From nobody Mon Jan 16 15:49:17 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nwc0203ftz2shVW
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Mon, 16 Jan 2023 15:49:22 +0000 (UTC)
	(envelope-from trashcan@ellael.org)
Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [IPv6:2001:41d0:302:1100::1499])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nwc0136dkz3D8M;
	Mon, 16 Jan 2023 15:49:21 +0000 (UTC)
	(envelope-from trashcan@ellael.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=ellael.org header.s=dkim header.b=h6RfWHOv;
	spf=pass (mx1.freebsd.org: domain of trashcan@ellael.org designates 2001:41d0:302:1100::1499 as permitted sender) smtp.mailfrom=trashcan@ellael.org;
	dmarc=pass (policy=quarantine) header.from=ellael.org
Received: from smtpclient.apple (p200300fB4f007b01CCe2A5D9764369b5.dip0.t-ipconnect.de [IPv6:2003:fb:4f00:7b01:cce2:a5d9:7643:69b5])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 4Nwbzy4Flyzryp;
	Mon, 16 Jan 2023 16:49:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ellael.org; s=dkim;
	t=1673884158;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=TknC9z/m/482EU4VGZHzEt7RQ+p/h5RK1ndE82F6UNU=;
	b=h6RfWHOvENTC/vGF88B5wDALkTg7Ja0ocmhCDjFiCJTLYUja1ay7yQiwTwNhXd7X7GSOB5
	GiftyIinAnvvW0Oiv+noR5pJurQqPjEgRW11IEAMA/ELVMj5l9ZSASVWGRXhdaMANtnkCy
	ZkiDs13bvuU/XR2pICZnOYT7BrZrRstNsftMS00z8KOAAfs+xAAGANQKBR5I3VjZUuXnpf
	/pwxFeC4CnlKG6aqM8fMfSD0uA/PnN8gMgz9lV9uqP0tqsRjqb9/q2qaf7p9zbO++c+o0f
	8V0s5T6OkixkIHlmnqYbU3KZjkLoQsld7INYPpLMiCEzLijeh6hhz5YIG/WJbw==
From: Michael Grimm <trashcan@ellael.org>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: postfix' blacklistd patch
Message-Id: <4EC5136F-0692-460C-85B8-BA3BF5FA728E@ellael.org>
Date: Mon, 16 Jan 2023 16:49:17 +0100
Cc: "otis@freebsd.org" <otis@FreeBSD.org>
To: freeBSD ports <freebsd-ports@FreeBSD.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
X-Spamd-Result: default: False [-3.50 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[ellael.org,quarantine];
	MV_CASE(0.50)[];
	R_SPF_ALLOW(-0.20)[+ip6:2001:41d0:302:1100::1499];
	R_DKIM_ALLOW(-0.20)[ellael.org:s=dkim];
	MIME_GOOD(-0.10)[text/plain];
	RCPT_COUNT_TWO(0.00)[2];
	ASN(0.00)[asn:16276, ipnet:2001:41d0::/32, country:FR];
	MLMMJ_DEST(0.00)[freebsd-ports@FreeBSD.org];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[ellael.org:+];
	TO_DN_EQ_ADDR_SOME(0.00)[];
	ARC_NA(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_HAS_DN(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_SOME(0.00)[];
	RCVD_TLS_ALL(0.00)[]
X-Rspamd-Queue-Id: 4Nwc0136dkz3D8M
X-Spamd-Bar: ---
X-ThisMailContainsUnwantedMimeParts: N

Hi,

I wonder if the following condition for triggering blacklistd is =
appropriate:

   if (status !=3D XSASL_AUTH_DONE) {
        msg_warn("%s: SASL %s authentication failed: %s",
                 state->namaddr, sasl_method,
                 STR(state->sasl_reply));
        /* RFC 4954 Section 6. */
        if (status =3D=3D XSASL_AUTH_TEMP)
            smtpd_chat_reply(state, "454 4.7.0 Temporary authentication =
failure: %s",
                             STR(state->sasl_reply));
        else
            smtpd_chat_reply(state, "535 5.7.8 Error: authentication =
failed: %s",
                             STR(state->sasl_reply));


        /* notify blacklistd of SASL authentication failure */
        pfilter_notify(1, vstream_fileno(state->client));
        return (-1);
    }

If I am not mistaken blacklistd will become notified even after a =
'Temporary authentication failure'.=20

Has this been intended?


Regards,
Michael=

From nobody Mon Jan 16 19:41:22 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nwj7l37Jcz2tBL2
	for <ports@mlmmj.nyi.freebsd.org>; Mon, 16 Jan 2023 19:41:23 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nwj7l1HPjz3sby
	for <ports@freebsd.org>; Mon, 16 Jan 2023 19:41:23 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1673898083;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IKIhaD3bZ3BR2T6vAKdeKt6CmY4zji+zhua9A8vAglg=;
	b=IFAzhW8TPm8OEEUvmbfAJ3Ko8iHr8YaDj8aNYLpsgxO0msKZc9n/SMAxgkk4XGVwZa6oUJ
	VV0ibeZ3/MtcRWyHmNo6ovdkPABEbjkn5U2Q2/qyMzjc/yyYXepJOgfqtOqzzQenjx7e2h
	bbhCC2sXG4hCywBsc+DYGN3mVdYuV+C+nGBF28+JMHmeCmgoC8safipGsrYWS5J8Bf01aW
	bmpFjWAfO+ZqEqhu6wLgGkU/mVD5sdVLG8V3UioewofjC/DGUF599XUQg3au2Kl66SitLh
	Trn0TdGNGhCL81iWW/byDfMqGF5RAXj2UsNTBNkP5EtxKu4KwyQbl2Dkh6BUNg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673898083; a=rsa-sha256; cv=none;
	b=HqvPMgUIMvezXdy0M9QDeY33pCFm/VuqzMuhPn2wbw+CN3xFBmNOIthNvwX61B/HSvCb7X
	Dh++ZAFVQkR6LXVQJiAscg4E6C84sDXiCgkmKVWnM1AN+vfg1IjyeWXo8WCFuermKpEnLh
	8ViMLOMZivRBURRLJhRCNIJUGmzpYHqP+TZRw+h8IczWfeuV7tA5B95wIRQNXY2Jy1bQIL
	CYaB8/4KsTZRJT5J26YPJu4g3KFYJrAOjFYaQ49s6XdOs9W98lwTtGTscAHysm4piEmHEl
	61lQ8uThcWUEejGxViHL85OEDcupfaBWIAToLbBhKtozKXMYSEm3wWhuHHOrpQ==
Received: from portscout.nyi.freebsd.org (portscout.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Nwj7l0Lzyz1JW4
	for <ports@freebsd.org>; Mon, 16 Jan 2023 19:41:23 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from portscout.nyi.freebsd.org ([127.0.1.10])
	by portscout.nyi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30GJfMp5001549
	for <ports@freebsd.org>; Mon, 16 Jan 2023 19:41:22 GMT
	(envelope-from portscout@FreeBSD.org)
Received: (from portscout@localhost)
	by portscout.nyi.freebsd.org (8.15.2/8.15.2/Submit) id 30GJfM3H001548;
	Mon, 16 Jan 2023 19:41:22 GMT
	(envelope-from portscout@FreeBSD.org)
Message-Id: <202301161941.30GJfM3H001548@portscout.nyi.freebsd.org>
X-Authentication-Warning: portscout.nyi.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Date: Mon, 16 Jan 2023 19:41:22 +0000
From: portscout@FreeBSD.org
To: ports@freebsd.org
Subject: Unmaintained FreeBSD ports which are out of date
X-Mailer: portscout/0.8.1
X-ThisMailContainsUnwantedMimeParts: N

Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/ports@freebsd.org.html


Port                                            | Current version | New version
------------------------------------------------+-----------------+------------
science/h5utils                                 | 1.13.1          | 1.13.2
------------------------------------------------+-----------------+------------


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:    portscout!

From nobody Tue Jan 17 15:44:42 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxCrC2hmTz2scJM
	for <ports@mlmmj.nyi.freebsd.org>; Tue, 17 Jan 2023 15:44:43 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxCrB75JBz4MJX
	for <ports@freebsd.org>; Tue, 17 Jan 2023 15:44:42 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1673970283;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RVbN+F3+XHVqIxVaWkOC7x5UvAalanGpf4IB7WHENGU=;
	b=AV8g4Sto9R85sF2NstPfTY0A2q8qbSK5Q9L9AwYHvmzWHdDOoL9EUtnOhFPQ1hFAVkMZAN
	ooBLXbTmH1qKuLBSg9Qmrw3k8liavIzgUVCf2PU09wlCNhhwkPpn8XLi8D/8ckPsS9NUS/
	VpkNa0MbRgrlChET4KT/PoQ9DjHm495Y4OSPNDpzJCH/B9c/N/HF/61GwwRHzY7vX4dhNi
	a28c3SKZMIKg2Il0NT44wOLg1ljGdOnpABYq7R4yyrJOXl+E1vVuCDVqynQVlUZyC+CYo8
	99fkZErVWsCsvViTMYCYQPlnx31yIDOQlZAux2uUlSN92bp2v5cS68r619u6hw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673970283; a=rsa-sha256; cv=none;
	b=ZRlA8pzIMnpjkapI4dLeY2wwwu6vRXl8yItgEP9tj8Smppcpv9Hy31bAmomo4zQBSPpXU+
	w/w4tCBrm7ZQUysgVDpVaDrWIxBuMuBwVIsHCDYNcFHorSeoc+nb/pHozGjLQyHxfCqPIE
	2p3I5vt2cZyUCRi76E0JH5VHLcpq4cr+wwFV/b+uES6tf2XIeOiTslcGglMtmQCRd+KgmO
	rOKF+u7+ViY3XAlxAPpC3vMUE1InSrTdB0EUCNIFUnqU6rVb0yp0XlwFwYL9oi5WOPgued
	TYzYGJskOU4s1Bm50CUeSyCjPjcuePmKscjfjrT4EmwO5cGK4kfiHtTRi08u2w==
Received: from portscout.nyi.freebsd.org (portscout.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NxCrB64qGzcfv
	for <ports@freebsd.org>; Tue, 17 Jan 2023 15:44:42 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from portscout.nyi.freebsd.org ([127.0.1.10])
	by portscout.nyi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30HFigb4053909
	for <ports@freebsd.org>; Tue, 17 Jan 2023 15:44:42 GMT
	(envelope-from portscout@FreeBSD.org)
Received: (from portscout@localhost)
	by portscout.nyi.freebsd.org (8.15.2/8.15.2/Submit) id 30HFigbF053908;
	Tue, 17 Jan 2023 15:44:42 GMT
	(envelope-from portscout@FreeBSD.org)
Message-Id: <202301171544.30HFigbF053908@portscout.nyi.freebsd.org>
X-Authentication-Warning: portscout.nyi.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Date: Tue, 17 Jan 2023 15:44:42 +0000
From: portscout@FreeBSD.org
To: ports@freebsd.org
Subject: Unmaintained FreeBSD ports which are out of date
X-Mailer: portscout/0.8.1
X-ThisMailContainsUnwantedMimeParts: N

Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/ports@freebsd.org.html


Port                                            | Current version | New version
------------------------------------------------+-----------------+------------
cad/ifcopenshell                                | 0.6.0           | blenderbim-230116
------------------------------------------------+-----------------+------------


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:    portscout!

From nobody Tue Jan 17 16:03:10 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxDFm6DQPz2sfP6
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Tue, 17 Jan 2023 16:03:24 +0000 (UTC)
	(envelope-from carlavilla@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxDFm5kfLz4PHT;
	Tue, 17 Jan 2023 16:03:24 +0000 (UTC)
	(envelope-from carlavilla@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1673971404;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=zTZjuBBQYDIAx9y/nAlvaY0rnHcx1jZc/4k89IbNKok=;
	b=G9QXp28kgGP5xwt/nkcEgPLSD/K1obj7QnnX6nKfrLF92yPxCHzAwhXE5o0c2cdxXVhnaX
	voLghS5mtz2FCf8gZ7whKApfoVxeE6Gc5uVCqy7KgFBlPdlfqWS1fjbQzvfO/zEArxBQvJ
	z6q9f2fr/2xRMAjo8pxqNpsdZQb2ruaqLwW2srt/LQDg6mD2tyaZQQZv2MpH3GSUn+Xsvy
	ThdfIXvXl6Fpuh4X+DScdT2RkTxdH4XPJq3bg2HclAfRU60U5fmw66tgmepI15m4ObERyn
	Ym6EUClZOKyJ/OP/rNDMQf3c9FgCVQLaZt9IYK2CpNfMbgdiIpQYJh6otrj6yA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1673971404;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=zTZjuBBQYDIAx9y/nAlvaY0rnHcx1jZc/4k89IbNKok=;
	b=Zcwtzsnsn4cx2JOr2bF4UU+sCS5zTuuvPzUjRfSBOmO1599rNvN/JlaJdeSXHYNbWsXXyr
	HMrmXTd6W7E04wXShatt3ij/SyVGXcHY//5McIga0PpB3K6OK8HwCOyQ8gpKTvPtwk3iVC
	atmIvx560+Ndbfa5Fb2rqubfB0UO0CyjzRVoBDQMwySwijsLh34WSQVqzJT7XO0Qp6f1rQ
	V9YdpXvB1huS6v9IR4qbOM6U4FeTaKVmejkYuZVhQYNZCczdX5HqYDoqRn77mVINPlcHpE
	ZpzoDvlrNnZWtTmBcyDvaTYcjf3o04kJe4c8DHI1lpFzM/onx6KbTP+2LenQZg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673971404; a=rsa-sha256; cv=none;
	b=gJB/iXmm4x1HuwRZijVTIMPPDPajiKPVUgunOhacxEMQi/ZvdiYlEsBoU/d/tbYv8FxgKZ
	EXRtOdYukX+CjxTo1G69zXs1L473AR0g0cPt8QUoRgWlJ3S25bQbgkRIuRjC5fagNjFfoi
	/T7jW7yjMCfNSTDUvxEky076Cvyp7Zyb+9Z3+/Jt+xzhQ9KXTm8rCoI2TOR7LeGCdMeGoF
	SOZRzvFuX/8FRYKvHeIL6VmeS4o+RfrbS67Igq5tI/TTmXoWrPLWFhz8SveDldzXzhcnnp
	cqBF32gwIXOpQhkdp2MN5fjZP618L5PLuyvgnDLduDYDZNkqD3SnUcNbgE2lww==
Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: carlavilla)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4NxDFm4hBXztgd;
	Tue, 17 Jan 2023 16:03:24 +0000 (UTC)
	(envelope-from carlavilla@freebsd.org)
Received: by mail-ot1-f49.google.com with SMTP id k1-20020a056830150100b006864d1cb279so766212otp.5;
        Tue, 17 Jan 2023 08:03:24 -0800 (PST)
X-Gm-Message-State: AFqh2kogn/rt1gdcT2R1Af650oxBQA/gNbp0T+AJdd+7/FLobwT6vwSQ
	mK6oatDdWxFzaZLalwVMd29iSqZhH8vgo93c7Oc=
X-Google-Smtp-Source: AMrXdXs+JSTsbrhAWcTVfSVkbkZBzd98+AxrmFHlTZvluZVqiTEe8Squx3EWPb5xJlQeT8kJvUVZzu9TnYpG8MpMkCE=
X-Received: by 2002:a9d:4c90:0:b0:670:ad40:4f7c with SMTP id
 m16-20020a9d4c90000000b00670ad404f7cmr218304otf.244.1673971403722; Tue, 17
 Jan 2023 08:03:23 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <a1ee4cc2-21b8-4da5-b24c-d181d0a66254@app.fastmail.com>
In-Reply-To: <a1ee4cc2-21b8-4da5-b24c-d181d0a66254@app.fastmail.com>
From: Sergio Carlavilla <carlavilla@freebsd.org>
Date: Tue, 17 Jan 2023 17:03:10 +0100
X-Gmail-Original-Message-ID: <CAFwocyN1AoQp2cABPnVgn=0-tc85Sx=7H=3g5ucO63q3QGbw9A@mail.gmail.com>
Message-ID: <CAFwocyN1AoQp2cABPnVgn=0-tc85Sx=7H=3g5ucO63q3QGbw9A@mail.gmail.com>
Subject: Re: www/gohugo needs a new maintainer - and how to stop maintaining Ports?
To: Ben Lavery-Griffiths <ben@lavery-griffiths.com>
Cc: freebsd-ports@freebsd.org, =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000e216e105f277d6a7"
X-ThisMailContainsUnwantedMimeParts: N

--000000000000e216e105f277d6a7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths <ben@lavery-griffiths.com=
>
escribi=C3=B3:

> Hello all,
>
> It is with sadness that I find myself with no time or headspace to
> continue maintaining www/gohugo and sysutils/zfs-snap-diff.
>
> My understanding is that I should be able to update the MAINTAINER field
> to something so I am no longer the listed maintainer - but what do I need
> to update it to?
>
> Also, because the FreeBSD docs project uses www/gohugo to build the
> website (and other things?) I don't want to leave the Port without a
> maintainer, so would love to support someone taking over the maintainersh=
ip
> of it!
>
> I have CC'd Fernando and Sergio as they contacted me a couple of years ag=
o
> in relation to FreeBSD being used for the website and I think it is right
> to keep them in the loop of any developments :)
>
> Many thanks!
> Ben
>



Hi Ben,

First of all, thanks for helping us with Hugo :)

And yes, we're using Hugo to build the website and the documentation.

I'll try to maintain gohugo since we're using it.

Bye!

