On Fri, Jun 05, 2020 at 02:41:42PM +0100, Stuart Henderson wrote: > On 2020/06/05 14:54, Theo Buehler wrote: > > It's not the first time that it would have been very useful to me to > > have debug symbols for the libraries in openssl available. > > > > This seems to work for me. Not sure if the revision bump is necessary. > > OK. It adds symbols to the static library archives so the bump is > warranted.
Oh yes. Thanks! > > > I don't expect to need symbols for 1.0.2, so I didn't add a debug > > package there, but as there are a few consumers it might be useful, > > too... > > > Seems a good time to have a look over those. > > sslscan-openssl depends on the :patch target so wouldn't be affected > by a debug change in openssl/1.0.2 (and does still want 1.0.2). I don't know what this does but I believe you :) > waagent uses the openssl binary for cms so probably that dep can be > removed. Diff below, I have no way to test though I don't think there > should be a problem. I scanned through the diff -w bewtween our cms.c and the one of OpenSSL 1.0.2-stable and couldn't spot a change that makes me expect any real incompatibility. ok tb for the diff below. > nsca-ng requires PSK so has to stay using OpenSSL. It could move to > 1.1 though (there's an update, https://github.com/weiss/nsca-ng/releases) > > IIRC nrpe 2.x needs 1.0.2. newer versions upstream work with newer OpenSSL > and *maybe* also LibreSSL but aren't compatible with old versions so > handling an update means we need overlapping versions. (it's also > deprecated upstream now in favour of NCPA). In summary, I see no compelling reason to add debug packages to 1.0.2 unless someone really wants them (not me). > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/sysutils/waagent/Makefile,v > retrieving revision 1.4 > diff -u -p -r1.4 Makefile > --- Makefile 12 Jul 2019 20:49:54 -0000 1.4 > +++ Makefile 5 Jun 2020 13:28:32 -0000 > @@ -19,9 +19,6 @@ MODPY_SETUPTOOLS= Yes > > MODPY_ADJ_FILES= bin/waagent > > -# LibreSSL has removed CMS support > -RUN_DEPENDS= security/openssl/1.0.2 > - > NO_TEST= Yes > > pre-configure: > Index: patches/patch-config_openbsd_waagent_conf > =================================================================== > RCS file: > /cvs/ports/sysutils/waagent/patches/patch-config_openbsd_waagent_conf,v > retrieving revision 1.1.1.1 > diff -u -p -r1.1.1.1 patch-config_openbsd_waagent_conf > --- patches/patch-config_openbsd_waagent_conf 23 Jun 2017 12:37:09 -0000 > 1.1.1.1 > +++ patches/patch-config_openbsd_waagent_conf 5 Jun 2020 13:28:32 -0000 > @@ -5,6 +5,15 @@ disable extensions and autoupdate > Index: config/openbsd/waagent.conf > --- config/openbsd/waagent.conf.orig > +++ config/openbsd/waagent.conf > +@@ -61,7 +61,7 @@ OS.EnableFIPS=n > + OS.RootDeviceScsiTimeout=300 > + > + # If "None", the system default version is used. > +-OS.OpensslPath=/usr/local/bin/eopenssl > ++OS.OpensslPath=/usr/bin/openssl > + > + # Set the path to SSH keys and configuration files > + OS.SshDir=/etc/ssh > @@ -84,6 +84,9 @@ OS.PasswordPath=/etc/master.passwd > # > # Pid.File=/var/run/waagent.pid > > > > > > > > Index: Makefile > > =================================================================== > > RCS file: /var/cvs/ports/security/openssl/1.1/Makefile,v > > retrieving revision 1.15 > > diff -u -p -r1.15 Makefile > > --- Makefile 22 Apr 2020 04:31:53 -0000 1.15 > > +++ Makefile 5 Jun 2020 12:48:58 -0000 > > @@ -2,12 +2,15 @@ > > > > PORTROACH= limit:^1\.1\.[0-9][a-z] skipb:0 skipv:1.1.1 > > V= 1.1.1g > > +REVISION= 0 > > > > SHLIBVER= 11.5 > > SHARED_LIBS= crypto ${SHLIBVER} \ > > ssl ${SHLIBVER} > > > > WANTLIB= c > > + > > +DEBUG_PACKAGES = ${BUILD_PACKAGES} > > > > CONFIGURE_STYLE= simple > > CONFIGURE_SCRIPT= config > > >
