# Required HTTP/FTP Servers for FreeBSD and Ports Updates?



## kreyszig (Jun 24, 2011)

Hi,

I am working on a network which uses a http/ftp proxy that prompts by default for user permission before downloading any file. In order to be able to keep my system up-to-date (FreeBSD and ports), I have to white list the FreeBSD servers and directories that need to be accessible, because otherwise I can only download files through a web browser, which is obviously extremely painful. Also only the HTTP and FTP protocols are allowed on my network, so CVSUP is not allowed. So my current plan is to update FreeBSD using the following tools:

1-Port directory update through portsnap
2-FreeBSD src update through CTM
3-Port updates through distfiles and/or packages

I think 1- and 2- are quite straightforward. To allow 1- I need to white list the whole content of  http://portsnap.freebsd.org/ . To allow 2- I need to white list the content of ftp://ftp.freebsd.org/pub/FreeBSD/CTM/ . That should be sufficient, right?

The main issue I have though is with 3-. MASTER_SITE_BACKUP and MASTER_SITE_OVERRIDE variables are no longer recognized in /etc/make.conf, right? How can I force FreeBSD to pull distfiles and packages from ftp://ftp.freebsd.org/pub/FreeBSD/ports? Also what is the difference between ftp://ftp.freebsd.org/pub/FreeBSD/distfiles and ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles? I guess one of the directories is aliased to point to the other, right?

Thanks!


----------



## DutchDaemon (Jun 24, 2011)

Can't you just set the proper authentication variables (IIRC, HTTP_PROXY_AUTH and FTP_PROXY_AUTH) in your environment, so they can work via the proxy server?

See http://cyberjames.pbworks.com/w/page/12887272/FreeBSD:-Installing-ports-via-proxy


----------



## kreyszig (Jun 24, 2011)

DutchDaemon said:
			
		

> Can't you just set the proper authentication variables (IIRC, HTTP_PROXY_AUTH and FTP_PROXY_AUTH) in your environment, so they can work via the proxy server?
> 
> See http://cyberjames.pbworks.com/w/page/12887272/FreeBSD:-Installing-ports-via-proxy



It is not a regular proxy that uses authentication. It is showing a web interface that requires the user to acknowledge that a file is intended to be downloaded. Then the proxy shows a progress bar and when it is done downloading, the user needs to press a save button, then a dialog box pops to select the location to save the file. The easiest way I see to download files from the console is to white list the URLs that are allowed to avoid that web interface. Otherwise I would need to write some kind of local proxy that would take care of sending the required POST commands to the real proxy...


----------