--000000000000e216e105f277d6a7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D=
"gmail_attr">El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths &lt;<a href=
=3D"mailto:ben@lavery-griffiths.com">ben@lavery-griffiths.com</a>&gt; escri=
bi=C3=B3:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello all,<br>
<br>
It is with sadness that I find myself with no time or headspace to continue=
 maintaining www/gohugo and sysutils/zfs-snap-diff.<br>
<br>
My understanding is that I should be able to update the MAINTAINER field to=
 something so I am no longer the listed maintainer - but what do I need to =
update it to?<br>
<br>
Also, because the FreeBSD docs project uses www/gohugo to build the website=
 (and other things?) I don&#39;t want to leave the Port without a maintaine=
r, so would love to support someone taking over the maintainership of it!<b=
r>
<br>
I have CC&#39;d Fernando and Sergio as they contacted me a couple of years =
ago in relation to FreeBSD being used for the website and I think it is rig=
ht to keep them in the loop of any developments :) <br>
<br>
Many thanks!<br>
Ben<br>
</blockquote><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex">=C2=A0</blockquote></div></div>=
<div dir=3D"auto"><br></div><div dir=3D"auto">Hi Ben,</div><div dir=3D"auto=
"><br></div><div dir=3D"auto">First of all, thanks for helping us with Hugo=
 :)</div><div dir=3D"auto"><br></div><div dir=3D"auto">And yes, we&#39;re u=
sing Hugo to build the website and the documentation.</div><div dir=3D"auto=
"><br></div><div dir=3D"auto">I&#39;ll try to maintain gohugo since we&#39;=
re using it.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Bye!</div><=
div dir=3D"auto"></div></div>

--000000000000e216e105f277d6a7--

From nobody Tue Jan 17 16:09:04 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxDNY6kfnz2sgJR
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Tue, 17 Jan 2023 16:09:17 +0000 (UTC)
	(envelope-from 0xdutra@gmail.com)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxDNY68PHz4Q3t;
	Tue, 17 Jan 2023 16:09:17 +0000 (UTC)
	(envelope-from 0xdutra@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-ed1-x532.google.com with SMTP id x36so11087107ede.13;
        Tue, 17 Jan 2023 08:09:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=XkZYv+W+wRer5lUJfpihC6iyYlOVR8tb4SpaJoTxcv8=;
        b=pHue59/P7orlfBrxlpygSESoZMJD9Zs0vR0uCtLgNgDBT2/jLm3fXQ21a6n+PL9Tg7
         9q2ip6gV7CpeQE6ilF10AhHLNQ4h+QvmjdBhf/GCmztEAK0d/v97ejzFYh4Jwajfl7r7
         pdQkwu9jq1M34R8UYrgOdG+9/L9gtmBYcJWnGQ7GhKleBV16JDXZNmJCVzEdp951xIbM
         1KwOLSNfyXUSgBgoSBcMKfP7YQ35urhZ1Zpluo6NmdkH0gzFK20AUvNtHBag4ki5dHEG
         q3BOiw1eH1E1a4K+JqGXHVn70IRsd7mpiS2uVO7OYkVFaWjRV+J1h/iZ6pOYk17KAu3E
         XbOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=XkZYv+W+wRer5lUJfpihC6iyYlOVR8tb4SpaJoTxcv8=;
        b=ZKGsSUIaz9vPRWuH9CrB0g+fIYHPxBuFH5fINrveFdZ6F0Z5+sRCVDgbAbU17mmWN2
         i/h/3sz9BZSocdHTBoJiouyqSouZz8ZrpmJHQTcoKqef0Xf4zbtXUbnrSP/r77OIu5nt
         QO4a80DxhEoNztC9iTvU2ZD4wbJPNuVS3idN9NBptglQQbqYPb+Gl7af1aFHmMMm815D
         ToQ4h9ougtIuk+dJjarCAtB4ri04eYBO0XgJOLZ/gFqKJEEB0wURb7Zm0tEl1lBwr0r0
         twERHtw2XngRdUmdB5dsD0+eaRwcs8lNqe8FgvkBHkIl8A0794SJEgp07PkhS9nT95pS
         iF/g==
X-Gm-Message-State: AFqh2kqqYJSupWXB3G96nMDWIlL0sXcypJcdjzWD7rkmm4vSreYDxJ4e
	PxEcBa/A9xZYIjSq7uwzpQB1USd8DTVdus0Wa4llQyuF
X-Google-Smtp-Source: AMrXdXvKDIfTcPx9a/X7ZZfIJGYsMqO/lnQhTHVnKPomfD/biIhkBTuosTq8BaLSuh12WJv5lzsPh2C80eYY9ROppdQ=
X-Received: by 2002:a05:6402:3ce:b0:461:15f0:a574 with SMTP id
 t14-20020a05640203ce00b0046115f0a574mr366139edw.187.1673971756444; Tue, 17
 Jan 2023 08:09:16 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <a1ee4cc2-21b8-4da5-b24c-d181d0a66254@app.fastmail.com> <CAFwocyN1AoQp2cABPnVgn=0-tc85Sx=7H=3g5ucO63q3QGbw9A@mail.gmail.com>
In-Reply-To: <CAFwocyN1AoQp2cABPnVgn=0-tc85Sx=7H=3g5ucO63q3QGbw9A@mail.gmail.com>
From: Gabriel Dutra <0xdutra@gmail.com>
Date: Tue, 17 Jan 2023 13:09:04 -0300
Message-ID: <CAC5tWNFP6fLJQ9caOhBJPtk7JLrVqE8Z9VoQHN-GtTu3UKahOw@mail.gmail.com>
Subject: Re: www/gohugo needs a new maintainer - and how to stop maintaining Ports?
To: Sergio Carlavilla <carlavilla@freebsd.org>
Cc: Ben Lavery-Griffiths <ben@lavery-griffiths.com>, freebsd-ports@freebsd.org, 
	=?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000e8368005f277ebf4"
X-Rspamd-Queue-Id: 4NxDNY68PHz4Q3t
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

--000000000000e8368005f277ebf4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi, I'm interested in maintain the port.


Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla <carlavilla@freebsd.org>
escreveu:

> El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths <
> ben@lavery-griffiths.com> escribi=C3=B3:
>
>> Hello all,
>>
>> It is with sadness that I find myself with no time or headspace to
>> continue maintaining www/gohugo and sysutils/zfs-snap-diff.
>>
>> My understanding is that I should be able to update the MAINTAINER field
>> to something so I am no longer the listed maintainer - but what do I nee=
d
>> to update it to?
>>
>> Also, because the FreeBSD docs project uses www/gohugo to build the
>> website (and other things?) I don't want to leave the Port without a
>> maintainer, so would love to support someone taking over the maintainers=
hip
>> of it!
>>
>> I have CC'd Fernando and Sergio as they contacted me a couple of years
>> ago in relation to FreeBSD being used for the website and I think it is
>> right to keep them in the loop of any developments :)
>>
>> Many thanks!
>> Ben
>>
>
>
>
> Hi Ben,
>
> First of all, thanks for helping us with Hugo :)
>
> And yes, we're using Hugo to build the website and the documentation.
>
> I'll try to maintain gohugo since we're using it.
>
> Bye!
>

--000000000000e8368005f277ebf4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hi, I&#39;m interested in maintain the port.<div dir=3D"a=
uto"><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla &lt;<a h=
ref=3D"mailto:carlavilla@freebsd.org">carlavilla@freebsd.org</a>&gt; escrev=
eu:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex"><div dir=3D"auto"><div><div cla=
ss=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">El mar., 17 ene. 2=
023 16:58, Ben Lavery-Griffiths &lt;<a href=3D"mailto:ben@lavery-griffiths.=
com" target=3D"_blank" rel=3D"noreferrer">ben@lavery-griffiths.com</a>&gt; =
escribi=C3=B3:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello all,<br>
<br>
It is with sadness that I find myself with no time or headspace to continue=
 maintaining www/gohugo and sysutils/zfs-snap-diff.<br>
<br>
My understanding is that I should be able to update the MAINTAINER field to=
 something so I am no longer the listed maintainer - but what do I need to =
update it to?<br>
<br>
Also, because the FreeBSD docs project uses www/gohugo to build the website=
 (and other things?) I don&#39;t want to leave the Port without a maintaine=
r, so would love to support someone taking over the maintainership of it!<b=
r>
<br>
I have CC&#39;d Fernando and Sergio as they contacted me a couple of years =
ago in relation to FreeBSD being used for the website and I think it is rig=
ht to keep them in the loop of any developments :) <br>
<br>
Many thanks!<br>
Ben<br>
</blockquote><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex">=C2=A0</blockquote></div></div>=
<div dir=3D"auto"><br></div><div dir=3D"auto">Hi Ben,</div><div dir=3D"auto=
"><br></div><div dir=3D"auto">First of all, thanks for helping us with Hugo=
 :)</div><div dir=3D"auto"><br></div><div dir=3D"auto">And yes, we&#39;re u=
sing Hugo to build the website and the documentation.</div><div dir=3D"auto=
"><br></div><div dir=3D"auto">I&#39;ll try to maintain gohugo since we&#39;=
re using it.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Bye!</div><=
div dir=3D"auto"></div></div>
</blockquote></div>

--000000000000e8368005f277ebf4--

From nobody Tue Jan 17 19:12:18 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxJS0323Bz2t5NM
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Tue, 17 Jan 2023 19:12:32 +0000 (UTC)
	(envelope-from carlavilla@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxJS02XBPz3n1d;
	Tue, 17 Jan 2023 19:12:32 +0000 (UTC)
	(envelope-from carlavilla@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1673982752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=taI5/eZIn+RaVwQMylUu2UHGtwemQf7/WwLsp32zuLI=;
	b=oU7QtQflmvVVTLlUq7KsX1jThLBlpX/PH6u8xifSidhm6B4H14ATIDDDDBSVpl5Cmnn85n
	0Avz5b3HrB56tyxkU2jJ4+qz7XcL2JXCtGoyF0s6/HjrbVz53MKXqCrWAKI7uVwdJ4YgXC
	M7TmzPfUvN492vfgzVee8y4SHIlj+IJ3OypaVQXteScxfF8BdqXf3za8CDMZL3cNT3ZcTG
	MvZrbx+rFtkEo0WK99Jb5O8wLpEY6mDg4x5kSwd+5zt2TAdojnE2yf8JAbuYtr46e7R5FN
	gxws4Otq5HIJYaBGbT1IOPmoLY9g54Gdux6iA6adC/yjQEuR+r5VUEvOeUfaQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1673982752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=taI5/eZIn+RaVwQMylUu2UHGtwemQf7/WwLsp32zuLI=;
	b=pZKOiHkR31CQ/e18RsAqvmA/fdptATdHmwCaoYAWI26YOWXSWYRpgwheT6335tqF+n1bFQ
	sqFSyA7Gzhqwpp6SXUzJ2gr5VaO0GniWdLPH1KbzVmWodOhgXVj3TcBG+vvHYx5VAviDE3
	NFoW8APph01VFdjKzJZ9t9Om53gKq8YFLkgrtsubjBg6MnkFmf2sibvVfAW+DrRaXiZZUp
	sOKIHzfbWHnL9dMlrcTn4Oi0BMh8c38nFQeuK0e1mrcHL1Jaz/jeaP59nzFxR3mKsdRlzk
	0IcC+Hbx66L/a7xP/4jebuftlVKgNB6/F5GkZf98eC9tAXd5H4LkSIneA+ii/w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673982752; a=rsa-sha256; cv=none;
	b=EFfagyZM39ay2J3EpBNBchXF1dcaI4KckCjEytMkD8IIwqY3n2s1FynjKAUizdNDfRKDeW
	4GaijeoTjYNpGI/Wuulbf4/kgFiTgfUAVVV1yJeZqK81E/16O0F7CLz/o/2M8aHsiMDaEp
	qBzl/uCbMbrmpKfwMk1XYgXn1yx1vkvskxRFLWVfzmCvzkTaKGprn1YeQcyRWqs6Sgf7id
	FVgjBvcQ/ed99oZOPH8EB3aSSb9YEhspuWCL1TWrfL9qKFUzxUuxpqPPfjXGdx69pnO7RC
	WBDsXKju/NH0Er7pFtV6xcNBx8YnkBfmdkg7kySyWfl15bHR1mpbr+voP78Akw==
Received: from mail-oo1-f54.google.com (mail-oo1-f54.google.com [209.85.161.54])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: carlavilla)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4NxJS01bCqzxlK;
	Tue, 17 Jan 2023 19:12:32 +0000 (UTC)
	(envelope-from carlavilla@freebsd.org)
Received: by mail-oo1-f54.google.com with SMTP id z12-20020a4a490c000000b004f21c72be42so1583293ooa.8;
        Tue, 17 Jan 2023 11:12:32 -0800 (PST)
X-Gm-Message-State: AFqh2kpZO+4beQBS0PATLL9kiJJf1QpvNSZB/8srWNSoJKiTjjks56JM
	854wuiSPBYWnSOj0GopytvlaItrK+mbztw3mOwI=
X-Google-Smtp-Source: AMrXdXtzyjOfFTHXALu0KyM5XokQ/n28okrYvftahWpXE7fAwrY4nvlAUT0pq2xbWEob9Yk5CCybBEA/3eaFXpHnmD0=
X-Received: by 2002:a4a:e68e:0:b0:4f2:e59:78f with SMTP id u14-20020a4ae68e000000b004f20e59078fmr187041oot.84.1673982750725;
 Tue, 17 Jan 2023 11:12:30 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <a1ee4cc2-21b8-4da5-b24c-d181d0a66254@app.fastmail.com>
 <CAFwocyN1AoQp2cABPnVgn=0-tc85Sx=7H=3g5ucO63q3QGbw9A@mail.gmail.com> <CAC5tWNFP6fLJQ9caOhBJPtk7JLrVqE8Z9VoQHN-GtTu3UKahOw@mail.gmail.com>
In-Reply-To: <CAC5tWNFP6fLJQ9caOhBJPtk7JLrVqE8Z9VoQHN-GtTu3UKahOw@mail.gmail.com>
From: Sergio Carlavilla <carlavilla@freebsd.org>
Date: Tue, 17 Jan 2023 20:12:18 +0100
X-Gmail-Original-Message-ID: <CAFwocyOZvMrXipJ3kVWgnojHZhueoWRP7QM4mt8tTKeEshFAbQ@mail.gmail.com>
Message-ID: <CAFwocyOZvMrXipJ3kVWgnojHZhueoWRP7QM4mt8tTKeEshFAbQ@mail.gmail.com>
Subject: Re: www/gohugo needs a new maintainer - and how to stop maintaining Ports?
To: Gabriel Dutra <0xdutra@gmail.com>
Cc: Ben Lavery-Griffiths <ben@lavery-griffiths.com>, freebsd-ports@freebsd.org, 
	=?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-ThisMailContainsUnwantedMimeParts: N

On Tue, 17 Jan 2023 at 17:09, Gabriel Dutra <0xdutra@gmail.com> wrote:
>
> Hi, I'm interested in maintain the port.
>
>
> Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla <carlavilla@freebsd.or=
g> escreveu:
>>
>> El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths <ben@lavery-griffiths.=
com> escribi=C3=B3:
>>>
>>> Hello all,
>>>
>>> It is with sadness that I find myself with no time or headspace to cont=
inue maintaining www/gohugo and sysutils/zfs-snap-diff.
>>>
>>> My understanding is that I should be able to update the MAINTAINER fiel=
d to something so I am no longer the listed maintainer - but what do I need=
 to update it to?
>>>
>>> Also, because the FreeBSD docs project uses www/gohugo to build the web=
site (and other things?) I don't want to leave the Port without a maintaine=
r, so would love to support someone taking over the maintainership of it!
>>>
>>> I have CC'd Fernando and Sergio as they contacted me a couple of years =
ago in relation to FreeBSD being used for the website and I think it is rig=
ht to keep them in the loop of any developments :)
>>>
>>> Many thanks!
>>> Ben
>>>
>>>
>>
>>
>> Hi Ben,
>>
>> First of all, thanks for helping us with Hugo :)
>>
>> And yes, we're using Hugo to build the website and the documentation.
>>
>> I'll try to maintain gohugo since we're using it.
>>
>> Bye!

Sure Gabriel!

From nobody Tue Jan 17 20:18:20 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxKwG22lrz2tyMb
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Tue, 17 Jan 2023 20:18:38 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxKwF6q9Wz3tMF;
	Tue, 17 Jan 2023 20:18:37 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-lj1-f170.google.com with SMTP id y18so30800536ljk.11;
        Tue, 17 Jan 2023 12:18:37 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=y7nq0EmZIWUGjq71k/ZJ66W1LFlARvqzjwBxDrznfdc=;
        b=nD/BvmurRUV7c1oROcJVFaZjCjeAEy+1gP+R0S+RCZ1fSo5rlDFa1L60DYjv/7UPuS
         Yc39fN8EhEMXgTMNqY7uuUo4bCqZtkVdreNxgP+OxXmVpv8+KNQvO5qb88V942LYLlEo
         ditiW7owiUAmJXEVm4ch2MtZIqAnOS8LGPS3IhfWgVUfiW1EffBUtfg8O2icGPJv6hIU
         WymIRRHPmhsxwJHDC6L0CiU+Zl9DLDpSHixA3zKZxBzQkCat4g+EzIE8J6vR+Dm2/Ilk
         XRNPz659eCk4rpr4YEI1xtH0Ek5TxEKJvkeOmTrbo71Qnb7C7+ikHXykjK2iTVtxY8B4
         b01w==
X-Gm-Message-State: AFqh2kpx3OhbR7/fEfPPUmD+VyVcpH4RR9+KQzAJIh29RpwGk73xyi6e
	s6Lf3Z3v2sU9eIJrlmQYPoSMj7Gtt9G8PQ==
X-Google-Smtp-Source: AMrXdXsAH06vyo2er5PIHssbOCc0y1u7uYvTf76ZytN0sfBkG90cV//yDdvG/x6fRBVgwf9GR0IW/A==
X-Received: by 2002:a05:651c:10bc:b0:277:b95:2340 with SMTP id k28-20020a05651c10bc00b002770b952340mr1576947ljn.40.1673986715797;
        Tue, 17 Jan 2023 12:18:35 -0800 (PST)
Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com. [209.85.167.50])
        by smtp.gmail.com with ESMTPSA id g1-20020a2ea4a1000000b0028b7aebf107sm1109719ljm.4.2023.01.17.12.18.34
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 17 Jan 2023 12:18:35 -0800 (PST)
Received: by mail-lf1-f50.google.com with SMTP id f34so48704533lfv.10;
        Tue, 17 Jan 2023 12:18:34 -0800 (PST)
X-Received: by 2002:a19:655a:0:b0:4d3:b4ae:7c19 with SMTP id
 c26-20020a19655a000000b004d3b4ae7c19mr173964lfj.306.1673986713839; Tue, 17
 Jan 2023 12:18:33 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <a1ee4cc2-21b8-4da5-b24c-d181d0a66254@app.fastmail.com>
 <CAFwocyN1AoQp2cABPnVgn=0-tc85Sx=7H=3g5ucO63q3QGbw9A@mail.gmail.com>
 <CAC5tWNFP6fLJQ9caOhBJPtk7JLrVqE8Z9VoQHN-GtTu3UKahOw@mail.gmail.com> <CAFwocyOZvMrXipJ3kVWgnojHZhueoWRP7QM4mt8tTKeEshFAbQ@mail.gmail.com>
In-Reply-To: <CAFwocyOZvMrXipJ3kVWgnojHZhueoWRP7QM4mt8tTKeEshFAbQ@mail.gmail.com>
From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@freebsd.org>
Date: Tue, 17 Jan 2023 21:18:20 +0100
X-Gmail-Original-Message-ID: <CAGwOe2ZWyRWcm-iBBcS0BB4A6VU9xuQtARRE3OaY6izuaGYBNQ@mail.gmail.com>
Message-ID: <CAGwOe2ZWyRWcm-iBBcS0BB4A6VU9xuQtARRE3OaY6izuaGYBNQ@mail.gmail.com>
Subject: Re: www/gohugo needs a new maintainer - and how to stop maintaining Ports?
To: Sergio Carlavilla <carlavilla@freebsd.org>
Cc: Gabriel Dutra <0xdutra@gmail.com>, Ben Lavery-Griffiths <ben@lavery-griffiths.com>, 
	FreeBSD Mailing List <freebsd-ports@freebsd.org>
Content-Type: multipart/alternative; boundary="0000000000006ff2fc05f27b6745"
X-Rspamd-Queue-Id: 4NxKwF6q9Wz3tMF
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
	TAGGED_FROM(0.00)[]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

--0000000000006ff2fc05f27b6745
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

El mar., 17 ene. 2023 20:12, Sergio Carlavilla <carlavilla@freebsd.org>
escribi=C3=B3:

> On Tue, 17 Jan 2023 at 17:09, Gabriel Dutra <0xdutra@gmail.com> wrote:
> >
> > Hi, I'm interested in maintain the port.
> >
> >
> > Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla <
> carlavilla@freebsd.org> escreveu:
> >>
> >> El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths <
> ben@lavery-griffiths.com> escribi=C3=B3:
> >>>
> >>> Hello all,
> >>>
> >>> It is with sadness that I find myself with no time or headspace to
> continue maintaining www/gohugo and sysutils/zfs-snap-diff.
> >>>
> >>> My understanding is that I should be able to update the MAINTAINER
> field to something so I am no longer the listed maintainer - but what do =
I
> need to update it to?
> >>>
> >>> Also, because the FreeBSD docs project uses www/gohugo to build the
> website (and other things?) I don't want to leave the Port without a
> maintainer, so would love to support someone taking over the maintainersh=
ip
> of it!
> >>>
> >>> I have CC'd Fernando and Sergio as they contacted me a couple of year=
s
> ago in relation to FreeBSD being used for the website and I think it is
> right to keep them in the loop of any developments :)
> >>>
> >>> Many thanks!
> >>> Ben
> >>>
> >>>
> >>
> >>
> >> Hi Ben,
> >>
> >> First of all, thanks for helping us with Hugo :)
> >>
> >> And yes, we're using Hugo to build the website and the documentation.
> >>
> >> I'll try to maintain gohugo since we're using it.
> >>
> >> Bye!
>
> Sure Gabriel!
>


Ben, could you open a PR in bugzilla and change MAINTAINER to Gabriel's
user? Feel free to assign the PR to me.

>

--0000000000006ff2fc05f27b6745
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">El mar., 17 ene. 2023 20:12, Sergio Carlavilla &lt;<a =
href=3D"mailto:carlavilla@freebsd.org">carlavilla@freebsd.org</a>&gt; escri=
bi=C3=B3:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, 17 Jan 2023 at 17=
:09, Gabriel Dutra &lt;<a href=3D"mailto:0xdutra@gmail.com" target=3D"_blan=
k" rel=3D"noreferrer">0xdutra@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; Hi, I&#39;m interested in maintain the port.<br>
&gt;<br>
&gt;<br>
&gt; Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla &lt;<a href=3D"mail=
to:carlavilla@freebsd.org" target=3D"_blank" rel=3D"noreferrer">carlavilla@=
freebsd.org</a>&gt; escreveu:<br>
&gt;&gt;<br>
&gt;&gt; El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths &lt;<a href=3D"m=
ailto:ben@lavery-griffiths.com" target=3D"_blank" rel=3D"noreferrer">ben@la=
very-griffiths.com</a>&gt; escribi=C3=B3:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Hello all,<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; It is with sadness that I find myself with no time or headspac=
e to continue maintaining www/gohugo and sysutils/zfs-snap-diff.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; My understanding is that I should be able to update the MAINTA=
INER field to something so I am no longer the listed maintainer - but what =
do I need to update it to?<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Also, because the FreeBSD docs project uses www/gohugo to buil=
d the website (and other things?) I don&#39;t want to leave the Port withou=
t a maintainer, so would love to support someone taking over the maintainer=
ship of it!<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; I have CC&#39;d Fernando and Sergio as they contacted me a cou=
ple of years ago in relation to FreeBSD being used for the website and I th=
ink it is right to keep them in the loop of any developments :)<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Many thanks!<br>
&gt;&gt;&gt; Ben<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Hi Ben,<br>
&gt;&gt;<br>
&gt;&gt; First of all, thanks for helping us with Hugo :)<br>
&gt;&gt;<br>
&gt;&gt; And yes, we&#39;re using Hugo to build the website and the documen=
tation.<br>
&gt;&gt;<br>
&gt;&gt; I&#39;ll try to maintain gohugo since we&#39;re using it.<br>
&gt;&gt;<br>
&gt;&gt; Bye!<br>
<br>
Sure Gabriel!<br></blockquote></div></div><div dir=3D"auto"><br></div><div =
dir=3D"auto"><br></div><div dir=3D"auto">Ben, could you open a PR in bugzil=
la and change MAINTAINER to Gabriel&#39;s user? Feel free to assign the PR =
to me.</div><div dir=3D"auto"><div class=3D"gmail_quote"><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">
</blockquote></div></div></div>

--0000000000006ff2fc05f27b6745--

From nobody Tue Jan 17 21:13:53 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxM8L5NsTz2v5LL
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Tue, 17 Jan 2023 21:14:10 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxM8K3Q3vz42F7;
	Tue, 17 Jan 2023 21:14:09 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of fernando.apesteguia@gmail.com designates 209.85.208.180 as permitted sender) smtp.mailfrom=fernando.apesteguia@gmail.com;
	dmarc=none
Received: by mail-lj1-f180.google.com with SMTP id y18so30953931ljk.11;
        Tue, 17 Jan 2023 13:14:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=reJZIVhhg1klgXraRJNFDchBgctj8ybIeAI6hC8EPY4=;
        b=eGNOC/0mgSlVIlENEn93+YDWHvZxg8Zm1b4quQr2jx+eRrEAESGEdb8zHKGSDQID2d
         4QDNAUC6phSE4wsaHn/3mVqhs3IDunT5iepjplj0hhS1B0MJcw4FdMTvF6RUg/+1fC9b
         1iICT5GAIqWtugf35BXqESCw0BRUmUVKNFl24HO67AnekIaTlo8gf2ucKVIjibPdXOb/
         3TLTFj09caic4XK5/nOurPZ1qHwl/09llXhkp9nOQq4BoB3VjoZDvcTRX/NUib7Klatl
         pC5dtlE78Ll0iZAM9whEnbzRnOTF9+y/A9sv6OZI3OLtP9LI+1s0wtfSTirpKmvgaoSc
         cvDw==
X-Gm-Message-State: AFqh2kqGmuO905jwZ2IeZskSjlk/I1qPpzOyK76fge+7spxHyGGpUOo4
	vQcCy7oPKeDtzsvISBXG2hUCswRtEcGvrg==
X-Google-Smtp-Source: AMrXdXt7VCogBAOgxZvQBgvzoZO20f5VF5uqXFWnyPipvlrt08+zP0OtwjOOepkGu1vkCfkXxu6Z9w==
X-Received: by 2002:a2e:bc1d:0:b0:28b:7cb8:22d0 with SMTP id b29-20020a2ebc1d000000b0028b7cb822d0mr4059646ljf.23.1673990047302;
        Tue, 17 Jan 2023 13:14:07 -0800 (PST)
Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com. [209.85.167.50])
        by smtp.gmail.com with ESMTPSA id t17-20020a2e9c51000000b0028b63d96405sm1714867ljj.105.2023.01.17.13.14.06
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 17 Jan 2023 13:14:06 -0800 (PST)
Received: by mail-lf1-f50.google.com with SMTP id m6so48904062lfj.11;
        Tue, 17 Jan 2023 13:14:06 -0800 (PST)
X-Received: by 2002:ac2:5dd4:0:b0:4b5:964d:49a4 with SMTP id
 x20-20020ac25dd4000000b004b5964d49a4mr384920lfq.637.1673990046401; Tue, 17
 Jan 2023 13:14:06 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <CAFwocyOZvMrXipJ3kVWgnojHZhueoWRP7QM4mt8tTKeEshFAbQ@mail.gmail.com>
 <13E07909-6D05-4FFB-97F5-845421FD0C57@lavery-griffiths.com>
In-Reply-To: <13E07909-6D05-4FFB-97F5-845421FD0C57@lavery-griffiths.com>
From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernape@freebsd.org>
Date: Tue, 17 Jan 2023 22:13:53 +0100
X-Gmail-Original-Message-ID: <CAGwOe2aCwZkc5au6C=ppePuhc7+LLSb+S+u5w+=TThe3hRjp-Q@mail.gmail.com>
Message-ID: <CAGwOe2aCwZkc5au6C=ppePuhc7+LLSb+S+u5w+=TThe3hRjp-Q@mail.gmail.com>
Subject: Re: www/gohugo needs a new maintainer - and how to stop maintaining Ports?
To: Ben Lavery-Griffiths <ben@lavery-griffiths.com>
Cc: Sergio Carlavilla <carlavilla@freebsd.org>, Gabriel Dutra <0xdutra@gmail.com>, 
	FreeBSD Mailing List <freebsd-ports@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000012cce805f27c2edd"
X-Spamd-Result: default: False [-1.97 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.97)[-0.974];
	FORGED_SENDER(0.30)[fernape@freebsd.org,fernandoapesteguia@gmail.com];
	R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[freebsd.org];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[209.85.208.180:from,209.85.167.50:received];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	RCPT_COUNT_THREE(0.00)[4];
	ARC_NA(0.00)[];
	RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.208.180:from];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	TO_DN_ALL(0.00)[];
	RCVD_COUNT_THREE(0.00)[4];
	FROM_HAS_DN(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	FROM_NEQ_ENVFROM(0.00)[fernape@freebsd.org,fernandoapesteguia@gmail.com];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
	TAGGED_FROM(0.00)[];
	FREEMAIL_CC(0.00)[freebsd.org,gmail.com]
X-Rspamd-Queue-Id: 4NxM8K3Q3vz42F7
X-Spamd-Bar: -
X-ThisMailContainsUnwantedMimeParts: N

--00000000000012cce805f27c2edd
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

El mar., 17 ene. 2023 21:18, Ben Lavery-Griffiths <ben@lavery-griffiths.com=
>
escribi=C3=B3:

> Awesome! Glad you both offered and came to an agreement!
>
> Would you like me to submit the change to bugzilla? Or would you rather
> raise a bug and I can approve it?
>

We crossed mails :-)


> Sent from a mobile device.
>
> > On 17 Jan 2023, at 19:12, Sergio Carlavilla <carlavilla@freebsd.org>
> wrote:
> >
> > =EF=BB=BFOn Tue, 17 Jan 2023 at 17:09, Gabriel Dutra <0xdutra@gmail.com=
> wrote:
> >>
> >> Hi, I'm interested in maintain the port.
> >>
> >>
> >> Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla <
> carlavilla@freebsd.org> escreveu:
> >>>
> >>> El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths <
> ben@lavery-griffiths.com> escribi=C3=B3:
> >>>>
> >>>> Hello all,
> >>>>
> >>>> It is with sadness that I find myself with no time or headspace to
> continue maintaining www/gohugo and sysutils/zfs-snap-diff.
> >>>>
> >>>> My understanding is that I should be able to update the MAINTAINER
> field to something so I am no longer the listed maintainer - but what do =
I
> need to update it to?
> >>>>
> >>>> Also, because the FreeBSD docs project uses www/gohugo to build the
> website (and other things?) I don't want to leave the Port without a
> maintainer, so would love to support someone taking over the maintainersh=
ip
> of it!
> >>>>
> >>>> I have CC'd Fernando and Sergio as they contacted me a couple of
> years ago in relation to FreeBSD being used for the website and I think i=
t
> is right to keep them in the loop of any developments :)
> >>>>
> >>>> Many thanks!
> >>>> Ben
> >>>>
> >>>>
> >>>
> >>>
> >>> Hi Ben,
> >>>
> >>> First of all, thanks for helping us with Hugo :)
> >>>
> >>> And yes, we're using Hugo to build the website and the documentation.
> >>>
> >>> I'll try to maintain gohugo since we're using it.
> >>>
> >>> Bye!
> >
> > Sure Gabriel!
>
>

--00000000000012cce805f27c2edd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div><br><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">El mar., 17 ene. 2023 21:18, Ben Lavery-Griffiths &lt;=
<a href=3D"mailto:ben@lavery-griffiths.com">ben@lavery-griffiths.com</a>&gt=
; escribi=C3=B3:<br></div><blockquote class=3D"gmail_quote" style=3D"margin=
:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Awesome! Glad you =
both offered and came to an agreement!<br>
<br>
Would you like me to submit the change to bugzilla? Or would you rather rai=
se a bug and I can approve it?<br></blockquote></div></div><div dir=3D"auto=
"><br></div><div dir=3D"auto">We crossed mails :-)</div><div dir=3D"auto"><=
br></div><div dir=3D"auto"><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
left:1ex">
<br>
Sent from a mobile device.<br>
<br>
&gt; On 17 Jan 2023, at 19:12, Sergio Carlavilla &lt;<a href=3D"mailto:carl=
avilla@freebsd.org" target=3D"_blank" rel=3D"noreferrer">carlavilla@freebsd=
.org</a>&gt; wrote:<br>
&gt; <br>
&gt; =EF=BB=BFOn Tue, 17 Jan 2023 at 17:09, Gabriel Dutra &lt;<a href=3D"ma=
ilto:0xdutra@gmail.com" target=3D"_blank" rel=3D"noreferrer">0xdutra@gmail.=
com</a>&gt; wrote:<br>
&gt;&gt; <br>
&gt;&gt; Hi, I&#39;m interested in maintain the port.<br>
&gt;&gt; <br>
&gt;&gt; <br>
&gt;&gt; Em ter, 17 de jan de 2023 13:03, Sergio Carlavilla &lt;<a href=3D"=
mailto:carlavilla@freebsd.org" target=3D"_blank" rel=3D"noreferrer">carlavi=
lla@freebsd.org</a>&gt; escreveu:<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; El mar., 17 ene. 2023 16:58, Ben Lavery-Griffiths &lt;<a href=
=3D"mailto:ben@lavery-griffiths.com" target=3D"_blank" rel=3D"noreferrer">b=
en@lavery-griffiths.com</a>&gt; escribi=C3=B3:<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; Hello all,<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; It is with sadness that I find myself with no time or head=
space to continue maintaining www/gohugo and sysutils/zfs-snap-diff.<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; My understanding is that I should be able to update the MA=
INTAINER field to something so I am no longer the listed maintainer - but w=
hat do I need to update it to?<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; Also, because the FreeBSD docs project uses www/gohugo to =
build the website (and other things?) I don&#39;t want to leave the Port wi=
thout a maintainer, so would love to support someone taking over the mainta=
inership of it!<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; I have CC&#39;d Fernando and Sergio as they contacted me a=
 couple of years ago in relation to FreeBSD being used for the website and =
I think it is right to keep them in the loop of any developments :)<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; Many thanks!<br>
&gt;&gt;&gt;&gt; Ben<br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt;&gt; <br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; Hi Ben,<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; First of all, thanks for helping us with Hugo :)<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; And yes, we&#39;re using Hugo to build the website and the doc=
umentation.<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; I&#39;ll try to maintain gohugo since we&#39;re using it.<br>
&gt;&gt;&gt; <br>
&gt;&gt;&gt; Bye!<br>
&gt; <br>
&gt; Sure Gabriel!<br>
<br>
</blockquote></div></div></div>

--00000000000012cce805f27c2edd--

From nobody Wed Jan 18 15:47:47 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NxqsJ2dMnz2yCp5
	for <ports@mlmmj.nyi.freebsd.org>; Wed, 18 Jan 2023 15:47:48 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NxqsJ0Gqpz4ZQy
	for <ports@freebsd.org>; Wed, 18 Jan 2023 15:47:48 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674056868;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YJilrKaBXXDQPenYVVPFrBEuD5yhTVzOgSqqhc22ots=;
	b=JHsbXCIIhVwxK2ACKcPz8gik6badVwyKIU5koNkjrpqo+j4ho9rsYk5wsnC0HnS8kmfNce
	PszdKS+pFfF/J4WvvbEsfDCw953rIdHU1R2/CmdVvlFyF+xrwECmbnvIDrmH6uLZdjrKSP
	pMV3Q9xbtSrNks835COdIHKe4u8Ysk/FwOMdWVDZFnWWAJOkFa2+IW2dywg3kOjgl9CcOV
	e+HQyG845mliy9NTKcN9K78x0PvGi8CUYku7g1T4ed4ftDBZ0n4KdGgyWDDBWBV7RaKVOn
	g0eKxpbpVw9+X4yE1IKkf60KYjpUEq4Udneqrp1gmomq0EpR+xuPSzIEEYi0wg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674056868; a=rsa-sha256; cv=none;
	b=OYLIFSmQSv8V7hOfIxpHfoEvIIEU8+vpQNw/D1koKWgqk9vjEJO0t7Wx3FENf78jujeeMb
	2xAVGLE1VvCoM6QGXn73gRGbG4UiaiRhOlZ9CA/UkoQGzWHoe3wD6IScmuW3Lhc3VmO/7B
	owkiJo/t1OGQjcfxdvPszffoPppwBC9EwIcT0d9wRl0I/5hHgzBprykCoVDmRQO+PUAOMB
	F8VnBpcQCwwS1qCqpekgiSQBEP0qzKjGvBDfv44YGL/bzaeI+S5j5YfY6F2Eym1upZkH8z
	I955DEd540HKuCu04vxhHJOwxUAir5HVB1PPrt5Iz7Pz5+0QhyK7IGkUsadtLg==
Received: from portscout.nyi.freebsd.org (portscout.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NxqsH5Hp3zGw7
	for <ports@freebsd.org>; Wed, 18 Jan 2023 15:47:47 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from portscout.nyi.freebsd.org ([127.0.1.10])
	by portscout.nyi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30IFllhk081299
	for <ports@freebsd.org>; Wed, 18 Jan 2023 15:47:47 GMT
	(envelope-from portscout@FreeBSD.org)
Received: (from portscout@localhost)
	by portscout.nyi.freebsd.org (8.15.2/8.15.2/Submit) id 30IFllKj081298;
	Wed, 18 Jan 2023 15:47:47 GMT
	(envelope-from portscout@FreeBSD.org)
Message-Id: <202301181547.30IFllKj081298@portscout.nyi.freebsd.org>
X-Authentication-Warning: portscout.nyi.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Date: Wed, 18 Jan 2023 15:47:47 +0000
From: portscout@FreeBSD.org
To: ports@freebsd.org
Subject: Unmaintained FreeBSD ports which are out of date
X-Mailer: portscout/0.8.1
X-ThisMailContainsUnwantedMimeParts: N

Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/ports@freebsd.org.html


Port                                            | Current version | New version
------------------------------------------------+-----------------+------------
cad/ifcopenshell                                | 0.6.0           | blenderbim-230118
------------------------------------------------+-----------------+------------
databases/rocksdb-lite                          | 7.2.2           | v7.9.2
------------------------------------------------+-----------------+------------
devel/py-archinfo                               | 9.0.5405        | v9.2.34
------------------------------------------------+-----------------+------------
devel/py-cle                                    | 9.0.5405        | v9.2.34
------------------------------------------------+-----------------+------------
math/py-claripy                                 | 9.0.5405        | v9.2.34
------------------------------------------------+-----------------+------------
security/py-ailment                             | 9.0.5405        | v9.2.34
------------------------------------------------+-----------------+------------
security/py-angr                                | 9.0.5405        | v9.2.34
------------------------------------------------+-----------------+------------
security/py-pyvex                               | 9.0.5405        | v9.2.34
------------------------------------------------+-----------------+------------


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:    portscout!

From nobody Thu Jan 19 10:23:25 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyJdB75Dsz2sWDl
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 10:23:58 +0000 (UTC)
	(envelope-from web@3dresearch.com)
Received: from smtpg.telissant.net (smtpg.telissant.net [104.225.1.73])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyJd96m9Tz4GPL
	for <ports@FreeBSD.org>; Thu, 19 Jan 2023 10:23:57 +0000 (UTC)
	(envelope-from web@3dresearch.com)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of web@3dresearch.com designates 104.225.1.73 as permitted sender) smtp.mailfrom=web@3dresearch.com;
	dmarc=none
Received: from sacada.3dresearch.com (localhost [127.0.0.1])
	by smtpg.telissant.net (Postfix) with ESMTP id 4NyJd30rysz2DcfJ
	for <ports@FreeBSD.org>; Thu, 19 Jan 2023 05:23:51 -0500 (EST)
X-Virus-Scanned: amavisd-new at telissant.net
Received: from smtpg.telissant.net ([127.0.0.1])
	by sacada.3dresearch.com (sacada.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Kmxzp9Ai565F for <ports@freebsd.org>;
	Thu, 19 Jan 2023 05:23:50 -0500 (EST)
Received: from elettra.3dresearch.com (unknown [71.112.243.40])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: elettra@sacada.3dresearch.com)
	by smtpg.telissant.net (Postfix) with ESMTPSA id 4NyJd20Rwcz2DcSy
	for <ports@FreeBSD.org>; Thu, 19 Jan 2023 05:23:50 -0500 (EST)
Received: from elettra.3dresearch.com (localhost [127.0.0.1])
	by elettra.3dresearch.com (Postfix) with SMTP id 4CEF85BFA4
	for <ports@FreeBSD.org>; Thu, 19 Jan 2023 05:23:49 -0500 (EST)
Date: Thu, 19 Jan 2023 05:23:25 -0500
From: Janos Dohanics <web@3dresearch.com>
To: ports@FreeBSD.org
Subject: Error building devel/ninja
Message-Id: <20230119052325.aabddc504ae315d3bb3e9367@3dresearch.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-0.79 / 15.00];
	ENVFROM_SERVICE_ACCT(1.00)[];
	FROM_SERVICE_ACCT(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.995];
	MV_CASE(0.50)[];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	ASN(0.00)[asn:36236, ipnet:104.225.1.0/24, country:US];
	FROM_EQ_ENVFROM(0.00)[];
	R_DKIM_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[ports@FreeBSD.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_TLS_LAST(0.00)[];
	RCVD_COUNT_FIVE(0.00)[5];
	ARC_NA(0.00)[];
	DMARC_NA(0.00)[3dresearch.com];
	FROM_HAS_DN(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4NyJd96m9Tz4GPL
X-Spamd-Bar: /
X-ThisMailContainsUnwantedMimeParts: N

Hello,

The system is FreeBSD 13.1-STABLE #0 3f908eed2:

# make
===>  License APACHE20 accepted by the user
===>   ninja-1.11.1,2 depends on file: /usr/local/sbin/pkg - found
=> ninja-build-ninja-v1.11.1_GH0.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch https://codeload.github.com/ninja-build/ninja/tar.gz/v1.11.1?dummy=/ninja-build-ninja-v1.11.1_GH0.tar.gz
fetch: https://codeload.github.com/ninja-build/ninja/tar.gz/v1.11.1?dummy=/ninja-build-ninja-v1.11.1_GH0.tar.gz: size unknown
fetch: https://codeload.github.com/ninja-build/ninja/tar.gz/v1.11.1?dummy=/ninja-build-ninja-v1.11.1_GH0.tar.gz: size of remote file is not known
ninja-build-ninja-v1.11.1_GH0.tar.gz                   224 kB 4376 kBps    00s
===> Fetching all distfiles required by ninja-1.11.1,2 for building
===>  Extracting for ninja-1.11.1,2
=> SHA256 Checksum OK for ninja-build-ninja-v1.11.1_GH0.tar.gz.
===>  Patching for ninja-1.11.1,2
===>   ninja-1.11.1,2 depends on file: /usr/local/bin/python3.9 - found
===>  Configuring for ninja-1.11.1,2
===>  Building for ninja-1.11.1,2
bootstrapping ninja...
Error in argument 4, char 1: no argument for option -
usage: re2c [-bcdDefFghirsuvVwx18] [-o of] [-t th] file

-? -h  --help           Display this info.

-b     --bit-vectors    Implies -s. Use bit vectors as well in the attempt to
                        coax better code out of the compiler. Most useful for
                        specifications with more than a few keywords (e.g. for
                        most programming languages).

-c     --conditions     Require start conditions.

-d     --debug-output   Creates a parser that dumps information during
                        about the current position and in which state the
                        parser is.

-D     --emit-dot       Emit a Graphviz dot view of the DFA graph

-e     --ecb            Generate a parser that supports EBCDIC. The generated code
                        can deal with any character up to 0xFF. In this mode re2c
                        assumes that input character size is 1 byte. This switch is
                        incompatible with -w, -u, -x and -8

-f     --storable-state Generate a scanner that supports storable states.

-F     --flex-syntax    Partial support for flex syntax.

-g     --computed-gotos Implies -b. Generate computed goto code (only useable
                        with gcc).

-i     --no-debug-info  Do not generate '#line' info (usefull for versioning).

-o of  --output=of      Specify the output file (of) instead of stdout

-r     --reusable       Allow reuse of scanner definitions.

-s     --nested-ifs     Generate nested ifs for some switches. Many compilers
                        need this assist to generate better code.

-t th  --type-header=th Generate a type header file (th) with type definitions.

-u     --unicode        Generate a parser that supports UTF-32. The generated code
                        can deal with any valid Unicode character up to 0x10FFFF.
                        In this mode re2c assumes that input character size is 4 bytes.
                        This switch is incompatible with -e, -w, -x and -8. It implies -s.

-v     --version        Show version information.

-V     --vernum         Show version as one number.

-w     --wide-chars     Generate a parser that supports UCS-2. The generated code can
                        deal with any valid Unicode character up to 0xFFFF. In this mode
                        re2c assumes that input character size is 2 bytes. This switch is
                        incompatible with -e, -x, -u and -8. It implies -s.
-x     --utf-16         Generate a parser that supports UTF-16. The generated code can
                        deal with any valid Unicode character up to 0x10FFFF. In this mode
                        re2c assumes that input character size is 2 bytes. This switch is
                        incompatible with -e, -w, -u and -8. It implies -s.
-8     --utf-8          Generate a parser that supports UTF-8. The generated code can
                        deal with any valid Unicode character up to 0x10FFFF. In this mode
                        re2c assumes that input character size is 1 byte. This switch is
                        incompatible with -e, -w, -x and -u.
-1     --single-pass    Force single pass generation, this cannot be combined
                        with -f and disables YYMAXFILL generation prior to last
                        re2c block.

--no-generation-date    Suppress date output in the generated output so that it
                        only shows the re2c version.

--case-insensitive      All strings are case insensitive, so all "-expressions
                        are treated in the same way '-expressions are.

--case-inverted         Invert the meaning of single and double quoted strings.
                        With this switch single quotes are case sensitive and
                        double quotes are case insensitive.

--encoding-policy ep    Specify what re2c should do when given bad code unit.
                        ep can be one of the following: fail, substitute, ignore.

--input i               Specify re2c input API.
                        i can be one of the following: default, custom.
when running:  re2c -b -i --no-generation-date --no-version -o ./src/depfile_parser.cc ./src/depfile_parser.in.cc
Traceback (most recent call last):
  File "/usr/ports/devel/ninja/work/ninja-1.11.1/configure.py", line 485, in <module>
    n.build(src('depfile_parser.cc'), 're2c', src('depfile_parser.in.cc'))
  File "/usr/ports/devel/ninja/work/ninja-1.11.1/configure.py", line 169, in build
    self._run_command(self._expand(cmd, local_vars))
  File "/usr/ports/devel/ninja/work/ninja-1.11.1/configure.py", line 194, in _run_command
    subprocess.check_call(cmdline, shell=True)
  File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command 're2c -b -i --no-generation-date --no-version -o ./src/depfile_parser.cc ./src/depfile_parser.in.cc' returned non-zero exit status 2.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/devel/ninja
*** Error code 1

Stop.
make: stopped in /usr/ports/devel/ninja

Would you please advise?

-- 
Janos Dohanics

From nobody Thu Jan 19 11:13:48 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyKks3mpZz2scjJ;
	Thu, 19 Jan 2023 11:13:57 +0000 (UTC)
	(envelope-from list_freebsd@bluerosetech.com)
Received: from echo.brtsvcs.net (echo.brtsvcs.net [IPv6:2607:f740:c::4ae])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyKkr47TQz4KM4;
	Thu, 19 Jan 2023 11:13:56 +0000 (UTC)
	(envelope-from list_freebsd@bluerosetech.com)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of list_freebsd@bluerosetech.com designates 2607:f740:c::4ae as permitted sender) smtp.mailfrom=list_freebsd@bluerosetech.com;
	dmarc=none
Received: from chombo.houseloki.net (65-100-43-2.dia.static.qwest.net [65.100.43.2])
	by echo.brtsvcs.net (Postfix) with ESMTPS id B567338D0B;
	Thu, 19 Jan 2023 11:13:49 +0000 (UTC)
Received: from [10.26.25.100] (ivy.pas.ds.pilgrimaccounting.com [10.26.25.100])
	by chombo.houseloki.net (Postfix) with ESMTPSA id 128BA24A59;
	Thu, 19 Jan 2023 03:13:49 -0800 (PST)
To: freebsd-security@freebsd.org, freebsd-ports@freebsd.org
From: Mel Pilgrim <list_freebsd@bluerosetech.com>
Subject: Can security/ca_root_nss be retired?
Message-ID: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
Date: Thu, 19 Jan 2023 03:13:48 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-2.22 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-0.998];
	NEURAL_HAM_SHORT(-0.92)[-0.924];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	ASN(0.00)[asn:36236, ipnet:2607:f740:c::/48, country:US];
	R_DKIM_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org,freebsd-security@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	DMARC_NA(0.00)[bluerosetech.com];
	MID_RHS_MATCH_FROM(0.00)[];
	ARC_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FROM_HAS_DN(0.00)[];
	TO_DN_NONE(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_ALL(0.00)[]
X-Rspamd-Queue-Id: 4NyKkr47TQz4KM4
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Given /usr/share/certs exists for all supported releases, is there any 
reason to keep the ca_root_nss port?

From nobody Thu Jan 19 12:08:01 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyLxT3TjFz2sl5y
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 12:08:13 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyLxS18Q4z4Pkb
	for <ports@freebsd.org>; Thu, 19 Jan 2023 12:08:11 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp;
	dmarc=none
Received: from kalamity.joker.local (123-1-88-210.area1b.commufa.jp [123.1.88.210])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 30JC81NP007564
	for <ports@freebsd.org>; Thu, 19 Jan 2023 21:08:01 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Thu, 19 Jan 2023 21:08:01 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-Id: <20230119210801.97b4eef4e21b96d40721b31a@dec.sakura.ne.jp>
In-Reply-To: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [-0.57 / 15.00];
	AUTH_NA(1.00)[];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	NEURAL_HAM_MEDIUM(-0.97)[-0.969];
	MV_CASE(0.50)[];
	MIME_GOOD(-0.10)[text/plain];
	FROM_EQ_ENVFROM(0.00)[];
	R_DKIM_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	RCVD_COUNT_TWO(0.00)[2];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[sakura.ne.jp];
	HAS_ORG_HEADER(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]
X-Rspamd-Queue-Id: 4NyLxS18Q4z4Pkb
X-Spamd-Bar: /
X-ThisMailContainsUnwantedMimeParts: N

On Thu, 19 Jan 2023 03:13:48 -0800
Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:

> Given /usr/share/certs exists for all supported releases, is there any 
> reason to keep the ca_root_nss port?

If everyone in the world uses LATEST main only, yes.
But the assumption is clearly nonsense.

Basically, commits to main are settled a while before MFC to stable
branches, and MFS to releng branches needs additional settling days.

If any certs happened to be non-reliable, this delay can cause, at
worst, catastorphic scenario.

If updates to certs are always promised to be "MFC after: now" and
committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.

If not, keeping ca_root_nss port and updated ASAP with upstream should
be mandatory.

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Thu Jan 19 13:58:12 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyPNY6TpRz2t0xq
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 13:58:21 +0000 (UTC)
	(envelope-from list_freebsd@bluerosetech.com)
Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyPNY1dJCz3LK5
	for <ports@freebsd.org>; Thu, 19 Jan 2023 13:58:21 +0000 (UTC)
	(envelope-from list_freebsd@bluerosetech.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from chombo.houseloki.net (65-100-43-2.dia.static.qwest.net [65.100.43.2])
	by echo.brtsvcs.net (Postfix) with ESMTPS id EE05A38D0B;
	Thu, 19 Jan 2023 13:58:13 +0000 (UTC)
Received: from [10.26.25.100] (ivy.pas.ds.pilgrimaccounting.com [10.26.25.100])
	by chombo.houseloki.net (Postfix) with ESMTPSA id 9787024B5A;
	Thu, 19 Jan 2023 05:58:13 -0800 (PST)
Subject: Re: Can security/ca_root_nss be retired?
To: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <20230119210801.97b4eef4e21b96d40721b31a@dec.sakura.ne.jp>
From: Mel Pilgrim <list_freebsd@bluerosetech.com>
Message-ID: <c62f8ea6-fc70-055f-b2e9-9fd5afc19622@bluerosetech.com>
Date: Thu, 19 Jan 2023 05:58:12 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
In-Reply-To: <20230119210801.97b4eef4e21b96d40721b31a@dec.sakura.ne.jp>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4NyPNY1dJCz3LK5
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:36236, ipnet:208.111.40.0/24, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On 2023-01-19 4:08, Tomoaki AOKI wrote:
> On Thu, 19 Jan 2023 03:13:48 -0800
> Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
> 
>> Given /usr/share/certs exists for all supported releases, is there any
>> reason to keep the ca_root_nss port?
> 
> If everyone in the world uses LATEST main only, yes.
> But the assumption is clearly nonsense.
> 
> Basically, commits to main are settled a while before MFC to stable
> branches, and MFS to releng branches needs additional settling days.
> 
> If any certs happened to be non-reliable, this delay can cause, at
> worst, catastorphic scenario.
> 
> If updates to certs are always promised to be "MFC after: now" and
> committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.
> 
> If not, keeping ca_root_nss port and updated ASAP with upstream should
> be mandatory.

If ca_root_nss delivered the certs in the same format, sure, but that 
monolithic file makes installing private CAs a hassle.

I wonder if the script secteam uses to update the trust store in the src 
tree could be turned into a periodic script that automatically updates 
the trust store?  Side-step the release engineering delay entirely by 
turning trust store updates into a user task.


From nobody Thu Jan 19 16:04:49 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NySBV3spnz2v18v
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 16:04:50 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NySBV1JX2z3nhD
	for <ports@freebsd.org>; Thu, 19 Jan 2023 16:04:50 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674144290;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=G7lNUi0pZdBLvtLDgJUCxghtYEKkIBoMIaBX+6JMU48=;
	b=XlPwdbhDPTefxnpUZUWzp3tR4Uuv+T1qb5rN+PE0HCxxadQpSZK2D0ojw6O3xoT2J8W0B8
	+1ILnmIGhS5+UH1F3huU5dqqfYN5FPt04m8rMIBnekewSHvptndBycPsGsfg92nwc1KFz6
	Ci7LRolD5wdVSal3dWPwBBMFc4YoFZLZrkOaPhUdLL00lnKkh1ycoEWfUfOIkdGl+9Tq8f
	vW9XONJAcGbs8aC2HTSVP6ob95lAV0oXUfFIP6Ic41u6mi7ctfZJrrvcN7KR6g62Z/gcBo
	1DL/VzkhwyTJxcIOR/ZDrHxGXXjc1VnZvywD7MiXJFdNbPpM6QvpevYYYKwPYg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674144290; a=rsa-sha256; cv=none;
	b=mW96FfAPS96ZlyMQRsnvmiGo1PA1RDMsGSUpfINMm9CimQaiXXeJ0pPm8pPHanXDtBCq+R
	PiQeG1/mGTfYJK4nKWKvE0zD/PbLvxrvOa7FhRqGwmQET73eX6Afo1wkceEFojNpZQiR4v
	+5iSPDszVOdvOLCETQUNp5UzrrMOnozRFE9DaZQiqAsMrYh2C0fQ3CqvELM/LdGmTVkhhd
	f3VzGH2mh2gJ+ykBiIOrHyGMvc6d9OlFUf8J1lIQmZDd3pIBl0zLuSCALM6z8jNJN4laxn
	HHQqOELH7ixANA/9vpHkVi5MZzJq1dilSpHgcEkFKFS0K/n6NtGVQpT7h//N4g==
Received: from portscout.nyi.freebsd.org (portscout.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NySBV0G2xzwvR
	for <ports@freebsd.org>; Thu, 19 Jan 2023 16:04:50 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from portscout.nyi.freebsd.org ([127.0.1.10])
	by portscout.nyi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30JG4nr7085235
	for <ports@freebsd.org>; Thu, 19 Jan 2023 16:04:49 GMT
	(envelope-from portscout@FreeBSD.org)
Received: (from portscout@localhost)
	by portscout.nyi.freebsd.org (8.15.2/8.15.2/Submit) id 30JG4n7p085234;
	Thu, 19 Jan 2023 16:04:49 GMT
	(envelope-from portscout@FreeBSD.org)
Message-Id: <202301191604.30JG4n7p085234@portscout.nyi.freebsd.org>
X-Authentication-Warning: portscout.nyi.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Date: Thu, 19 Jan 2023 16:04:49 +0000
From: portscout@FreeBSD.org
To: ports@freebsd.org
Subject: Unmaintained FreeBSD ports which are out of date
X-Mailer: portscout/0.8.1
X-ThisMailContainsUnwantedMimeParts: N

Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/ports@freebsd.org.html


Port                                            | Current version | New version
------------------------------------------------+-----------------+------------
editors/editorconfig-core-c                     | 0.12.5          | v0.12.6
------------------------------------------------+-----------------+------------
graphics/evolvotron                             | 0.7.1           | 0.8.0
------------------------------------------------+-----------------+------------


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:    portscout!

From eugen@grosbein.net Thu Jan 19 17:04:21 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyTWd2qTJz2v7ym;
	Thu, 19 Jan 2023 17:04:45 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyTWd0DWyz3tkQ;
	Thu, 19 Jan 2023 17:04:44 +0000 (UTC)
	(envelope-from eugen@grosbein.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged))
	by hz.grosbein.net (8.16.1/8.16.1) with ESMTPS id 30JH4VYW068941
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 19 Jan 2023 17:04:31 GMT
	(envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: list_freebsd@bluerosetech.com
Received: from [10.58.0.11] (dadvw [10.58.0.11] (may be forged))
	by eg.sd.rdtc.ru (8.16.1/8.16.1) with ESMTPS id 30JH4T2t002618
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT);
	Fri, 20 Jan 2023 00:04:30 +0700 (+07)
	(envelope-from eugen@grosbein.net)
Subject: Re: Can security/ca_root_nss be retired?
To: Mel Pilgrim <list_freebsd@bluerosetech.com>, freebsd-security@freebsd.org,
        freebsd-ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
Date: Fri, 20 Jan 2023 00:04:21 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
In-Reply-To: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
	autolearn=disabled version=3.4.6
X-Spam-Report: 
	* -0.0 SHORTCIRCUIT No description available.
	* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on hz.grosbein.net
X-Rspamd-Queue-Id: 4NyTWd0DWyz3tkQ
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

19.01.2023 18:13, Mel Pilgrim wrote:

> Given /usr/share/certs exists for all supported releases, is there any reason to keep the ca_root_nss port?

Single port may be updates more frequently and easily than base system.



From nobody Thu Jan 19 22:09:31 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NycHQ1jSXz2spvF
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 22:09:38 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NycHN4Tqjz4K8M
	for <ports@freebsd.org>; Thu, 19 Jan 2023 22:09:36 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp;
	dmarc=none
Received: from kalamity.joker.local (123-1-88-210.area1b.commufa.jp [123.1.88.210])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 30JM9Wrh081109
	for <ports@freebsd.org>; Fri, 20 Jan 2023 07:09:32 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Fri, 20 Jan 2023 07:09:31 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-Id: <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp>
In-Reply-To: <c62f8ea6-fc70-055f-b2e9-9fd5afc19622@bluerosetech.com>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
	<20230119210801.97b4eef4e21b96d40721b31a@dec.sakura.ne.jp>
	<c62f8ea6-fc70-055f-b2e9-9fd5afc19622@bluerosetech.com>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [0.25 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	AUTH_NA(1.00)[];
	NEURAL_HAM_SHORT(-0.99)[-0.986];
	NEURAL_HAM_MEDIUM(-0.98)[-0.976];
	MV_CASE(0.50)[];
	NEURAL_HAM_LONG(-0.19)[-0.189];
	MIME_GOOD(-0.10)[text/plain];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[sakura.ne.jp];
	HAS_ORG_HEADER(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4NycHN4Tqjz4K8M
X-Spamd-Bar: /
X-ThisMailContainsUnwantedMimeParts: N

On Thu, 19 Jan 2023 05:58:12 -0800
Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:

> On 2023-01-19 4:08, Tomoaki AOKI wrote:
> > On Thu, 19 Jan 2023 03:13:48 -0800
> > Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
> > 
> >> Given /usr/share/certs exists for all supported releases, is there any
> >> reason to keep the ca_root_nss port?
> > 
> > If everyone in the world uses LATEST main only, yes.
> > But the assumption is clearly nonsense.
> > 
> > Basically, commits to main are settled a while before MFC to stable
> > branches, and MFS to releng branches needs additional settling days.
> > 
> > If any certs happened to be non-reliable, this delay can cause, at
> > worst, catastorphic scenario.
> > 
> > If updates to certs are always promised to be "MFC after: now" and
> > committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.
> > 
> > If not, keeping ca_root_nss port and updated ASAP with upstream should
> > be mandatory.
> 
> If ca_root_nss delivered the certs in the same format, sure, but that 
> monolithic file makes installing private CAs a hassle.
> 
> I wonder if the script secteam uses to update the trust store in the src 
> tree could be turned into a periodic script that automatically updates 
> the trust store?  Side-step the release engineering delay entirely by 
> turning trust store updates into a user task.

With the approach, how can we avoid man-in-the-middle attack or
something?

Ports framework has checksum to avoid it, unless local admins
intentionally disable it.

Maybe adding a script to
 *Check if /usr/local/share/certs/ca-root-nss.crt is updated or not.
 *Extract individual certs from ca-root-nss.crt and update trust store.
 *Record current timestamp and hash of ca-root-nss.crt for next run.
into ca-root-nss port, which can be run from cron or by hand, is needed?


-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Thu Jan 19 22:16:46 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NycRk42M6z2sqc7
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 22:16:50 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.evolve.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NycRj5XYLz4L2Y
	for <ports@freebsd.org>; Thu, 19 Jan 2023 22:16:49 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTP id 4205919f;
	Thu, 19 Jan 2023 22:16:47 +0000 (UTC)
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTPSA id 17955d04 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Thu, 19 Jan 2023 22:16:47 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0 (1.0)
Subject: Re: Can security/ca_root_nss be retired?
From: Michael Gmelin <grembo@freebsd.org>
In-Reply-To: <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp>
Date: Thu, 19 Jan 2023 23:16:46 +0100
Cc: ports@freebsd.org
Message-Id: <7F3E8043-D985-4BC4-97B9-1FF7BA2E54C1@freebsd.org>
References: <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp>
To: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
X-Mailer: iPhone Mail (20B110)
X-Rspamd-Queue-Id: 4NycRj5XYLz4L2Y
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N



> On 19. Jan 2023, at 23:09, Tomoaki AOKI <junchoon@dec.sakura.ne.jp> wrote:=

>=20
> =EF=BB=BFOn Thu, 19 Jan 2023 05:58:12 -0800
> Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>=20
>>> On 2023-01-19 4:08, Tomoaki AOKI wrote:
>>> On Thu, 19 Jan 2023 03:13:48 -0800
>>> Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>>>=20
>>>> Given /usr/share/certs exists for all supported releases, is there any
>>>> reason to keep the ca_root_nss port?
>>>=20
>>> If everyone in the world uses LATEST main only, yes.
>>> But the assumption is clearly nonsense.
>>>=20
>>> Basically, commits to main are settled a while before MFC to stable
>>> branches, and MFS to releng branches needs additional settling days.
>>>=20
>>> If any certs happened to be non-reliable, this delay can cause, at
>>> worst, catastorphic scenario.
>>>=20
>>> If updates to certs are always promised to be "MFC after: now" and
>>> committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.
>>>=20
>>> If not, keeping ca_root_nss port and updated ASAP with upstream should
>>> be mandatory.
>>=20
>> If ca_root_nss delivered the certs in the same format, sure, but that=20
>> monolithic file makes installing private CAs a hassle.
>>=20
>> I wonder if the script secteam uses to update the trust store in the src=20=

>> tree could be turned into a periodic script that automatically updates=20=

>> the trust store?  Side-step the release engineering delay entirely by=20
>> turning trust store updates into a user task.
>=20
> With the approach, how can we avoid man-in-the-middle attack or
> something?
>=20
> Ports framework has checksum to avoid it, unless local admins
> intentionally disable it.
>=20
> Maybe adding a script to
> *Check if /usr/local/share/certs/ca-root-nss.crt is updated or not.
> *Extract individual certs from ca-root-nss.crt and update trust store.
> *Record current timestamp and hash of ca-root-nss.crt for next run.
> into ca-root-nss port, which can be run from cron or by hand, is needed?
>=20

Whatever we do, let=E2=80=99s make sure we don=E2=80=99t break existing setu=
ps - this needs to be well coordinated. Personally, I don=E2=80=99t want to u=
pdate (and reboot) the OS in order to get a current list of trusted CAs (at l=
east as long as pkgbase isn=E2=80=99t mainstream this is an issue).

Michael



From nobody Thu Jan 19 22:38:27 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nycwl3QXnz2st4v
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 22:38:31 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nycwk33v4z4ML4
	for <ports@freebsd.org>; Thu, 19 Jan 2023 22:38:30 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp;
	dmarc=none
Received: from kalamity.joker.local (123-1-88-210.area1b.commufa.jp [123.1.88.210])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 30JMcRBS084743
	for <ports@freebsd.org>; Fri, 20 Jan 2023 07:38:27 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Fri, 20 Jan 2023 07:38:27 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-Id: <20230120073827.7928fdcebd0f7a914f7ea322@dec.sakura.ne.jp>
In-Reply-To: <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
	<56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [1.08 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	AUTH_NA(1.00)[];
	NEURAL_HAM_SHORT(-0.99)[-0.987];
	NEURAL_HAM_MEDIUM(-0.94)[-0.937];
	NEURAL_SPAM_LONG(0.60)[0.605];
	MV_CASE(0.50)[];
	MIME_GOOD(-0.10)[text/plain];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[sakura.ne.jp];
	HAS_ORG_HEADER(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4Nycwk33v4z4ML4
X-Spamd-Bar: +
X-ThisMailContainsUnwantedMimeParts: N

On Fri, 20 Jan 2023 00:04:21 +0700
Eugene Grosbein <eugen@grosbein.net> wrote:

> 19.01.2023 18:13, Mel Pilgrim wrote:
> 
> > Given /usr/share/certs exists for all supported releases, is there any reason to keep the ca_root_nss port?
> 
> Single port may be updates more frequently and easily than base system.

Exactly. ;-)

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Thu Jan 19 22:48:37 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyd8T5mH5z2svZP
	for <ports@mlmmj.nyi.freebsd.org>; Thu, 19 Jan 2023 22:48:41 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyd8S49F8z4NF8
	for <ports@freebsd.org>; Thu, 19 Jan 2023 22:48:40 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp;
	dmarc=none
Received: from kalamity.joker.local (123-1-88-210.area1b.commufa.jp [123.1.88.210])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 30JMmb35086069
	for <ports@freebsd.org>; Fri, 20 Jan 2023 07:48:38 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Fri, 20 Jan 2023 07:48:37 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-Id: <20230120074837.91ea14559a524f42a3719e3f@dec.sakura.ne.jp>
In-Reply-To: <7F3E8043-D985-4BC4-97B9-1FF7BA2E54C1@freebsd.org>
References: <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp>
	<7F3E8043-D985-4BC4-97B9-1FF7BA2E54C1@freebsd.org>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spamd-Result: default: False [0.50 / 15.00];
	AUTH_NA(1.00)[];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	NEURAL_HAM_MEDIUM(-0.95)[-0.951];
	MV_CASE(0.50)[];
	MIME_GOOD(-0.10)[text/plain];
	NEURAL_SPAM_LONG(0.05)[0.045];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	R_DKIM_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	R_SPF_NA(0.00)[no SPF record];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[sakura.ne.jp];
	HAS_ORG_HEADER(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]
X-Rspamd-Queue-Id: 4Nyd8S49F8z4NF8
X-Spamd-Bar: /
X-ThisMailContainsUnwantedMimeParts: N

On Thu, 19 Jan 2023 23:16:46 +0100
Michael Gmelin <grembo@freebsd.org> wrote:

> > On 19. Jan 2023, at 23:09, Tomoaki AOKI <junchoon@dec.sakura.ne.jp> wrote:
> > 
> > On Thu, 19 Jan 2023 05:58:12 -0800
> > Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
> > 
> >>> On 2023-01-19 4:08, Tomoaki AOKI wrote:
> >>> On Thu, 19 Jan 2023 03:13:48 -0800
> >>> Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
> >>> 
> >>>> Given /usr/share/certs exists for all supported releases, is there any
> >>>> reason to keep the ca_root_nss port?
> >>> 
> >>> If everyone in the world uses LATEST main only, yes.
> >>> But the assumption is clearly nonsense.
> >>> 
> >>> Basically, commits to main are settled a while before MFC to stable
> >>> branches, and MFS to releng branches needs additional settling days.
> >>> 
> >>> If any certs happened to be non-reliable, this delay can cause, at
> >>> worst, catastorphic scenario.
> >>> 
> >>> If updates to certs are always promised to be "MFC after: now" and
> >>> committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.
> >>> 
> >>> If not, keeping ca_root_nss port and updated ASAP with upstream should
> >>> be mandatory.
> >> 
> >> If ca_root_nss delivered the certs in the same format, sure, but that 
> >> monolithic file makes installing private CAs a hassle.
> >> 
> >> I wonder if the script secteam uses to update the trust store in the src 
> >> tree could be turned into a periodic script that automatically updates 
> >> the trust store?  Side-step the release engineering delay entirely by 
> >> turning trust store updates into a user task.
> > 
> > With the approach, how can we avoid man-in-the-middle attack or
> > something?
> > 
> > Ports framework has checksum to avoid it, unless local admins
> > intentionally disable it.
> > 
> > Maybe adding a script to
> > *Check if /usr/local/share/certs/ca-root-nss.crt is updated or not.
> > *Extract individual certs from ca-root-nss.crt and update trust store.
> > *Record current timestamp and hash of ca-root-nss.crt for next run.
> > into ca-root-nss port, which can be run from cron or by hand, is needed?
> > 
> 
> Whatever we do, let’s make sure we don’t break existing setups - this needs to be well coordinated. Personally, I don’t want to update (and reboot) the OS in order to get a current list of trusted CAs (at least as long as pkgbase isn’t mainstream this is an issue).
> 
> Michael

+1.
It's quite an important view point, too.

IMHO, certs bundled with base would be better minimalistic, include
certs only needed to download pkgs (including pkgbase), https access
to FreeBSD project servers (including git repo).
Any others would be better maintained as a port/pkg, which is mandated
to be installed by bsdinstall.

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Fri Jan 20 02:36:25 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NykCM2YtYz2v6nj
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 02:36:31 +0000 (UTC)
	(envelope-from list_freebsd@bluerosetech.com)
Received: from echo.brtsvcs.net (echo.brtsvcs.net [IPv6:2607:f740:c::4ae])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NykCM07g6z3jZg
	for <ports@freebsd.org>; Fri, 20 Jan 2023 02:36:30 +0000 (UTC)
	(envelope-from list_freebsd@bluerosetech.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from chombo.houseloki.net (65-100-43-2.dia.static.qwest.net [65.100.43.2])
	by echo.brtsvcs.net (Postfix) with ESMTPS id 61F2738D0D;
	Fri, 20 Jan 2023 02:36:26 +0000 (UTC)
Received: from [10.26.25.100] (ivy.pas.ds.pilgrimaccounting.com [10.26.25.100])
	by chombo.houseloki.net (Postfix) with ESMTPSA id 0BE8524DBE;
	Thu, 19 Jan 2023 18:36:26 -0800 (PST)
Subject: Re: Can security/ca_root_nss be retired?
To: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <20230119210801.97b4eef4e21b96d40721b31a@dec.sakura.ne.jp>
 <c62f8ea6-fc70-055f-b2e9-9fd5afc19622@bluerosetech.com>
 <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp>
From: Mel Pilgrim <list_freebsd@bluerosetech.com>
Message-ID: <7874b086-eb2f-ef79-f013-c840d4908018@bluerosetech.com>
Date: Thu, 19 Jan 2023 18:36:25 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.12.0
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
In-Reply-To: <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4NykCM07g6z3jZg
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:36236, ipnet:2607:f740:c::/48, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On 2023-01-19 14:09, Tomoaki AOKI wrote:
> On Thu, 19 Jan 2023 05:58:12 -0800
> Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>> I wonder if the script secteam uses to update the trust store in the src
>> tree could be turned into a periodic script that automatically updates
>> the trust store?  Side-step the release engineering delay entirely by
>> turning trust store updates into a user task.
> 
> With the approach, how can we avoid man-in-the-middle attack or
> something?

By using the root trust store already on the system.

> Ports framework has checksum to avoid it, unless local admins
> intentionally disable it.

The distinfo check only asserts that what the user downloaded is very 
likely the same as what the maintainer downloaded.  The makesum target 
enables SSL peer verification during the fetch phase, so ultimately the 
MitM-mitigation in the Ports System is just the root trust store.

> Maybe adding a script to
>   *Check if /usr/local/share/certs/ca-root-nss.crt is updated or not.
>   *Extract individual certs from ca-root-nss.crt and update trust store.
>   *Record current timestamp and hash of ca-root-nss.crt for next run.
> into ca-root-nss port, which can be run from cron or by hand, is needed?

Since that would only need to be run after the port gets updated, it 
makes sense to me that it should be part of the port's install process.

Is there a technical reason why the port can't, during the post-install 
target, create in /usr/local/share/certs/trusted and 
/usr/local/etc/ssl/certs the same structure as the in-base trust store?

From nobody Fri Jan 20 06:44:58 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyqkY74M1z2sfbv
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 06:45:25 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyqkX5Gllz4Gjq
	for <ports@freebsd.org>; Fri, 20 Jan 2023 06:45:24 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30K6ix0t092024
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 07:44:59 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30K6iwrO092005;
	Fri, 20 Jan 2023 07:44:58 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301200644.30K6iwrO092005@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <c62f8ea6-fc70-055f-b2e9-9fd5afc19622@bluerosetech.com> from Mel Pilgrim at "19 Jan 2023 05:58:12"
To: list_freebsd@bluerosetech.com (Mel Pilgrim)
Date: Fri, 20 Jan 2023 07:44:58 +0100 (CET)
Cc: junchoon@dec.sakura.ne.jp, ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 07:44:59 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.21 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.91)[-0.908];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	FROM_NO_DN(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCPT_COUNT_THREE(0.00)[3];
	DMARC_NA(0.00)[oldach.net];
	TO_DN_NONE(0.00)[];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4NyqkX5Gllz4Gjq
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Mel Pilgrim wrote on Thu, 19 Jan 2023 14:58:12 +0100 (CET):
> On 2023-01-19 4:08, Tomoaki AOKI wrote:
> > On Thu, 19 Jan 2023 03:13:48 -0800
> > Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
> > 
> >> Given /usr/share/certs exists for all supported releases, is there any
> >> reason to keep the ca_root_nss port?
> > 
> > If everyone in the world uses LATEST main only, yes.
> > But the assumption is clearly nonsense.
> > 
> > Basically, commits to main are settled a while before MFC to stable
> > branches, and MFS to releng branches needs additional settling days.
> > 
> > If any certs happened to be non-reliable, this delay can cause, at
> > worst, catastorphic scenario.
> > 
> > If updates to certs are always promised to be "MFC after: now" and
> > committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.
> > 
> > If not, keeping ca_root_nss port and updated ASAP with upstream should
> > be mandatory.
> 
> If ca_root_nss delivered the certs in the same format, sure, but that 
> monolithic file makes installing private CAs a hassle.

Move your Private_Root_CA.pem into ${DISTFILES} and add to /etc/make.conf:

.if ${.CURDIR:M*/security/ca_root_nss}
EXTRA_DISTFILES+=Private_Root_CA.pem
post-build:
	for f in ${EXTRA_DISTFILES}; do \
		${CAT} ${DISTDIR}/"$${f}" >> ${WRKDIR}/ca-root-nss.crt; \
	done
.endif

Definitely however ca_root_nss should go away in favor of the built-in
cert infrastructure and the ports still referring to this legacy should
be updated.

Kind regards
Helge

From nobody Fri Jan 20 07:51:31 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NysBv5nvcz2spTq
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 07:51:35 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.evolve.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NysBv1jfbz4Mmq
	for <ports@freebsd.org>; Fri, 20 Jan 2023 07:51:35 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTP id 04fd3835;
	Fri, 20 Jan 2023 07:51:33 +0000 (UTC)
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTPSA id a9fa7597 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Fri, 20 Jan 2023 07:51:33 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0 (1.0)
Subject: Re: Can security/ca_root_nss be retired?
From: Michael Gmelin <grembo@freebsd.org>
In-Reply-To: <202301200644.30K6iwrO092005@nuc.oldach.net>
Date: Fri, 20 Jan 2023 08:51:31 +0100
Cc: list_freebsd@bluerosetech.com, junchoon@dec.sakura.ne.jp,
 ports@freebsd.org
Message-Id: <98D727E4-8E1D-435B-BEB6-22BF45B4D3F8@freebsd.org>
References: <202301200644.30K6iwrO092005@nuc.oldach.net>
To: freebsd@oldach.net
X-Mailer: iPhone Mail (20B110)
X-Rspamd-Queue-Id: 4NysBv1jfbz4Mmq
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N



> On 20. Jan 2023, at 07:45, freebsd@oldach.net wrote:
>=20
> =EF=BB=BFMel Pilgrim wrote on Thu, 19 Jan 2023 14:58:12 +0100 (CET):
>>> On 2023-01-19 4:08, Tomoaki AOKI wrote:
>>> On Thu, 19 Jan 2023 03:13:48 -0800
>>> Mel Pilgrim <list_freebsd@bluerosetech.com> wrote:
>>>=20
>>>> Given /usr/share/certs exists for all supported releases, is there any
>>>> reason to keep the ca_root_nss port?
>>>=20
>>> If everyone in the world uses LATEST main only, yes.
>>> But the assumption is clearly nonsense.
>>>=20
>>> Basically, commits to main are settled a while before MFC to stable
>>> branches, and MFS to releng branches needs additional settling days.
>>>=20
>>> If any certs happened to be non-reliable, this delay can cause, at
>>> worst, catastorphic scenario.
>>>=20
>>> If updates to certs are always promised to be "MFC after: now" and
>>> committed to ALL SUPPORTED BRANCHES AT ONCE, I have no objection.
>>>=20
>>> If not, keeping ca_root_nss port and updated ASAP with upstream should
>>> be mandatory.
>>=20
>> If ca_root_nss delivered the certs in the same format, sure, but that=20
>> monolithic file makes installing private CAs a hassle.
>=20
> Move your Private_Root_CA.pem into ${DISTFILES} and add to /etc/make.conf:=

>=20
> .if ${.CURDIR:M*/security/ca_root_nss}
> EXTRA_DISTFILES+=3DPrivate_Root_CA.pem
> post-build:
>    for f in ${EXTRA_DISTFILES}; do \
>        ${CAT} ${DISTDIR}/"$${f}" >> ${WRKDIR}/ca-root-nss.crt; \
>    done
> .endif
>=20
> Definitely however ca_root_nss should go away in favor of the built-in
> cert infrastructure and the ports still referring to this legacy should
> be updated.

Without tooling in base to update certs independently of updating the OS thi=
s will be very painful.

