Re: [oi-dev] OpenSSL update process
In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher said...: If /usr/include/openssl does not point anywhere probably the mediator is not set to a right version or openssl-11 is not installed: narval> pkg mediator openssl MEDIATORVER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl local 1.1 local openssl narval> ls -lha /usr/include/openssl lrwxrwxrwx 1 root staff 30 Feb 5 22:54 /usr/include/openssl -> ../openssl/1.1/include/openssl I've just updated my build box again and something is still not correct for me. $ pfexec pkg verify -v openssl-11 PACKAGE STATUS pkg://openindiana.org/library/security/openssl-11 OK $ pkg info library/security/openssl-11 Name: library/security/openssl-11 Summary: OpenSSL - a Toolkit for Transport Layer (TLS v1+) protocols and general purpose cryptographic library Category: System/Security State: Installed Publisher: openindiana.org Version: 1.1.1.9 Branch: 2020.0.1.0 Packaging Date: February 6, 2021 at 03:06:14 AM Last Install Time: February 6, 2021 at 10:56:16 PM Size: 10.75 MB FMRI: pkg://openindiana.org/library/security/openssl-11@1.1.1.9-2020.0.1.0:20210206T030614Z Source URL: http://www.openssl.org/source/openssl-1.1.1i.tar.gz Project URL: http://www.openssl.org/ $ pkg mediator openssl MEDIATORVER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl local 1.1 local system $ ls -alh /usr/include/openssl /usr/include/openssl: No such file or directory $ pkg contents openssl-11 | egrep 'include' | egrep -v '\.h$' usr/include/openssl I'm not sure why I'm not getting /usr/include/openssl, but it's not present. I've been considering that it may be a good idea to rebuild my build box anyway, I might try that in the next couple days. I was part way through building perl 5.30.1 and updating the perl modules when the pandemic lockdown started, so my build box is in a bit of a weird state for perl. I don't see how that would be causing problems for openssl, but a fresh build box wouldn't hurt. Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure / Division of Information Technology/701-231-1076 (Voice) North Dakota State University, Fargo, ND 58105-5164___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenSSL update process
In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher said...: On Sun, Feb 7, 2021 at 12:33 AM Tim Mooney via oi-dev < oi-dev@openindiana.org> wrote: In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher said...: OpenSSL 1.1 is now merged: 1. The mediator is default set to 1.0 but can be safely set to 1.1. Is changing the mediator supposed to make /usr/include/openssl/ available, or is that supposed to be done by shared-macros.mk after setting USE_OPENSSL11=yes, or do we now need to specify -I$(OPENSSL_PREFIX)/include in the component Makefile? I've changed the mediator and done a git pull to get the latest oi-userland bits. 'gmake update' now works in e.g. components/perl/net-ssleay/ but the build step doesn't know where to look for the headers. If /usr/include/openssl does not point anywhere probably the mediator is not set to a right version or openssl-11 is not installed: narval> pkg mediator openssl MEDIATORVER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl local 1.1 local openssl narval> ls -lha /usr/include/openssl lrwxrwxrwx 1 root staff 30 Feb 5 22:54 /usr/include/openssl -> ../openssl/1.1/include/openssl But you should not need to change the mediator to build the package unless the component's own build system is buggy. openssl-11 is installed and I went ahead and changed the mediator before even attempting the build, since I didn't know it wasn't strictly required. $ pkg mediator openssl MEDIATORVER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl local 1.1 local system $ pkg list | egrep openssl library/python/pyopenssl (openindiana.org)16.2.0-2020.0.1.4 i-- library/python/pyopenssl-27 (openindiana.org) 16.2.0-2020.0.1.4 i-- library/python/pyopenssl-35 (openindiana.org) 16.2.0-2020.0.1.4 i-- library/security/openssl (openindiana.org)1.0.2.21-2020.0.1.3i-- library/security/openssl-11 (openindiana.org) 1.1.1.9-2020.0.1.0 i-- $ ls -lha /usr/include/openssl /usr/include/openssl: No such file or directory In any case openssl-11 should install automatically at your next update since I pushed a new wget package depending on it. I'll pkg update again and see if the situation improves. Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure / Division of Information Technology/701-231-1076 (Voice) North Dakota State University, Fargo, ND 58105-5164___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenSSL update process
On Sun, Feb 7, 2021 at 12:33 AM Tim Mooney via oi-dev < oi-dev@openindiana.org> wrote: > In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher > said...: > > > OpenSSL 1.1 is now merged: > > > > 1. The mediator is default set to 1.0 but can be safely set to 1.1. > > Is changing the mediator supposed to make /usr/include/openssl/ > available, or is that supposed to be done by shared-macros.mk after > setting USE_OPENSSL11=yes, or do we now need to specify > -I$(OPENSSL_PREFIX)/include in the component Makefile? > > I've changed the mediator and done a git pull to get the latest > oi-userland bits. 'gmake update' now works in e.g. > components/perl/net-ssleay/ but the build step doesn't know where to look > for the headers. > If /usr/include/openssl does not point anywhere probably the mediator is not set to a right version or openssl-11 is not installed: narval> pkg mediator openssl MEDIATORVER. SRC. VERSION IMPL. SRC. IMPLEMENTATION openssl local 1.1 local openssl narval> ls -lha /usr/include/openssl lrwxrwxrwx 1 root staff 30 Feb 5 22:54 /usr/include/openssl -> ../openssl/1.1/include/openssl But you should not need to change the mediator to build the package unless the component's own build system is buggy. In any case openssl-11 should install automatically at your next update since I pushed a new wget package depending on it. Do not hesitate if you have any other questions. Also you can report if the 'gmake update' trick does not work for some components, it is after all based on a hastily written piece of python by a non-python developer :P Kind regards, Aurélien > > 2. illumos-gate is patched to accept library/security/openssl-11 as > > dependency so that it builds when the mediator version is 1.1. > > 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes > > which should be placed before shared-macros.mk is included. > > 4. If 'gmake update' is executed in a component depending on OpenSSL then > > the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set. > > > > Now the fun begins: > > > > 3. Move all the components supporting OpenSSL 1.1 or update them. > >> 4. Deprecate possible rotting components which cannot be updated and may > >> cause security issues. > >> > > > > and... the more, the merrier! > > Tim > -- > Tim Mooney tim.moo...