.eu.FreeBSD.org
 pkg.us-east.FreeBSD.org
 pkg.us-west.FreeBSD.org

 Your system is now ready to use packages!

 Refer to the handbook section on pkgng for usage at

 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html
 .
 Also see 'man pkg' for examples or 'pkg help'.


 Packages are built weekly from a snapshot of the Ports Collection every
 Wednesday morning 01:00 UTC. They typically will be available in the
 repository after a few days.

 Pkg 1.2 will be released in the coming month which will bring many
 improvements including officially signed packages. FreeBSD 10's pkg
 bootstrap now also supports signed pkg(8) installation.


 Regards,
 Bryan Drewery
 on behalf of portmgr@


 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to
 freebsd-current-unsubscr...@freebsd.org

 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
 I am guessing the proxy passes the full HTTP request, without doing the
 SRV lookup, and then can't find the A record.

 I wonder if the http+pkg:// protocol can solve this, likely will require
 a patch to fetch to implement the logic to do the dns lookup and make
 the proxies request for the real hostname

 - --
 Allan Jude
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.16 (MingW32)
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBAgAGBQJScsXlAAoJEJrBFpNRJZKfvGUP/juCxjR30BPycq1wsPg/p1X9
 oVorgOaFYYEo5Wg13J2UNj0vkOcFjl9hIdjKh3NmzTP9VOEbJPX4/WSFJOLdxsO+
 FFmmYoPywQUnfyAgIJiWbFokL4JptDduvAO98oRm+DHUtTS1yMm4bnGt+Rkt4uuH
 km6doAh79QuOEduTCA7Q2NLQxU2j1BFQ8dcGxMjtFbGm+o3QJX5/eToQdtCH6p/S
 tQ2JnfCdV34gl1S8S7RrxxPqU9P5iKy65/w3B2L/DPd4NCJTJmge9C2uUIHMG/oE
 

Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Bryan Drewery
On 10/31/2013 4:06 PM, Adrian Chadd wrote:
 ... I still think the SRV record stuff is a bad idea.
 
 Well, I think it's a great idea - because I plan on supporting it in
 the next HTTP thing I write - but not having an A record is going to
 continue to bite things.

I don't like it either, it's not up to portmgr.

 
 Also, http+pkg:// isn't a defined protocol either and some strict
 proxies may actually reject it. You should go back to the http://
 protocol.

It's not real. It's a client-side thing only. The pkg+ is stripped
away before the fetch. It's only intended to make people realize they
can't just drop it into firefox and hit enter.

1.2 adds support for it which is coming soon, but it doesn't really
change much.

 
 
 -adrian
 
 (with his HTTP hat on..)
 
 
 On 31 October 2013 14:04, Allan Jude free...@allanjude.com wrote:

 On 2013-10-31 16:47, Eric Camachat wrote:
 It doesn't work with our (microsoft) proxy server, see below.

 root@basay:/usr/local/etc/pkg/repos # pkg update -f
 Updating repository catalogue
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: Service
 Unavailable
 pkg: No digest falling back on legacy catalog format
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz: Service
 Unavailable
 root@basay:/usr/local/etc/pkg/repos #

 Eric


 On Wed, Oct 30, 2013 at 7:10 PM, Bryan Drewery bdrew...@freebsd.org
 wrote:

 We are pleased to announce that official binary packages are now
 available for pkg, the next generation package management tool for
 FreeBSD.

 Pkg allows you to either use ports with portmaster/portupgrade or to
 have binary remote packages without ports.

 We have binary packages available for i386 and amd64 on
 8.3,8.4,9.1,9.2,10.0 and 11 (head).

 Pkg will be the default starting in FreeBSD 10.

 The pkg_install suite of tools pkg_create(1), pkg_add(1), and
 pkg_info(1) (which ports also use), are deprecated and will be
 discontinued in roughly 6 months. A communication regarding the
 deprecation of the pkg_install suite of tools will be sent separately in
 the future.

 If you are currently not using pkg and wish to, run the following as
 root. Be sure not to add WITH_PKGNG=yes to your make.conf until after
 pkg is installed.

   # cd /usr/ports/ports-mgmt/pkg  make install clean
   # echo WITH_PKGNG=yes  /etc/make.conf
   # pkg2ng

 You can now either continue to use ports with portmaster/portupgrade, as
 before or switch to using binary packages only.