Michael



From nobody Fri Jan 20 08:15:32 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyskl6kpzz2ss8B
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 08:15:43 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyskl0Yjfz4P9J;
	Fri, 20 Jan 2023 08:15:42 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30K8FWee051468
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 09:15:32 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30K8FWFq051465;
	Fri, 20 Jan 2023 09:15:32 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301200815.30K8FWFq051465@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <98D727E4-8E1D-435B-BEB6-22BF45B4D3F8@freebsd.org> from Michael Gmelin at "20 Jan 2023 08:51:31"
To: grembo@freebsd.org (Michael Gmelin)
Date: Fri, 20 Jan 2023 09:15:32 +0100 (CET)
Cc: list_freebsd@bluerosetech.com, junchoon@dec.sakura.ne.jp,
        ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 09:15:32 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.30 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	FROM_NO_DN(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCPT_COUNT_THREE(0.00)[4];
	DMARC_NA(0.00)[oldach.net];
	TO_DN_NONE(0.00)[];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4Nyskl0Yjfz4P9J
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Michael Gmelin wrote on Fri, 20 Jan 2023 08:51:31 +0100 (CET):
> > On 20. Jan 2023, at 07:45, freebsd@oldach.net wrote:
> > Definitely however ca_root_nss should go away in favor of the built-in
> > cert infrastructure and the ports still referring to this legacy should
> > be updated.
> 
> Without tooling in base to update certs independently of updating the OS this will be very painful.

Cert updates are rare so my feeling is that separate tooling for this
kind of leans into overkill.

The other OS with the colorful tiles will update certs through an OS
update (and reboot usually). Along the same paradigm, freebsd-update
would do the job.

One could as well track source and just install from
${SRC_BASE}/secure/caroot followed by certctl rehash.

Kind regards
Helge

From nobody Fri Jan 20 08:16:11 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyslV4NB4z2srwp
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 08:16:22 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyslT1mLpz4PxK
	for <ports@freebsd.org>; Fri, 20 Jan 2023 08:16:21 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=netfence.it header.s=202301 header.b=lRF3wjwv;
	spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 78.134.96.152 as permitted sender) smtp.mailfrom=ml@netfence.it;
	dmarc=pass (policy=none) header.from=netfence.it
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 30K8GB9d055547
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO)
	for <ports@freebsd.org>; Fri, 20 Jan 2023 09:16:11 +0100 (CET)
	(envelope-from ml@netfence.it)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfence.it;
	s=202301; t=1674202573;
	bh=qR6O9D6OhnvJVChRxEll9X6Fdq3CDaCW0VO/JGYgw/A=;
	h=Date:Subject:To:References:From:In-Reply-To;
	b=lRF3wjwvQZmFtHYTgVY5I4ppykJlMRN9SyXqb+SsI9q2L2LdNTayWX8VpalXoNvvZ
	 WHeA5k0ZRMhBawR5p4xzJyDjIlFMeGSa8w0egOd3ZRtSthX+am0txCEEvdMAp5yUGh
	 tplEx27SWpWrfAkpo030RtS9cMK2X9Ji8AWqkcuk=
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
Date: Fri, 20 Jan 2023 09:16:11 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Re: Can security/ca_root_nss be retired?
Content-Language: en-US
To: ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Spamd-Result: default: False [-2.95 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.95)[-0.952];
	DMARC_POLICY_ALLOW(-0.50)[netfence.it,none];
	R_SPF_ALLOW(-0.20)[+ip4:78.134.96.152];
	R_DKIM_ALLOW(-0.20)[netfence.it:s=202301];
	MIME_GOOD(-0.10)[text/plain];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	DKIM_TRACE(0.00)[netfence.it:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	TO_DN_NONE(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	HAS_XAW(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4NyslT1mLpz4PxK
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

On 1/19/23 18:04, Eugene Grosbein wrote:

>> Given /usr/share/certs exists for all supported releases, is there any reason to keep the ca_root_nss port?

Just my 2c...



> Single port may be updates more frequently and easily than base system.

I agree on this, but there's another problem.

Base has single certs in /etc/ssl/certs, where I can add my own private 
CAs' ones.

Port provides a single bundled file in
/usr/local/etc/ssl/cert.pem.
This (at least in some cases) overrides completely the ones in 
/etc/ssl/certs, so my own private CAs will not work anymore
In the end, I have to delete /usr/local/etc/ssl/cert.pem every time the 
port creates it (and currently I have found no way to prevent it from 
doing this).

So a port would be fine, possibly very appreciated, if it woulnd't 
disrupt base/local.



  bye
	av.

Then there's www/p5-Mozilla-CA and possibly others...

From nobody Fri Jan 20 08:33:20 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyt763lMyz2stv1;
	Fri, 20 Jan 2023 08:33:22 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20::e32])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyt756NH2z4SJx;
	Fri, 20 Jan 2023 08:33:21 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=IESmIa+4;
	spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::e32 as permitted sender) smtp.mailfrom=grarpamp@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-vs1-xe32.google.com with SMTP id d66so4896242vsd.9;
        Fri, 20 Jan 2023 00:33:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=zZkyTbIgEwNWmUF2WMacFs0gqDCr9NAYjVs5z3YpjLY=;
        b=IESmIa+4l0HffW5K/SldMQyVh1/KLr80qgSiRKP1RpGnH2AogtT3UrQ9cDVCGnUfg/
         2EzbtjxadyLQA93qTr2NeWPCdl282j9g/77fKEsL4Sv/Q25Eu+D/uUHxi63EKTHLMb2i
         DqhA7NXSd/r4ur6wXf3ofTLRPt2svTbymKB+w6m53L8hFQxsi3xGYuCPSE8jHd9Ws1P+
         /+GxaspU7gvrUggU2cq9siNJNv5N07X1BJWJ3YFsX+eRahDVfuyqsK+d6nm1aqrqYzS1
         Mnq2xYj5FNTUuSdxF9rJ21Ex4ehXtmB5yYcGNcai3Qr5Hq5lilMgcbiimJQ54vzndpeP
         EQ4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zZkyTbIgEwNWmUF2WMacFs0gqDCr9NAYjVs5z3YpjLY=;
        b=w6AuLT/LPj/k9K5O47NmmcKZF9PtvTm9EfHJhrgWN144+OLuvTAhQjhHEnYhKTx7+V
         ei2cY51d4QquKS3cXgIaMEDuEEVSpwuko5GDOUhyZ2oKQOYERIdqkzGdGgJVRWO6r4DQ
         JBpzGus/Q4yXn7Oo15Y1WhucVtpNF45K5DWvDA+X5qGWhfMLmQJDjFzc3raven2aNtgf
         cuRMaynsPuS3stLdhQPNNYlamfEdEq8u8w0GwCiaH1Ms0QPQijX66tw9woOFT9+Hj9+P
         vepT9Bklwn8H69Ik21sF3UytQxicyE6HLvy4ZRkCIk8i0iyMjtSGn+cvdc11B33swSjP
         Wmxg==
X-Gm-Message-State: AFqh2koil2oDgdLDzWmmmV+bp1OFdUVo2i56WFafgXPmEA0fkyJLHPzx
	JM/09jQ+msuvkbt5dgsPvI9m4z4XeN9GenHfv+lG634Kwrqc3kkh
X-Google-Smtp-Source: AMrXdXvTiA2oiGl2WqU1L+z5LCtJ/R+jQsKsUksMEGIrdlOwA9wh93r5BpvVEARwEi+WTRVV3k+Frm+L+UO/gYY7paw=
X-Received: by 2002:a67:ec91:0:b0:3d0:a896:51da with SMTP id
 h17-20020a67ec91000000b003d0a89651damr1822514vsp.44.1674203601094; Fri, 20
 Jan 2023 00:33:21 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Received: by 2002:a05:612c:1190:b0:374:fe0f:8b62 with HTTP; Fri, 20 Jan 2023
 00:33:20 -0800 (PST)
In-Reply-To: <7F3E8043-D985-4BC4-97B9-1FF7BA2E54C1@freebsd.org>
References: <20230120070931.4ef522dfa48b35ddac0c50ac@dec.sakura.ne.jp> <7F3E8043-D985-4BC4-97B9-1FF7BA2E54C1@freebsd.org>
From: grarpamp <grarpamp@gmail.com>
Date: Fri, 20 Jan 2023 03:33:20 -0500
Message-ID: <CAD2Ti2_TR5KLE+tgBa+teFDTwGZvRYyhbtQ+z2b5H+TDe9N0Pg@mail.gmail.com>
Subject: Re: Can security/ca_root_nss be retired?
To: ports@freebsd.org
Cc: freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Spamd-Result: default: False [-2.58 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-0.995];
	NEURAL_HAM_SHORT(-0.59)[-0.589];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	MIME_GOOD(-0.10)[text/plain];
	MLMMJ_DEST(0.00)[ports@freebsd.org,freebsd-security@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	ARC_NA(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e32:from];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCPT_COUNT_TWO(0.00)[2];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FREEMAIL_FROM(0.00)[gmail.com];
	FROM_HAS_DN(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-Rspamd-Queue-Id: 4Nyt756NH2z4SJx
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

> /usr/share/certs

Was never necessary.
Should not have been added.

>> trust store
> list of trusted CAs

People are fools if they think they can "trust" any of those.
Including a live cert store in base does little but endorse exposure
of users to such external risks. Users before at least had to read
and actively choose to enable footshooting, now apparently the
teaching is that blindly placing trust upon untrustable external
third parties is the right thing to do. There are lots of MITM
enabling random adversaries in that "trust" store, and its
issues have been in the news multiple times already.

However users choose to disable and manage their own stores,
some of their models for doing that obviously might include making
use of data elements held within a current port of the upstream stores.
Other users have other projects and apps that need it for other reasons as well.
So retiring ca_root_nss would be anti-helpful for them, and thus
retiring it is definitely not suggested. Nor do other unix retire this either.





--
https://odysee.com/@Anarchast:2
https://duckduckgo.com/?ia=videos&iax=videos&q=voluntaryism
https://duckduckgo.com/?ia=videos&iax=videos&q=cryptocurrency
https://bitchute.com/
https://rumble.com/

From nobody Fri Jan 20 08:40:33 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NytHk4lNNz2svvD
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 08:40:50 +0000 (UTC)
	(envelope-from tatsuki_makino@hotmail.com)
Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01olkn2041.outbound.protection.outlook.com [40.92.52.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NytHj1yzBz4V2w
	for <freebsd-ports@freebsd.org>; Fri, 20 Jan 2023 08:40:49 +0000 (UTC)
	(envelope-from tatsuki_makino@hotmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=hotmail.com header.s=selector1 header.b=r1vCyyM1;
	spf=pass (mx1.freebsd.org: domain of tatsuki_makino@hotmail.com designates 40.92.52.41 as permitted sender) smtp.mailfrom=tatsuki_makino@hotmail.com;
	dmarc=pass (policy=none) header.from=hotmail.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1")
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ENrbp5exx1jOjw4Je5Ops/0bBzsV8rCXGgwoMj3YoydtudbBawyfs9xA7fBCn7OqE465pS8K90HXyg554zzAT9iNPulQaVbH6qasbHYPg68ZkRV67CSmX6Gy6lt74Xj4pjAx0xxRqTFNJ/8/NQ3ouH5+wLy/ApQLmE4QKUywZU/8jwRxcEmjpAe6EY3qjWHxg5w1Ee3Jc0arrDraSeKk1uSeCn9rpFmvRsnoBrEmzQqVJceZ9RGfUJFy8yHKLr093ugz5DnJFWm/yxU/jXek/eH0gD6lzvm87UDtti8hbKh3y7ExP92k1aoF1zRCXcNlqqnMarItlXegTGAQ8GMW+w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=ONTlJlPL+E8l+zqtNhLa9YDY0j761tAOsUoonuqJmWI=;
 b=G/ZMSceo22l4+MU2kL5bz3f8c/TcrnHBXRVDz6DZdGRHlQ+LF3KxGA66rzV0FfwgrnDX+DJr3Ip+Cc75ARZjntDsepn0FQexFGFmYz91VH2zJUL6bwcvu0QIlkbKOB9Mgv82YAK7SSzioAHPpvqjB7KTnV8A9sqstDohUmTcrWjn5y7nRXPdhr56zFNI4bjaNvlKUHg6oyatIpQUvtAVPMNz2MoL7mLATWJTYVUGI2P4+SjxLQ6lrA9FnoMAnPB5dmDlIy0KSXpeH339/BgzetZ+83Ekb/2UYrBz4xvONbFLvDdJzgzmSwjkKQUhBPdalr8HiJOZDmxsSljRZGEQpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ONTlJlPL+E8l+zqtNhLa9YDY0j761tAOsUoonuqJmWI=;
 b=r1vCyyM18DSkLeXjtwZudfmqsbeii9i7OCwix43UGQqKKvTY5uVJSmXulEfwOWVDP0lyNp4Zjx2CdiS3VzWIpHRyuA33Sr5dCMhJL3VyvSOTp2vlK1v9dtbFGRpEtgKQN1XbszZ6U0KxK+OwQu4rkFEmLi2ZXTgGbFgu4xNBqccaeQ3c2EehHNDlfydX2WkDBpsk9RoIPr4KUrOOxxERZaGXNCjxAQtQwOJJmJG+xwf52Og7MiPDgRg98o1QyJjTJ++29rMBIndqNw2rq9iKFylQjIMr7Rl7uIjRb8B2qP05dGqrGPxkaxBCRZmidsYaSXu2NCKCECBgKwOXyDDwqg==
Received: from TYZPR03MB5648.apcprd03.prod.outlook.com (2603:1096:400:56::13)
 by SI2PR03MB6485.apcprd03.prod.outlook.com (2603:1096:4:1a4::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.26; Fri, 20 Jan
 2023 08:40:44 +0000
Received: from TYZPR03MB5648.apcprd03.prod.outlook.com
 ([fe80::9626:920d:955d:badd]) by TYZPR03MB5648.apcprd03.prod.outlook.com
 ([fe80::9626:920d:955d:badd%4]) with mapi id 15.20.6002.024; Fri, 20 Jan 2023
 08:40:44 +0000
To: "freebsd-ports@FreeBSD.org" <freebsd-ports@freebsd.org>
From: Tatsuki Makino <tatsuki_makino@hotmail.com>
Subject: [through-able] poudriere: I don't want to rebuild rust with
 PORTREVISION bump of curl
Message-ID:
 <TYZPR03MB56486D5352CC66A06EBCAAF5FAC59@TYZPR03MB5648.apcprd03.prod.outlook.com>
Date: Fri, 20 Jan 2023 17:40:33 +0900
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Firefox/52.0 SeaMonkey/2.49.4
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-TMN: [XV6qQieB67Ref9y/p265FxZ2Y1sX861e]
X-ClientProxiedBy: TY2PR04CA0012.apcprd04.prod.outlook.com
 (2603:1096:404:f6::24) To TYZPR03MB5648.apcprd03.prod.outlook.com
 (2603:1096:400:56::13)
X-Microsoft-Original-Message-ID:
 <0cba40c1-e8ce-d4c9-b97f-68d1f33877e8@hotmail.com>
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: TYZPR03MB5648:EE_|SI2PR03MB6485:EE_
X-MS-Office365-Filtering-Correlation-Id: 4247ee5c-863b-451d-cd74-08dafac204ca
X-MS-Exchange-SLBlob-MailProps:
	Vs63Iqe4sQmimmIYoc3FKsnXxqoBQvnPDo37wND2wI1M8NND9420Za62r6rjmaAd79RvL+UMv0DNIRqFo9IjsU9Vla1sl5GbRzkWUFD09gfnw5pcbI4NKBayXDZTa0sLk/l6tJ49u60laYtFQOQEe++qWJFVbs+hMffgxLw4KecBuxdCAO28sW6RAjMwFGO4RKaUF8OspG6UOCy9mYXY5fyIFFKryn1ebYvIdn8N+znPA7ra1Wobn2Srk6lhNKaNiPIDb5krcWomylgqCo4Bs3Uw0Vs6oT1Dq6mKUuM88kKAOoMnI+jrSidSbPBw/Rbw5dj95SGdDCOLmOB5J6zY5i50Mmj4weVojCa1edQaf22fLohlbsb9HZMZCMMKRdGWhER12HsSncg6AYv89q3+ptdmar+/bFsRMh/wijndUdjBGTJzchiTV5AA5rTUviDokeLEmkcwk4efxsn594jz7d6OtAbVktoYhzKF7aPXnzVnwF9iU8qerRLVbYpUjC0vBVWs+Rds8kztYheoRQpjRzWIPbM/x3MFtbN/gLVKzGN5VUEMlhP6GQkzpfGqiFDIWo6i8Ub87cUFRZrgaf8E9ap3H1XFza7HcWfFsz0k4UNR1N8yoeWioTZtciWCfNswszqmsgtDItTbWiD19TRhvKG/TT1Hu2zZFw70nxYZC94TtFZcqNgVhLkfW0dwArGsFv+p8mmDv1n0OBKbxZNf1AT8y9EqqRjORGYYz+qyozA=
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	MTlsuGlnYYu8+5I8E6nENmhOtWkNFSC0gyugi26kZ0xLNGR7dwmsYbTqFLw5EOJ15LdiI6Hq1ZlQXksWj3jnQ2GgJefTRV1Lwi3Fv+VY1rC5qKzuMYMO4J/VeA2boWuOT6Te1GotmiwBPTxjo+8I+QIF7F5vTa1ejo2MFZUJQD0giikwKL5VJ4R6ZCnX5SwhseyikgGIBsgT40CJphTpoV8+hon7ovPfmHvOWMjOVlk+s47VEIq8i3ROrjaH9CCF8Annh88onTXVNfcqjeTb+7B89vuqXbpVkDrNYxTtsZEW7tts3gjhe4dp4vnONvvT2bbML9+wSSE0KizvyxHRWStTz0gN8LQR1oBatlHoglyGtk5g0o+JJIXMbxfvRhqDjU+jNnu3E26l6Y8UFic8ut5jfYUkCgn+DxW0Gx1o5Tr2TlPXl4Lf1hN6qZmiZBq69NWGdt6ZOlRN0hv1CsCcJjfzl4s1iAOYeee2EkJv7KezafmrbXdPg/ZoLyqoJ7Xx4X+Vsf3mCiZ5TFGlCmCGi3IMg4oCd234RyOhSMSE/eUW/tDJ1TqH28bmmyOgrXLSTELoLlcEwQaH7KJoc9W9P39mev0lB+RZ8lB0Zdyu5nBrrG0grST0Kq+K7ENbsQv4NyDW/x/Av6kLibrTuXmvMg==
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?utf-8?B?M2gwTHF0WlhyVzdzZFZ3N2RObll5azBaa29iUVpIK0dqNkhVcmNWMEJjbjJ6?=
 =?utf-8?B?QkRnTW43aDZFUE5PdG9aM21xRStQTHBBR2wzQWNldURWZTRaWUEzNWlRUDVq?=
 =?utf-8?B?UUU0QS9GSnBvbURkVDdsMHBMNHNFcGQxdHNGcEtzSzRFak5aaXUxbWVmL0NW?=
 =?utf-8?B?eTlub0tLREFxMzUvWE00dUZXN05tSUVOa1c2dERVWWxBSGpHemFvV2pxUm82?=
 =?utf-8?B?T1V3eDR5WDRQRVh4WVVPOEdmSXIybE5Ic3B6dlF1ei8wNkpJcHphODhTTVdn?=
 =?utf-8?B?d3paRDFLNG9mQmJEa2FYc0tGUmtldndKUVFqS1RTSitmaWRmcGMzS2t1ZWJI?=
 =?utf-8?B?NFBzVHN0OStWR21YcXMxSVREUm0vWTFnTGR5a245S3EvUXduei9DSWNBWTFy?=
 =?utf-8?B?eENpYnB2eWMvcVYwZ3A1N3hTbGhZRFRuSHdRMmx3RnI1bGhvem91QUFrQ202?=
 =?utf-8?B?WkVqcU9MbU0vOVNnS1l3UVFxNjJCVENtNkNjVEpFNVYrcmxMSU9RTFVvYjBI?=
 =?utf-8?B?K3kyRE55YkdPNXBEZEhTaWpIMmhaL1RLemVBcWY4cmpzcEF4L0pIWng2cjVK?=
 =?utf-8?B?SU1TQXo0Y3R6WWpuaEpid3h0TkNWZytiOEptemg0SktMUk5pUnpkV2c5ZUkw?=
 =?utf-8?B?Z2I4TUxYeDQ4eEVCVFJ2UjlxekFLQ2lHSXNqT25NdkZwdUhqek5mY1l6TFNJ?=
 =?utf-8?B?TDZ2VUdUK3htcTIwSjN0YlcveUluaVRybSt5RDcxcS91bGkrN1NLYmRab1lY?=
 =?utf-8?B?alFxUkJXNEpnbW14T2s5azBqSHNucHUxRnpDQis3TU1pNm5RZi9WTzEyNHlx?=
 =?utf-8?B?cHZGcVFOUzRZb0lXMGZuczNtRGt2UnAwWEVha0ROc0FXSlp0dzNOVUpXUjlh?=
 =?utf-8?B?QzcyODF3c3ZYczdzcm9TY2h3M1JnelNRTXlVQWppT3Q3WTB6QWxwVDhqanpB?=
 =?utf-8?B?eVhnSXdhQzVkWE1EWVRab0p2bGI5eHVjbXBkLzRUeDV6bStHV24xTEVNQXZi?=
 =?utf-8?B?NFVyRFB6Z2srZFE2blpsYUl4N3hUL3dUZm5zMnYyY3d6MGQwME02RGxWZWJD?=
 =?utf-8?B?endiQWhLTDY4bDV6NVY2Rk1SYzE5dDRFUnI1bno1QzZaMDNXMTRlQUhSa0Vt?=
 =?utf-8?B?ak41OWFMTXFWWjB6Ty9OQm00Ky80UERlUVFiejAvam9wem40Y01iQyt1Zkgw?=
 =?utf-8?B?SE9HSjg4NXI5UWpxMm53QmRPcDVVM2p4bElCWURxb2dWd2RaRldlekIveXFT?=
 =?utf-8?B?OTlXSUUzYzI1aGRqWXFsbk51UEk5N21vV1pJVDJ3M04wbWRwT2N1QmZ0Uk42?=
 =?utf-8?B?QlpYRTNkbDZYZkZENFNCVHl1NmltWkVwaDhETlRlVXBWN214SzNJUG5raGIr?=
 =?utf-8?B?ZitKZk9hOWt6MW5oSytTaU5USWhicS8ybjIvYmd4c2FJU3I2NVZnUWQyMllZ?=
 =?utf-8?B?alRYQmt4a1pkNjFTb2hYMmZsMmNEa2c3aE52R0N5NXdYQzk4cUZOcjd4TzNK?=
 =?utf-8?B?M0pHSDFTSVZKMndVQVh1bG1VM1BJZU9pUDRpMHg4WUZGeXRwTVo1Snc1WVh4?=
 =?utf-8?B?czRKYzBHcG5mUDRnMnNDeTFZdC9zSGw3VnRPL2dUS1pkNHNHT1JGMVBXU0lV?=
 =?utf-8?B?eFNUdjhlN2V2TzhjKzROVXA2NXVuL1d2aDczUmhtN3YzTkFESGsxQ3M1Qnho?=
 =?utf-8?B?WXFQOTVuRWR2OFB3NEM1bkd4ZXl3M1VIdVkrdlRMNEZEODJ6SndPcllHNjFa?=
 =?utf-8?Q?YZ+JOZezW3yErDE47Q=3D?=
X-OriginatorOrg: sct-15-20-4734-24-msonline-outlook-c0b75.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: 4247ee5c-863b-451d-cd74-08dafac204ca
X-MS-Exchange-CrossTenant-AuthSource: TYZPR03MB5648.apcprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2023 08:40:44.3920
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SI2PR03MB6485
X-Spamd-Result: default: False [-2.23 / 15.00];
	FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN(2.50)[];
	ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.73)[-0.729];
	DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15];
	R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1];
	MIME_GOOD(-0.10)[text/plain];
	FREEMAIL_ENVFROM(0.00)[hotmail.com];
	TO_DN_EQ_ADDR_ALL(0.00)[];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org];
	ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US];
	FROM_EQ_ENVFROM(0.00)[];
	DWL_DNSWL_NONE(0.00)[hotmail.com:dkim];
	RCVD_COUNT_THREE(0.00)[3];
	DKIM_TRACE(0.00)[hotmail.com:+];
	FREEMAIL_FROM(0.00)[hotmail.com];
	FROM_HAS_DN(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[40.92.52.41:from];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	RWL_MAILSPIKE_POSSIBLE(0.00)[40.92.52.41:from]
X-Rspamd-Queue-Id: 4NytHj1yzBz4V2w
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Hello.
This is an unimportant topic that may or may not be useful and can be skipped :)