@ndsu.edu > Enterprise Computing & Infrastructure / > Division of Information Technology/701-231-1076 (Voice) > North Dakota State University, Fargo, ND > 58105-5164___ > oi-dev mailing list > oi-dev@openindiana.org > https://openindiana.org/mailman/listinfo/oi-dev > -- --- Praise the Caffeine embeddings ___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenSSL update process
> 1. The mediator is default set to 1.0 but can be safely set to 1.1. > > Is changing the mediator supposed to make /usr/include/openssl/ > available, or is that supposed to be done by shared-macros.mk after > setting USE_OPENSSL11=yes, or do we now need to specify > -I$(OPENSSL_PREFIX)/include in the component Makefile? > The mediator can stay as it is on 1.0 for now. Technically the switch with USE_OPENSSL1X: 1. preprends the directory $(OPENSSL_BINDIR) to PATH, 2. preprends $(OPENSSL_PKG_CONFIG_PATH) to PKG_CONFIG_PATH, so that any build system relying on pkg-config files or the openssl binary to detect the paths and the version would get the right one. However if you change the mediator to 1.1 you should make sure that library/security/openssl-11 is installed. > I've changed the mediator and done a git pull to get the latest > oi-userland bits. 'gmake update' now works in e.g. > components/perl/net-ssleay/ but the build step doesn't know where to look > for the headers. > > > 2. illumos-gate is patched to accept library/security/openssl-11 as > > dependency so that it builds when the mediator version is 1.1. > > 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes > > which should be placed before shared-macros.mk is included. > > 4. If 'gmake update' is executed in a component depending on OpenSSL then > > the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set. > > > > Now the fun begins: > > > > 3. Move all the components supporting OpenSSL 1.1 or update them. > >> 4. Deprecate possible rotting components which cannot be updated and may > >> cause security issues. > >> > > > > and... the more, the merrier! > > Tim > -- > Tim Mooney tim.moo...@ndsu.edu > Enterprise Computing & Infrastructure / > Division of Information Technology/701-231-1076 (Voice) > North Dakota State University, Fargo, ND > 58105-5164___ > oi-dev mailing list > oi-dev@openindiana.org > https://openindiana.org/mailman/listinfo/oi-dev > -- --- Praise the Caffeine embeddings ___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenSSL update process
In regard to: Re: [oi-dev] OpenSSL update process, Aurélien Larcher said...: OpenSSL 1.1 is now merged: 1. The mediator is default set to 1.0 but can be safely set to 1.1. Is changing the mediator supposed to make /usr/include/openssl/ available, or is that supposed to be done by shared-macros.mk after setting USE_OPENSSL11=yes, or do we now need to specify -I$(OPENSSL_PREFIX)/include in the component Makefile? I've changed the mediator and done a git pull to get the latest oi-userland bits. 'gmake update' now works in e.g. components/perl/net-ssleay/ but the build step doesn't know where to look for the headers. 2. illumos-gate is patched to accept library/security/openssl-11 as dependency so that it builds when the mediator version is 1.1. 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes which should be placed before shared-macros.mk is included. 4. If 'gmake update' is executed in a component depending on OpenSSL then the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set. Now the fun begins: 3. Move all the components supporting OpenSSL 1.1 or update them. 4. Deprecate possible rotting components which cannot be updated and may cause security issues. and... the more, the merrier! Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure / Division of Information Technology/701-231-1076 (Voice) North Dakota State University, Fargo, ND 58105-5164___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] OpenSSL update process
OpenSSL 1.1 is now merged: 1. The mediator is default set to 1.0 but can be safely set to 1.1. 2. illumos-gate is patched to accept library/security/openssl-11 as dependency so that it builds when the mediator version is 1.1. 3. oi-userland has now a switch USE_OPENSSL10=yes or USE_OPENSSL11=yes which should be placed before shared-macros.mk is included. 4. If 'gmake update' is executed in a component depending on OpenSSL then the switch is made to OpenSSL 1.1 unless USE_OPENSSL10=yes is set. Now the fun begins: 3. Move all the components supporting OpenSSL 1.1 or update them. > 4. Deprecate possible rotting components which cannot be updated and may > cause security issues. > and... the more, the merrier! Cheers ___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
Re: [oi-dev] texlive package
I'm creating a "pull request" for the OI documentation, for some notes on "TeX Live on OpenIndiana", which I've just written. TeX Live seems to be the most complete distribution, and the fact that it can be installed is of course excellent. The first step for a "TeXLive" package is documentation on the current possibilities. If there's other work on TeX on OpenIndiana, or someone who wants to contribute something, it would be still a good idea to put it under the Github "TeX project" on OpenIndiana. Regards, David Stes ___ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev
