search

msys2 / MSYS2-packages

Package scripts for MSYS2.
https://packages.msys2.org
BSD 3-Clause "New" or "Revised" License
1.29k stars 486 forks source link

pacman-mirrors #296

Closed jasin closed 8 years ago

jasin commented 9 years ago

Sourceforge seems to be unreliable these days, so when I came looking for updated mirrors on github I was hoping I would be able to avoid SF all together. Nope, the futureware server wants to use SSL and there in lies an issue. 

failed retrieving file 'mingw32.db' from www2.futureware.at : SSL certificate problem: unable to get local issuer certificate

This all started when I accidentally removed my original install. I use ssh to access my server

achadwick commented 9 years ago

I've been using the University of Kent's UK Mirror Service to great effect, but all it is is a mirror of sf. Nevertheless, it can be used for more than just getting the installer: it works as a fallback too:

$ grep mirrorservice.org /etc/pacman.d/mirrorlist.m*
/etc/pacman.d/mirrorlist.mingw32:Server = https://www.mirrorservice.org/sites/downloads.sourceforge.net/m/ms/msys2/REPOS/MINGW/i686
/etc/pacman.d/mirrorlist.mingw64:Server = https://www.mirrorservice.org/sites/downloads.sourceforge.net/m/ms/msys2/REPOS/MINGW/x86_64
/etc/pacman.d/mirrorlist.msys:Server = https://www.mirrorservice.org/sites/downloads.sourceforge.net/m/ms/msys2/REPOS/MSYS2/$arch

Perhaps adding those lines would be a quick way to increase the resilience of existing msys2 installations? The packages at mirrorservice seemed unperturbed by sf's recent outage.

@tkelman mentioned bintray in msys2/msys2.github.io#6, and I think it would be worth investigating them as a potential second mirror. The whole "free for OSS distribution" thing sounds very enticing. On IRC yesterday, team members were discussing another service whose name I unfortunately forget.

What's clear is that keeping all the project's eggs in one basket is a bad idea, and that lots of services are prepared to offer free baskets/hosting for F/L/OSS software. Hopefully pacman's signing can keep the eggs/packages reasonably tamperproof, or at least make the distro tamper-evident :grinning:

tkelman commented 9 years ago

I just moved a bunch of my binaries from sourceforge to bintray. Much faster and more reliable so far (homebrew hasn't had any complaints with bintray afaik). Bintray's web UI takes a few more clicks than I'd like if you try to do things manually, but they have a nice rest API so you can script everything with curl.

Alexpux commented 9 years ago

New repositories now available:

https://github.com/Alexpux/MINGW-packages/issues/702

machsix commented 3 years ago

Just a tip here. If you are in enterprise environment with self-signed certificate, you can use the following powershell script to export all CA certificates and then overwrite the file /usr/ssl/certs/ca-bundle.crt by "$home\windows.pem"

get-childitem -path cert:\LocalMachine\Root | ForEach-Object {
    $hash = $_.GetCertHashString()
    $base64certificate = @"
-----BEGIN CERTIFICATE-----
$([Convert]::ToBase64String($_.export('Cert'), [System.Base64FormattingOptions]::InsertLineBreaks))
-----END CERTIFICATE-----

"@
    [System.IO.File]::AppendAllText("$home\windows.pem", $base64certificate)
}