Today, our poudriere would have output the following

[00:01:24] [Dry Run] Deleting rust-1.66.1.pkg: missing dependency: curl-7.87.0

This causes my poudriere to spend 4 hours rebuilding rust.
Not long ago, my poudriere spent 6.5 hours rebuilding gcc12 because of mpfr :)

I experimented with ways around this.

# Extract +COMPACT_MANIFEST and +MANIFEST
tar -x -v -f /usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg -C /tmp/ -- +COMPACT_MANIFEST +MANIFEST
# Substitute 7.87.0 and 7.87.0_1 in curl
# If 7.87.0 only appeared once, it might be easy to do using sed or something, but here I did it with vi to be sure :)
vi /tmp/+COMPACT_MANIFEST /tmp/+MANIFEST
# Create a new package... somewhat strange command :)
tar -c -f - --exclude +\*MANIFEST @/usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg | tar -c -v -f /tmp/rust-1.66.1.pkg -J -C /tmp/ +COMPACT_MANIFEST +MANIFEST @-
# Copy owner and permissions
chmod `stat -f %Mp%Lp /usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg` /tmp/rust-1.66.1.pkg
chown `stat -f %u:%g /usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg` /tmp/rust-1.66.1.pkg
# Move the completed package
mv /tmp/rust-1.66.1.pkg /usr/local/poudriere/data/packages/jailname-default/All/

The replaced rust-*.pkg is no longer included in rebuild queue :)
And after this, the build of graphics/librsvg2-rust succeeded without any problems.

It uses the following behavior:
poudriere uses the following command to check dependencies
pkg query -F somepackage-0.pkg '%do %dn-%dv'
The -F option of pkg-query opens the package with pkg_open2 function in pkg-1.19.0/libpkg/pkg.c.
+COMPACT_MANIFEST and +MANIFEST are read in priority to the nearest the beginning of the package archive.

If you break a RUST package, give up and rebuild it :)
poudriere bulk -j jailname -C lang/rust
... 4 hours :)

Thank you for reading :)
Regards.

From nobody Fri Jan 20 08:45:20 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NytP44jhJz2swVq
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 08:45:28 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.evolve.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NytP42D0Cz4Vv2;
	Fri, 20 Jan 2023 08:45:28 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTP id 5bc5ab4f;
	Fri, 20 Jan 2023 08:45:21 +0000 (UTC)
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTPSA id 7ec037aa (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Fri, 20 Jan 2023 08:45:21 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0 (1.0)
Subject: Re: Can security/ca_root_nss be retired?
From: Michael Gmelin <grembo@freebsd.org>
In-Reply-To: <202301200815.30K8FWFq051465@nuc.oldach.net>
Date: Fri, 20 Jan 2023 09:45:20 +0100
Cc: list_freebsd@bluerosetech.com, junchoon@dec.sakura.ne.jp,
 ports@freebsd.org
Message-Id: <2A3836DC-E9E3-4AF4-81BD-48E52C695B43@freebsd.org>
References: <202301200815.30K8FWFq051465@nuc.oldach.net>
To: freebsd@oldach.net
X-Mailer: iPhone Mail (20B110)
X-Rspamd-Queue-Id: 4NytP42D0Cz4Vv2
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N



> On 20. Jan 2023, at 09:15, freebsd@oldach.net wrote:
>=20
> =EF=BB=BFMichael Gmelin wrote on Fri, 20 Jan 2023 08:51:31 +0100 (CET):
>>>> On 20. Jan 2023, at 07:45, freebsd@oldach.net wrote:
>>> Definitely however ca_root_nss should go away in favor of the built-in
>>> cert infrastructure and the ports still referring to this legacy should
>>> be updated.
>>=20
>> Without tooling in base to update certs independently of updating the OS t=
his will be very painful.
>=20
> Cert updates are rare so my feeling is that separate tooling for this
> kind of leans into overkill.
>=20
> The other OS with the colorful tiles will update certs through an OS
> update (and reboot usually). Along the same paradigm, freebsd-update
> would do the job.
>=20
> One could as well track source and just install from
> ${SRC_BASE}/secure/caroot followed by certctl rehash.

On a single system that works just fine, but when you have many servers, vms=
, containers/jails (including automatic ones in CI, e.g., GitHub actions) th=
is gets tedious. In our local cluster I would probably end up creating a pri=
vate package based on what is in current (think security/freebsd-caroot).




From nobody Fri Jan 20 09:16:41 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyv5B1b9vz2t1Dt
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 09:16:46 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyv593RGXz4Y0f
	for <ports@freebsd.org>; Fri, 20 Jan 2023 09:16:45 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=netfence.it header.s=202301 header.b=CQUzOGIf;
	spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 78.134.96.152 as permitted sender) smtp.mailfrom=ml@netfence.it;
	dmarc=pass (policy=none) header.from=netfence.it
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 30K9Gf2E000335
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO)
	for <ports@freebsd.org>; Fri, 20 Jan 2023 10:16:41 +0100 (CET)
	(envelope-from ml@netfence.it)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfence.it;
	s=202301; t=1674206203;
	bh=YgwBJNDRB7UXOMpjUgotgchIO1F0B4l0cUgTxt1nKuA=;
	h=Date:Subject:To:References:From:In-Reply-To;
	b=CQUzOGIfxnMsul093dTt0jE2xHap8+59K0opGQ60dYp+7ua6TxbKAhhgTFVzmPr8q
	 OmEa/ZsDb2GBp4u8TWjvv/o/LZ/+Qfkim2YmNoeQbAoG0Avb1jxVmuohpet+RPb4iy
	 s4zalibpSnfR8bVNXC9tRYphM1qkr8mHvAw6KBu0=
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <604b55c9-b082-e006-cde6-652df9985b78@netfence.it>
Date: Fri, 20 Jan 2023 10:16:41 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Re: Can security/ca_root_nss be retired?
Content-Language: en-US
To: ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
 <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Spamd-Result: default: False [-3.00 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[netfence.it,none];
	R_SPF_ALLOW(-0.20)[+ip4:78.134.96.152];
	R_DKIM_ALLOW(-0.20)[netfence.it:s=202301];
	MIME_GOOD(-0.10)[text/plain];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_COUNT_ONE(0.00)[1];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	DKIM_TRACE(0.00)[netfence.it:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	HAS_XAW(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4Nyv593RGXz4Y0f
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

On 1/20/23 09:16, Andrea Venturoli wrote:

> Base has single certs in /etc/ssl/certs, where I can add my own private 
> CAs' ones.
> 
> Port provides a single bundled file in
> /usr/local/etc/ssl/cert.pem.

And also  /usr/local/share/certs/ca-root-nss.crt, which is used in other 
cases, overriding the others stores.

So, in the end, there should be agreement on *one* official source of 
certs and that would be ideally used by everything. The port 
could/should populate that, without disrupting local additions.

  bye
	av.

From nobody Fri Jan 20 09:35:31 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyvVx2050z2t33p
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 09:35:37 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyvVv6C7Tz4ZLl
	for <ports@freebsd.org>; Fri, 20 Jan 2023 09:35:35 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp;
	dmarc=none
Received: from kalamity.joker.local (123-1-88-210.area1b.commufa.jp [123.1.88.210])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 30K9ZVbE067865
	for <ports@freebsd.org>; Fri, 20 Jan 2023 18:35:32 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Fri, 20 Jan 2023 18:35:31 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-Id: <20230120183531.164a3e14c186d691a8881e93@dec.sakura.ne.jp>
In-Reply-To: <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
	<56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
	<5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [1.30 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	AUTH_NA(1.00)[];
	NEURAL_HAM_SHORT(-0.97)[-0.968];
	MV_CASE(0.50)[];
	NEURAL_HAM_LONG(-0.16)[-0.164];
	MIME_GOOD(-0.10)[text/plain];
	NEURAL_SPAM_MEDIUM(0.03)[0.029];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP];
	DMARC_NA(0.00)[sakura.ne.jp];
	RCVD_TLS_LAST(0.00)[];
	HAS_ORG_HEADER(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4NyvVv6C7Tz4ZLl
X-Spamd-Bar: +
X-ThisMailContainsUnwantedMimeParts: N

On Fri, 20 Jan 2023 09:16:11 +0100
Andrea Venturoli <ml@netfence.it> wrote:

> On 1/19/23 18:04, Eugene Grosbein wrote:
> 
> >> Given /usr/share/certs exists for all supported releases, is there any reason to keep the ca_root_nss port?
> 
> Just my 2c...
> 
> 
> 
> > Single port may be updates more frequently and easily than base system.
> 
> I agree on this, but there's another problem.
> 
> Base has single certs in /etc/ssl/certs, where I can add my own private 
> CAs' ones.
> 
> Port provides a single bundled file in
> /usr/local/etc/ssl/cert.pem.
> This (at least in some cases) overrides completely the ones in 
> /etc/ssl/certs, so my own private CAs will not work anymore
> In the end, I have to delete /usr/local/etc/ssl/cert.pem every time the 
> port creates it (and currently I have found no way to prevent it from 
> doing this).
> 
> So a port would be fine, possibly very appreciated, if it woulnd't 
> disrupt base/local.
> 
> 
> 
>   bye
> 	av.
> 
> Then there's www/p5-Mozilla-CA and possibly others...

Doesn't ETCSYMLINK option work?
As it's the default option, you need to install security/ca_root_nss
from ports with the option disabled, not pkg.

Possibly, somehow changing the priority within /etc/ssl/certs
and /usr/local/etc/ssl is necessary. Sorry, don't know how to do so.

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Fri Jan 20 09:47:11 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyvmM31YMz2t4R5
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 09:47:15 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyvmL2hz9z4bxd
	for <ports@freebsd.org>; Fri, 20 Jan 2023 09:47:14 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp;
	dmarc=none
Received: from kalamity.joker.local (123-1-88-210.area1b.commufa.jp [123.1.88.210])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 30K9lBT7069454
	for <ports@freebsd.org>; Fri, 20 Jan 2023 18:47:12 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Fri, 20 Jan 2023 18:47:11 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-Id: <20230120184711.2da251b2964eb324e6373ac5@dec.sakura.ne.jp>
In-Reply-To: <604b55c9-b082-e006-cde6-652df9985b78@netfence.it>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
	<56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
	<5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
	<604b55c9-b082-e006-cde6-652df9985b78@netfence.it>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Result: default: False [1.39 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	AUTH_NA(1.00)[];
	NEURAL_HAM_SHORT(-0.97)[-0.966];
	MV_CASE(0.50)[];
	MIME_GOOD(-0.10)[text/plain];
	NEURAL_HAM_LONG(-0.05)[-0.051];
	NEURAL_SPAM_MEDIUM(0.01)[0.009];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP];
	DMARC_NA(0.00)[sakura.ne.jp];
	RCVD_TLS_LAST(0.00)[];
	HAS_ORG_HEADER(0.00)[];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Queue-Id: 4NyvmL2hz9z4bxd
X-Spamd-Bar: +
X-ThisMailContainsUnwantedMimeParts: N

On Fri, 20 Jan 2023 10:16:41 +0100
Andrea Venturoli <ml@netfence.it> wrote:

> On 1/20/23 09:16, Andrea Venturoli wrote:
> 
> > Base has single certs in /etc/ssl/certs, where I can add my own private 
> > CAs' ones.
> > 
> > Port provides a single bundled file in
> > /usr/local/etc/ssl/cert.pem.
> 
> And also  /usr/local/share/certs/ca-root-nss.crt, which is used in other 
> cases, overriding the others stores.
> 
> So, in the end, there should be agreement on *one* official source of 
> certs and that would be ideally used by everything. The port 
> could/should populate that, without disrupting local additions.
> 
>   bye
> 	av.

IMHO, we would need 3 places.
  *For base with lowest priority.
  *For ports which can override base certs.
   ALL PORTS SHOULD WRITE CERTS ONLY HERE.
  *For local admins only, with highest priority.
   Nothing else can override certs here.

-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Fri Jan 20 09:56:16 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyvyr1yDkz2t5MN
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 09:56:20 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyvyq07yRz4cSs
	for <ports@freebsd.org>; Fri, 20 Jan 2023 09:56:18 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30K9uG55004731
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 10:56:17 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30K9uGnN004729;
	Fri, 20 Jan 2023 10:56:16 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301200956.30K9uGnN004729@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <604b55c9-b082-e006-cde6-652df9985b78@netfence.it> from Andrea Venturoli at "20 Jan 2023 10:16:41"
To: ml@netfence.it (Andrea Venturoli)
Date: Fri, 20 Jan 2023 10:56:16 +0100 (CET)
Cc: ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 10:56:17 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.25 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-0.999];
	NEURAL_HAM_LONG(-0.99)[-0.993];
	NEURAL_HAM_MEDIUM(-0.95)[-0.954];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	R_DKIM_NA(0.00)[];
	FROM_NO_DN(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	DMARC_NA(0.00)[oldach.net];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4Nyvyq07yRz4cSs
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Andrea Venturoli wrote on Fri, 20 Jan 2023 10:16:41 +0100 (CET):
> On 1/20/23 09:16, Andrea Venturoli wrote:
> 
> > Base has single certs in /etc/ssl/certs, where I can add my own private 
> > CAs' ones.
> > 
> > Port provides a single bundled file in
> > /usr/local/etc/ssl/cert.pem.
> 
> And also  /usr/local/share/certs/ca-root-nss.crt, which is used in other 
> cases, overriding the others stores.
> 
> So, in the end, there should be agreement on *one* official source of 
> certs and that would be ideally used by everything. The port 
> could/should populate that, without disrupting local additions.

The "agreement" got impersonated with D16856 in 2019 so the way forward
is clearly moving away from an externally supplied monolithic cert store
and providing a much more flexible and easily tweakable hash based cert
infrastructure in base. There's also a performance benefit IIRC.

Kind regards
Helge

From nobody Fri Jan 20 10:05:40 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyw9m0MYwz2t6F1
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 10:05:48 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyw9k6BFTz4lQG
	for <ports@freebsd.org>; Fri, 20 Jan 2023 10:05:46 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30KA5e3o006165
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 11:05:40 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30KA5emX006163;
	Fri, 20 Jan 2023 11:05:40 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301201005.30KA5emX006163@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <20230120184711.2da251b2964eb324e6373ac5@dec.sakura.ne.jp> from Tomoaki AOKI at "20 Jan 2023 18:47:11"
To: junchoon@dec.sakura.ne.jp (Tomoaki AOKI)
Date: Fri, 20 Jan 2023 11:05:40 +0100 (CET)
Cc: ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 11:05:40 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.09 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_LONG(-0.93)[-0.932];
	NEURAL_HAM_MEDIUM(-0.85)[-0.854];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	R_DKIM_NA(0.00)[];
	FROM_NO_DN(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	DMARC_NA(0.00)[oldach.net];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4Nyw9k6BFTz4lQG
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Tomoaki AOKI wrote on Fri, 20 Jan 2023 10:47:11 +0100 (CET):
> IMHO, we would need 3 places.
>   *For base with lowest priority.
>   *For ports which can override base certs.
>    ALL PORTS SHOULD WRITE CERTS ONLY HERE.
>   *For local admins only, with highest priority.
>    Nothing else can override certs here.