 To use binary packages:

 1. Ensure your pkg(8) is up-to-date. 'pkg -v' should say at least
1.1.4_8. If it does not, first upgrade from ports.
 2. Remove any repository-specific configuration from
/usr/local/etc/pkg.conf, such as PACKAGESITE, MIRROR_TYPE, PUBKEY.
If this leaves your pkg.conf empty, just remove it.
 3. mkdir -p /usr/local/etc/pkg/repos
 4. Create the file /usr/local/etc/pkg/repos/FreeBSD.conf with:
 FreeBSD: {
   url: http://pkg.FreeBSD.org/${ABI}/latest;,
   mirror_type: srv,
   enabled: yes
 }

 * Note that pkg.FreeBSD.org does not have a browsable web page on it and
 does not have a DNS A record. This is intended as it is an SRV host.
 pkg(8) knows how to properly use it. You can use 'pkg search' to browse
 the available packages in the repository.

 Mirrors you may use instead of the global pkg.FreeBSD.org:

 pkg.eu.FreeBSD.org
 pkg.us-east.FreeBSD.org
 pkg.us-west.FreeBSD.org

 Your system is now ready to use packages!

 Refer to the handbook section on pkgng for usage at

 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html
 .
 Also see 'man pkg' for examples or 'pkg help'.


 Packages are built weekly from a snapshot of the Ports Collection every
 Wednesday morning 01:00 UTC. They typically will be available in the
 repository after a few days.

 Pkg 1.2 will be released in the coming month which will bring many
 improvements including officially signed packages. FreeBSD 10's pkg
 bootstrap now also supports signed pkg(8) installation.


 Regards,
 Bryan Drewery
 on behalf of portmgr@


 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to
 freebsd-current-unsubscr...@freebsd.org

 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
 I am guessing the proxy passes the full HTTP request, without doing the
 SRV lookup, and then can't find the A record.
 
 I wonder if the http+pkg:// protocol can solve this, likely will require
 a patch to fetch to implement the logic to do the dns lookup and make
 the proxies request for the real hostname
 

 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to 

Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Eric Camachat
Same result, neither pkg+http:// nor http+pkg:// worked with proxy server.

Eric


On Thu, Oct 31, 2013 at 2:09 PM, Bryan Drewery bdrew...@freebsd.org wrote:

 On 10/31/2013 4:06 PM, Adrian Chadd wrote:
  ... I still think the SRV record stuff is a bad idea.
 
  Well, I think it's a great idea - because I plan on supporting it in
  the next HTTP thing I write - but not having an A record is going to
  continue to bite things.

 I don't like it either, it's not up to portmgr.

 
  Also, http+pkg:// isn't a defined protocol either and some strict
  proxies may actually reject it. You should go back to the http://
  protocol.

 It's not real. It's a client-side thing only. The pkg+ is stripped
 away before the fetch. It's only intended to make people realize they
 can't just drop it into firefox and hit enter.

 1.2 adds support for it which is coming soon, but it doesn't really
 change much.

 
 
  -adrian
 
  (with his HTTP hat on..)
 
 
  On 31 October 2013 14:04, Allan Jude free...@allanjude.com wrote:
 
  On 2013-10-31 16:47, Eric Camachat wrote:
  It doesn't work with our (microsoft) proxy server, see below.
 
  root@basay:/usr/local/etc/pkg/repos # pkg update -f
  Updating repository catalogue
  pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz:
 Service
  Unavailable
  pkg: No digest falling back on legacy catalog format
  pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz:
 Service
  Unavailable
  root@basay:/usr/local/etc/pkg/repos #
 
  Eric
 
 
  On Wed, Oct 30, 2013 at 7:10 PM, Bryan Drewery bdrew...@freebsd.org
  wrote:
 
  We are pleased to announce that official binary packages are now
  available for pkg, the next generation package management tool for
  FreeBSD.
 
  Pkg allows you to either use ports with portmaster/portupgrade or to
  have binary remote packages without ports.
 
  We have binary packages available for i386 and amd64 on
  8.3,8.4,9.1,9.2,10.0 and 11 (head).
 
  Pkg will be the default starting in FreeBSD 10.
 
  The pkg_install suite of tools pkg_create(1), pkg_add(1), and
  pkg_info(1) (which ports also use), are deprecated and will be
  discontinued in roughly 6 months. A communication regarding the
  deprecation of the pkg_install suite of tools will be sent
 separately in
  the future.
 
  If you are currently not using pkg and wish to, run the following as
  root. Be sure not to add WITH_PKGNG=yes to your make.conf until after
  pkg is installed.
 
# cd /usr/ports/ports-mgmt/pkg  make install clean
# echo WITH_PKGNG=yes  /etc/make.conf
# pkg2ng
 
  You can now either continue to use ports with
 portmaster/portupgrade, as
  before or switch to using binary packages only.
 
 
  To use binary packages:
 
  1. Ensure your pkg(8) is up-to-date. 'pkg -v' should say at least
 1.1.4_8. If it does not, first upgrade from ports.
  2. Remove any repository-specific configuration from
 /usr/local/etc/pkg.conf, such as PACKAGESITE, MIRROR_TYPE, PUBKEY.
 If this leaves your pkg.conf empty, just remove it.
  3. mkdir -p /usr/local/etc/pkg/repos
  4. Create the file /usr/local/etc/pkg/repos/FreeBSD.conf with:
  FreeBSD: {
url: http://pkg.FreeBSD.org/${ABI}/latest;,
mirror_type: srv,
enabled: yes
  }
 
  * Note that pkg.FreeBSD.org does not have a browsable web page on
 it and
  does not have a DNS A record. This is intended as it is an SRV host.
  pkg(8) knows how to properly use it. You can use 'pkg search' to
 browse
  the available packages in the repository.
 
  Mirrors you may use instead of the global pkg.FreeBSD.org:
 
  pkg.eu.FreeBSD.org
  pkg.us-east.FreeBSD.org
  pkg.us-west.FreeBSD.org
 
  Your system is now ready to use packages!
 
  Refer to the handbook section on pkgng for usage at
 
 
 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html
  .
  Also see 'man pkg' for examples or 'pkg help'.
 
 
  Packages are built weekly from a snapshot of the Ports Collection
 every
  Wednesday morning 01:00 UTC. They typically will be available in the
  repository after a few days.
 
  Pkg 1.2 will be released in the coming month which will bring many
  improvements including officially signed packages. FreeBSD 10's pkg
  bootstrap now also supports signed pkg(8) installation.
 
 
  Regards,
  Bryan Drewery
  on behalf of portmgr@
 
 
  ___
  freebsd-current@freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-current
  To unsubscribe, send any mail to
  freebsd-current-unsubscr...@freebsd.org
 
  ___
  freebsd-current@freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-current
  To unsubscribe, send any mail to 
 freebsd-current-unsubscr...@freebsd.org
  I am guessing the proxy passes the full HTTP request, without doing the
  SRV lookup, and then can't find the A record.
 
  I wonder if the http+pkg:// protocol can solve this, likely will require
  a 

Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Bryan Drewery
On 10/31/2013 4:25 PM, Eric Camachat wrote:
 Same result, neither pkg+http:// nor http+pkg:// worked with proxy server.
 

Top-posting kills babies

pkg+http is NOT supported in 1.1 and as I said, changes nothing.

 Eric
 
 
 On Thu, Oct 31, 2013 at 2:09 PM, Bryan Drewery bdrew...@freebsd.org wrote:
 
 On 10/31/2013 4:06 PM, Adrian Chadd wrote:
 ... I still think the SRV record stuff is a bad idea.

 Well, I think it's a great idea - because I plan on supporting it in
 the next HTTP thing I write - but not having an A record is going to
 continue to bite things.

 I don't like it either, it's not up to portmgr.


 Also, http+pkg:// isn't a defined protocol either and some strict
 proxies may actually reject it. You should go back to the http://
 protocol.

 It's not real. It's a client-side thing only. The pkg+ is stripped
 away before the fetch. It's only intended to make people realize they
 can't just drop it into firefox and hit enter.

 1.2 adds support for it which is coming soon, but it doesn't really
 change much.



 -adrian

 (with his HTTP hat on..)


 On 31 October 2013 14:04, Allan Jude free...@allanjude.com wrote:

 On 2013-10-31 16:47, Eric Camachat wrote:
 It doesn't work with our (microsoft) proxy server, see below.

 root@basay:/usr/local/etc/pkg/repos # pkg update -f
 Updating repository catalogue
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz:
 Service
 Unavailable
 pkg: No digest falling back on legacy catalog format
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz:
 Service
 Unavailable
 root@basay:/usr/local/etc/pkg/repos #

 Eric


 On Wed, Oct 30, 2013 at 7:10 PM, Bryan Drewery bdrew...@freebsd.org
 wrote:

 We are pleased to announce that official binary packages are now
 available for pkg, the next generation package management tool for
 FreeBSD.

 Pkg allows you to either use ports with portmaster/portupgrade or to
 have binary remote packages without ports.

 We have binary packages available for i386 and amd64 on
 8.3,8.4,9.1,9.2,10.0 and 11 (head).

 Pkg will be the default starting in FreeBSD 10.

 The pkg_install suite of tools pkg_create(1), pkg_add(1), and
 pkg_info(1) (which ports also use), are deprecated and will be
 discontinued in roughly 6 months. A communication regarding the
 deprecation of the pkg_install suite of tools will be sent
 separately in
 the future.

 If you are currently not using pkg and wish to, run the following as
 root. Be sure not to add WITH_PKGNG=yes to your make.conf until after
 pkg is installed.

   # cd /usr/ports/ports-mgmt/pkg  make install clean
   # echo WITH_PKGNG=yes  /etc/make.conf
   # pkg2ng

 You can now either continue to use ports with
 portmaster/portupgrade, as
 before or switch to using binary packages only.


 To use binary packages:

 1. Ensure your pkg(8) is up-to-date. 'pkg -v' should say at least
1.1.4_8. If it does not, first upgrade from ports.
 2. Remove any repository-specific configuration from
/usr/local/etc/pkg.conf, such as PACKAGESITE, MIRROR_TYPE, PUBKEY.
If this leaves your pkg.conf empty, just remove it.
 3. mkdir -p /usr/local/etc/pkg/repos
 4. Create the file /usr/local/etc/pkg/repos/FreeBSD.conf with:
 FreeBSD: {
   url: http://pkg.FreeBSD.org/${ABI}/latest;,
   mirror_type: srv,
   enabled: yes
 }

 * Note that pkg.FreeBSD.org does not have a browsable web page on
 it and
 does not have a DNS A record. This is intended as it is an SRV host.
 pkg(8) knows how to properly use it. You can use 'pkg search' to
 browse
 the available packages in the repository.

 Mirrors you may use instead of the global pkg.FreeBSD.org:

 pkg.eu.FreeBSD.org
 pkg.us-east.FreeBSD.org
 pkg.us-west.FreeBSD.org

 Your system is now ready to use packages!

 Refer to the handbook section on pkgng for usage at


 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html
 .
 Also see 'man pkg' for examples or 'pkg help'.


 Packages are built weekly from a snapshot of the Ports Collection
 every
 Wednesday morning 01:00 UTC. They typically will be available in the
 repository after a few days.

 Pkg 1.2 will be released in the coming month which will bring many
 improvements including officially signed packages. FreeBSD 10's pkg
 bootstrap now also supports signed pkg(8) installation.


 Regards,
 Bryan Drewery
 on behalf of portmgr@


 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to
 freebsd-current-unsubscr...@freebsd.org

 ___
 freebsd-current@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-current
 To unsubscribe, send any mail to 
 freebsd-current-unsubscr...@freebsd.org
 I am guessing the proxy passes the full HTTP request, without doing the
 SRV lookup, and then can't find the A record.

 I wonder if the http+pkg:// protocol can solve this, likely 

Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Matthew Seaman
On 31/10/2013 21:04, Allan Jude wrote:
 I wonder if the http+pkg:// protocol can solve this, likely will require
 a patch to fetch to implement the logic to do the dns lookup and make
 the proxies request for the real hostname

It's pkg+http:// or pkg+https:// or pkg+ssh:// or -- well, you get the idea.

pkg+http:// is really exactly the same as the current http://
PACKAGESITE URLs -- the new code pretty much checks that the first four
characters are 'pkg+', moves the string pointer to the following
character (ie the h in http://) and then carries on exactly as it works
right now.  We'll be accepting either form certainly throughout the
lifetime of 1.2.x release, but printing a warning to switch to
pkg+http:// where relevant.

The reason for doing this is that according to RFC 2616 in a URL of the
form http://some.add.ress/ the 'some.add.ress' bit has to be either an A
or a CNAME record that can be resolved to an IP address.  Since we can't
change the meaning of 'http://' in URLs, we've just invented our own URL
scheme.  Once it is in reasonably widespread use it's pretty much going
to be de-facto accepted, and we can apply to ICANN to have the scheme
officially registered.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature


Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Bryan Drewery
On 10/31/2013 3:47 PM, Eric Camachat wrote:
 It doesn't work with our (microsoft) proxy server, see below.
 
 root@basay:/usr/local/etc/pkg/repos # pkg update -f
 Updating repository catalogue
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz: Service
 Unavailable
 pkg: No digest falling back on legacy catalog format
 pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz: Service
 Unavailable
 root@basay:/usr/local/etc/pkg/repos #

I somewhat doubt this is a DNS or SRV issue. The pkg(8) client will do
the DNS lookup and then contact the real server directly. It's more
likely your proxy is just blocking the requests. Perhaps ask your
administrator to add an exception for *.freebsd.org:80 :)

-- 
Regards,
Bryan Drewery



signature.asc
Description: OpenPGP digital signature


Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Matthew Seaman
On 31/10/2013 21:38, Bryan Drewery wrote:
 On 10/31/2013 4:25 PM, Eric Camachat wrote:
  Same result, neither pkg+http:// nor http+pkg:// worked with proxy server.
  
 Top-posting kills babies
 
 pkg+http is NOT supported in 1.1 and as I said, changes nothing.

Also the request that pkg(8) makes after resolving the SRV record is a
bog standard HTTP GET to one of the pkg.freebsd.org servers.  It's using
libfetch, so all the usual environment variables to do with HTTP
proxying should just work.  If you do some traffic capture with eg.
wireshark, you'll be able to see that for yourself, and look at the
details of the HTTP packets.

pkg(8) does take some care to present the modification time of any local
copy of a package it is trying to download thus allowing a web server to
send a 304 'Not Modified' response where relevant.  However there's no
recommendation on what (if any) Expires or Cache-Control headers the
repo's web server should use.  Personally, I just take whatever the
defaults are that come with Apache on my own local repos. Which works
for me just fine, but then again, I don't have any proxying to deal with
in my setup.

If you think that the settings used on the pkg.freebsd.org servers could
be improved, then make your case -- if your arguments have merit, then
I'm sure the server admins will listen.  Note however that this is all
server-side, and not something under the control of your local copy of pkg.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.

PGP: http://www.infracaninophile.co.uk/pgpkey
JID: matt...@infracaninophile.co.uk



signature.asc
Description: OpenPGP digital signature


Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Eric Camachat
browsing www.freebsd.org worked fine.
tried pkg.freebsd.org it got below.
Our DNS server can resolve proxy server only.
Only proxy server can resolve internet sites, this is how our company force
all traffic went through proxy server.

Eric

Network Error (dns_server_failure)

  Your request could not be processed because an error occurred contacting
the DNS server.   The DNS server may be temporarily unavailable, or there
could be a network problem.
If problem persists, please open a ticket with Motorola help desk; and copy
and paste this page in ticket.

Date/Time: 2013-10-3122:11:37 Request: GET http://pkg.freebsd.org/ Error:
(dns_server_failure) Proxy Name:proxy
Proxy IP: xxx.xxx.xxx.xxx Client IP: zzz.zzz.zzz.zzz
Referer URL:



On Thu, Oct 31, 2013 at 2:51 PM, Bryan Drewery bdrew...@freebsd.org wrote:

 On 10/31/2013 3:47 PM, Eric Camachat wrote:
  It doesn't work with our (microsoft) proxy server, see below.
 
  root@basay:/usr/local/etc/pkg/repos # pkg update -f
  Updating repository catalogue
  pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/digests.txz:
 Service
  Unavailable
  pkg: No digest falling back on legacy catalog format
  pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/latest/repo.txz: Service
  Unavailable
  root@basay:/usr/local/etc/pkg/repos #

 I somewhat doubt this is a DNS or SRV issue. The pkg(8) client will do
 the DNS lookup and then contact the real server directly. It's more
 likely your proxy is just blocking the requests. Perhaps ask your
 administrator to add an exception for *.freebsd.org:80 :)

 --
 Regards,
 Bryan Drewery


___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org


Re: Official FreeBSD Binary Packages now available for pkgng

2013-10-31 Thread Freddie Cash
On Thu, Oct 31, 2013 at 3:15 PM, Eric Camachat eric.camac...@gmail.comwrote:

 browsing www.freebsd.org worked fine.
 tried pkg.freebsd.org it got below.
 Our DNS server can resolve proxy server only.
 Only proxy server can resolve internet sites, this is how our company force
 all traffic went through proxy server.

 Eric

 Network Error (dns_server_failure)

   Your request could not be processed because an error occurred contacting
 the DNS server.   The DNS server may be temporarily unavailable, or there
 could be a network problem.
 If problem persists, please open a ticket with Motorola help desk; and copy
 and paste this page in ticket.

 Date/Time: 2013-10-31 22:11:37 Request: GET http://pkg.freebsd.org/ Error:
 (dns_server_failure) Proxy Name:proxy
 Proxy IP: xxx.xxx.xxx.xxx Client IP: zzz.zzz.zzz.zzz
 Referer URL:


​So, then manually specific a specific pkg mirror and by-pass the DNS SRV
record resolution step.​


-- 
Freddie Cash
fjwc...@gmail.com
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org