I disagree. That will create a mess that's hard to troubleshoot. Keep
in mind that some software might not consider some of the proposed
stores by design, or walk through the available stores in a different
order deviating from what you expect. Also keep in mind that you need
to consider trusted *and* untrusted certs in the given priority and
consider that your priorities might disagree on specific certs.

All of this can be solved obviously but it's a complex solution to a
rather simple case for which base provides a flexible approach already.

Kind regards
Helge

From nobody Fri Jan 20 10:14:23 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NywMv5Y9qz2t7Tc
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 10:14:35 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NywMv52Vmz3D2s
	for <freebsd-ports@freebsd.org>; Fri, 20 Jan 2023 10:14:35 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1674209675;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=24mZGQY0Sq2r/FYDQ/3LBSnr2XWnL1x0X4LTurMAI60=;
	b=L7dXEvF65HqAKAGK1ruBHTlKRXXagUiosll+lK0J9r9+VUv2hKFTnSR9wxVStlmeD8sXWe
	SC3lGI6UOhDm+mWnTbYLr5ChZiLye7YxJmzbgsRxK3in4WDV4Ih7mVYJncYZomOBQOgKAf
	/5lppzEtUotOZydw/bH+Jw5TAkuH6YJAyeSFbOKQa0l/8dwZBtV0MPwctTWNgQko8GWRaP
	cBETN4K95DPtGxCJtRBGNjWhkFheMblvJg7TJh9v2tcyonxs8pg3xb6JHVH/dVL81nVhh+
	mh0Zq+m3t4fJ0pL8VIXoj8c5T1vdKj0iVMncjr/QVdCBpIkaAfpOHdbNxlfNVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674209675;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=24mZGQY0Sq2r/FYDQ/3LBSnr2XWnL1x0X4LTurMAI60=;
	b=Ap8frypd4lsQ4tIdIL4Z83rBcBhVcfsjswt3q0g+SevJf0aufrEL+80xjx4B/Dj28b/L1O
	miEH4/o82WkowNmWwno/EzG2uKVvZLtsNOf7X2J+9xi7uSoDeP1/gSefUWogBDXhwSX9Nm
	hRdpitpEaHB2oQhHlvHV9BvbZKuavQSF0t1sJRY1ds6qM8A2+xSVkcZYXFSFE7ytfyV/5d
	GGDCLcAMKp8ZJVfAFDUpUYC3XppDu+gWqZpCsmWrv9/BeyFREa0HKpXF66ZNW37+hXRQKq
	kSPwi/deqLxgOGDLePseEL/V2JddSHFLzmUDbG6k7RK2h2yzQHtlzjdpWACNFg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674209675; a=rsa-sha256; cv=none;
	b=dFcheQq8GuWH4MdEEhdD5w1Z6Y9t5LmiXPwdyelNnWW7rYvf0PlgVpNU21PtiutLYX1hdU
	XbEQVg3FgVUBUxsVIIgTUOQY2l31oJkc0t4ddtEempsNjuTCyAtI2GRColK0eVmK+K05xI
	CCoD7O8om0YkmG18KUd5Ev82kHBomJ2y8KZ+I/xefqKLWNMEJ5M+FgY+zuTD6L8m1De7jp
	Ij8Lbd92iwVrgFpnBqP2oe6H0ncHDhfBdk4ljQTQQw7ah3h7FB3ZS9mMHbpJmVRdOuVds1
	D36ZHYcFbrAtrg81vvvhY9p+O22dfAasU1lFcn+ZyxwutVcF20a22B3ky+U9jQ==
Received: from mail-vs1-f48.google.com (mail-vs1-f48.google.com [209.85.217.48])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	(Authenticated sender: eduardo)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4NywMv3xywz17Kn
	for <freebsd-ports@freebsd.org>; Fri, 20 Jan 2023 10:14:35 +0000 (UTC)
	(envelope-from eduardo@freebsd.org)
Received: by mail-vs1-f48.google.com with SMTP id i185so5137692vsc.6
        for <freebsd-ports@freebsd.org>; Fri, 20 Jan 2023 02:14:35 -0800 (PST)
X-Gm-Message-State: AFqh2kqsDLwNY14lV8QEwakygvXlwL70ocP22KJ5Y/ZlvAMAi87IoPEO
	HxD2fjIjilMMv31RiIzd1faJbwaoLLu3wZUFnhk=
X-Google-Smtp-Source: AMrXdXtVZ4Muj0dDuln23lWCTjfc1BLqQ5Vy2vr0zKTroIbpgi5NFjn7gmYKWcp/KzcNb7CnmZ3s/CbDI4mh/Q9UEzw=
X-Received: by 2002:a67:ea0d:0:b0:3cb:88c6:293b with SMTP id
 g13-20020a67ea0d000000b003cb88c6293bmr2009780vso.53.1674209675127; Fri, 20
 Jan 2023 02:14:35 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <TYZPR03MB56486D5352CC66A06EBCAAF5FAC59@TYZPR03MB5648.apcprd03.prod.outlook.com>
In-Reply-To: <TYZPR03MB56486D5352CC66A06EBCAAF5FAC59@TYZPR03MB5648.apcprd03.prod.outlook.com>
From: Nuno Teixeira <eduardo@freebsd.org>
Date: Fri, 20 Jan 2023 10:14:23 +0000
X-Gmail-Original-Message-ID: <CAFDf7ULniqRcxsMpSACDxwAXORpDzbSaX_R083+nbtsiVDgYKA@mail.gmail.com>
Message-ID: <CAFDf7ULniqRcxsMpSACDxwAXORpDzbSaX_R083+nbtsiVDgYKA@mail.gmail.com>
Subject: Re: [through-able] poudriere: I don't want to rebuild rust with
 PORTREVISION bump of curl
To: Tatsuki Makino <tatsuki_makino@hotmail.com>
Cc: "freebsd-ports@FreeBSD.org" <freebsd-ports@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000f7352305f2af504c"
X-ThisMailContainsUnwantedMimeParts: N

--000000000000f7352305f2af504c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Other trick for those using -devel (-b latest||quarterly) is to start
building until dependency is done, stop poudriere and restart it. Next
build will use rust-1.66.1 from cache without rebuild it. :)

Cheers

Tatsuki Makino <tatsuki_makino@hotmail.com> escreveu no dia sexta,
20/01/2023 =C3=A0(s) 08:40:

> Hello.
> This is an unimportant topic that may or may not be useful and can be
> skipped :)
>
> Today, our poudriere would have output the following
>
> [00:01:24] [Dry Run] Deleting rust-1.66.1.pkg: missing dependency:
> curl-7.87.0
>
> This causes my poudriere to spend 4 hours rebuilding rust.
> Not long ago, my poudriere spent 6.5 hours rebuilding gcc12 because of
> mpfr :)
>
> I experimented with ways around this.
>
> # Extract +COMPACT_MANIFEST and +MANIFEST
> tar -x -v -f
> /usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg -=
C
> /tmp/ -- +COMPACT_MANIFEST +MANIFEST
> # Substitute 7.87.0 and 7.87.0_1 in curl
> # If 7.87.0 only appeared once, it might be easy to do using sed or
> something, but here I did it with vi to be sure :)
> vi /tmp/+COMPACT_MANIFEST /tmp/+MANIFEST
> # Create a new package... somewhat strange command :)
> tar -c -f - --exclude +\*MANIFEST
> @/usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg =
|
> tar -c -v -f /tmp/rust-1.66.1.pkg -J -C /tmp/ +COMPACT_MANIFEST +MANIFEST=
 @-
> # Copy owner and permissions
> chmod `stat -f %Mp%Lp
> /usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg`
> /tmp/rust-1.66.1.pkg
> chown `stat -f %u:%g
> /usr/local/poudriere/data/packages/jailname-default/All/rust-1.66.1.pkg`
> /tmp/rust-1.66.1.pkg
> # Move the completed package
> mv /tmp/rust-1.66.1.pkg
> /usr/local/poudriere/data/packages/jailname-default/All/
>
> The replaced rust-*.pkg is no longer included in rebuild queue :)
> And after this, the build of graphics/librsvg2-rust succeeded without any
> problems.
>
> It uses the following behavior:
> poudriere uses the following command to check dependencies
> pkg query -F somepackage-0.pkg '%do %dn-%dv'
> The -F option of pkg-query opens the package with pkg_open2 function in
> pkg-1.19.0/libpkg/pkg.c.
> +COMPACT_MANIFEST and +MANIFEST are read in priority to the nearest the
> beginning of the package archive.
>
> If you break a RUST package, give up and rebuild it :)
> poudriere bulk -j jailname -C lang/rust
> ... 4 hours :)
>
> Thank you for reading :)
> Regards.
>
>

--=20
Nuno Teixeira
FreeBSD Committer (ports)

--000000000000f7352305f2af504c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Other trick for those using -devel (-b latest||quarte=
rly) is to start building until dependency is done, stop poudriere and rest=
art it. Next build will use rust-1.66.1 from cache without rebuild it. :)</=
div><div><br></div><div>Cheers<br> </div></div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">Tatsuki Makino &lt;<a href=3D"mail=
to:tatsuki_makino@hotmail.com">tatsuki_makino@hotmail.com</a>&gt; escreveu =
no dia sexta, 20/01/2023 =C3=A0(s) 08:40:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex">Hello.<br>
This is an unimportant topic that may or may not be useful and can be skipp=
ed :)<br>
<br>
Today, our poudriere would have output the following<br>
<br>
[00:01:24] [Dry Run] Deleting rust-1.66.1.pkg: missing dependency: curl-7.8=
7.0<br>
<br>
This causes my poudriere to spend 4 hours rebuilding rust.<br>
Not long ago, my poudriere spent 6.5 hours rebuilding gcc12 because of mpfr=
 :)<br>
<br>
I experimented with ways around this.<br>
<br>
# Extract +COMPACT_MANIFEST and +MANIFEST<br>
tar -x -v -f /usr/local/poudriere/data/packages/jailname-default/All/rust-1=
.66.1.pkg -C /tmp/ -- +COMPACT_MANIFEST +MANIFEST<br>
# Substitute 7.87.0 and 7.87.0_1 in curl<br>
# If 7.87.0 only appeared once, it might be easy to do using sed or somethi=
ng, but here I did it with vi to be sure :)<br>
vi /tmp/+COMPACT_MANIFEST /tmp/+MANIFEST<br>
# Create a new package... somewhat strange command :)<br>
tar -c -f - --exclude +\*MANIFEST @/usr/local/poudriere/data/packages/jailn=
ame-default/All/rust-1.66.1.pkg | tar -c -v -f /tmp/rust-1.66.1.pkg -J -C /=
tmp/ +COMPACT_MANIFEST +MANIFEST @-<br>
# Copy owner and permissions<br>
chmod `stat -f %Mp%Lp /usr/local/poudriere/data/packages/jailname-default/A=
ll/rust-1.66.1.pkg` /tmp/rust-1.66.1.pkg<br>
chown `stat -f %u:%g /usr/local/poudriere/data/packages/jailname-default/Al=
l/rust-1.66.1.pkg` /tmp/rust-1.66.1.pkg<br>
# Move the completed package<br>
mv /tmp/rust-1.66.1.pkg /usr/local/poudriere/data/packages/jailname-default=
/All/<br>
<br>
The replaced rust-*.pkg is no longer included in rebuild queue :)<br>
And after this, the build of graphics/librsvg2-rust succeeded without any p=
roblems.<br>
<br>
It uses the following behavior:<br>
poudriere uses the following command to check dependencies<br>
pkg query -F somepackage-0.pkg &#39;%do %dn-%dv&#39;<br>
The -F option of pkg-query opens the package with pkg_open2 function in pkg=
-1.19.0/libpkg/pkg.c.<br>
+COMPACT_MANIFEST and +MANIFEST are read in priority to the nearest the beg=
inning of the package archive.<br>
<br>
If you break a RUST package, give up and rebuild it :)<br>
poudriere bulk -j jailname -C lang/rust<br>
... 4 hours :)<br>
<br>
Thank you for reading :)<br>
Regards.<br>
<br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr"><span style=3D"color:rgb(102,102,102)">Nun=
o Teixeira<br>FreeBSD Committer (ports)</span></div></div>

--000000000000f7352305f2af504c--

From nobody Fri Jan 20 10:58:53 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyxMC6lRhz2ty6b
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 10:59:03 +0000 (UTC)
	(envelope-from lumiwa@dismail.de)
Received: from mx2.dismail.de (mx2.dismail.de [159.69.191.136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyxMC0NDXz3JCx
	for <ports@freebsd.org>; Fri, 20 Jan 2023 10:59:02 +0000 (UTC)
	(envelope-from lumiwa@dismail.de)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=dismail.de header.s=20190914 header.b=GyAEo5I4;
	spf=pass (mx1.freebsd.org: domain of lumiwa@dismail.de designates 159.69.191.136 as permitted sender) smtp.mailfrom=lumiwa@dismail.de;
	dmarc=pass (policy=reject) header.from=dismail.de
Received: from mx2.dismail.de (localhost [127.0.0.1])
	by mx2.dismail.de (OpenSMTPD) with ESMTP id 33a1e61d
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 11:58:58 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date:from
	:to:subject:message-id:mime-version:content-type
	:content-transfer-encoding; s=20190914; bh=44k8Xf5Bap4hWpOqEU5kL
	fe5YoDTus5THXFol2qZg4s=; b=GyAEo5I4bYQB0kN52FXrkBQioheAIHKHoikMz
	hfSZ7B+rdsUacAA+akm7p7AAX9z+1YeF13AtmOECEqY6BQTXH79MZeFQsrzC3O9d
	qHl7rehVO9o9+HnIiREOFeoCATeAjvVL3aYxO+1uLDT2WUZNOUKNBWAx0D0oOwvt
	spN/V7GE9a4KTBgbR9el8PmxdpBJagJEJVrk2WkqKJ3dQMdCozbkk+6adfK4fnwG
	U8F5b3uuXJT+1Oxngv9r6F3vN8ZaFKGtLCjz1lpaF6b93o1NDifhCcp/UE6j0vSc
	KtOaTeP4jPD0rWzYNTuj0iUkYz+yMGwOQ7Ce+wHQp1tQq8ROA==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
	by mx2.dismail.de (OpenSMTPD) with ESMTP id ab54a73a
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 11:58:58 +0100 (CET)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
	by smtp1.dismail.de (OpenSMTPD) with ESMTP id c75495e0
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 11:58:58 +0100 (CET)
Received: 
	by dismail.de (OpenSMTPD) with ESMTPSA id ccfc53db (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 11:58:57 +0100 (CET)
Date: Fri, 20 Jan 2023 05:58:53 -0500
From: LuMiWa <lumiwa@dismail.de>
To: FreeBSD Ports <ports@freebsd.org>
Subject: qcad
Message-ID: <20230120055853.524e1d58@dismail.de>
X-Mailer: Claws Mail 3.19.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Result: default: False [-5.70 / 15.00];
	DWL_DNSWL_LOW(-1.00)[dismail.de:dkim];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.997];
	RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[dismail.de,reject];
	R_SPF_ALLOW(-0.20)[+ip4:159.69.191.136];
	RCVD_IN_DNSWL_MED(-0.20)[159.69.191.136:from];
	R_DKIM_ALLOW(-0.20)[dismail.de:s=20190914];
	MIME_GOOD(-0.10)[text/plain];
	DKIM_TRACE(0.00)[dismail.de:+];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE];
	RCVD_COUNT_FIVE(0.00)[5];
	ARC_NA(0.00)[];
	TO_DN_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4NyxMC0NDXz3JCx
X-Spamd-Bar: -----
X-ThisMailContainsUnwantedMimeParts: N

Hi!

I cannot run Qcad on my Freebsd 13.1-RELEASE-p5.
I am using packages.

Thank you.
=20
qcad
QCAD version  3.27.7
05:55:51: Debug:    loading plugins...
05:55:51: Debug:    loading static plugins...
Fatal:    Cannot mix incompatible Qt library (5.15.7) with this library
 (5.15.8) Abort


--=20
=E2=80=9CTime is a created thing. To say 'I don't have time,' is like sayin=
g,
'I don't want to.=E2=80=9D

=E2=80=95 Lao Tzu=20

From nobody Fri Jan 20 11:04:43 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyxZd5vjjz2tyyk
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 11:08:57 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyxZd3TCvz3KV7
	for <ports@freebsd.org>; Fri, 20 Jan 2023 11:08:57 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-lf1-x136.google.com with SMTP id f34so7546183lfv.10
        for <ports@freebsd.org>; Fri, 20 Jan 2023 03:08:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=FgnEKNiXUB820VFuXcmFjf2lT23q3WbwyZ4IyQMIBtU=;
        b=kHsXlLY8qYKm03vhIA0Gd5VwAtqAEPD/lDrglmsC87cXkiy9p6yYdqr6S+wN6cMdHD
         GQkxphwEhBPE9lJBEhSNOMUTVphgxTlBiA7Jpad7f4h+6pbqi495OLXQntLa/H8H/Bjf
         o0wWywFKb6TzeiD/4MOiVh/56MJBrAFUfsEFRJTE11Rfangueyp74tkFG2wu+dF23WK4
         joWJTMCmhDhZVC6lFUEz5geiOFPM4lDQIMn4IxffrdoO7JbzKXN/24J83JXditLbXoAo
         jRfw7OOahV13oJxF5GCMOIfoy4/5hF77y51y/wGA5Io7ifgAfhrZqpluKjc3XxQ2XWhU
         tn8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=FgnEKNiXUB820VFuXcmFjf2lT23q3WbwyZ4IyQMIBtU=;
        b=zpp+7Ie8/aYf18C2uOqe8038+BLLjN5lkXuxtdqcL+/Vmuygn86KkuwecObSvplM5x
         fpMhUS3cxrmS41X9i4R6q1xXyXo601vthhoJQcjNLmqC1mvYEgjsJPKJGYeMErhrHeJM
         0bonCGXSHkX/i9bYtv3hIca+uwNf1DS58F3jP0jiMs0VrZGjyjXqGTm+S0TMoItAD2OE
         9UTJOD9QNRaGpomN2S4fonERDC4m9Ntyd91wQ+vYSXAROMOFVYFyOdTNFazwm6OK814M
         LlLIbnCd0hlSfcgVt2d5E6dHsJ4JFQzrSIm5BA+WFVSHR6bdR5vF9nmHshy/BqWm4iwq
         2kYg==
X-Gm-Message-State: AFqh2kqlrH+vNag9AHG7Zr6EEodt/V/nKx5izevW4+sWKjXeaFR5kWIZ
	+LbVKtifXAeX4RG9ordJeQ7DUpj/rr93aGtK8Xg=
X-Google-Smtp-Source: AMrXdXtLtwKlr4BwSJlS0KvYz0ItHedq4j+c4uPVwuQrEaZpmND79IzrvyqGflhUb5v/cn5bcyvOVKUBj2cOXfJ3LPE=
X-Received: by 2002:ac2:5596:0:b0:4cb:334f:85ef with SMTP id
 v22-20020ac25596000000b004cb334f85efmr680056lfg.67.1674212935694; Fri, 20 Jan
 2023 03:08:55 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <20230120055853.524e1d58@dismail.de>
In-Reply-To: <20230120055853.524e1d58@dismail.de>
From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernando.apesteguia@gmail.com>
Date: Fri, 20 Jan 2023 12:04:43 +0100
Message-ID: <CAGwOe2ZpNmNq3diBkhdhS+=w2MV-cDkW+2sOmU6KHRQZzRN+PA@mail.gmail.com>
Subject: Re: qcad
To: LuMiWa <lumiwa@dismail.de>
Cc: FreeBSD Ports <ports@freebsd.org>
Content-Type: multipart/alternative; boundary="0000000000004f7f5e05f2b0134c"
X-Rspamd-Queue-Id: 4NyxZd3TCvz3KV7
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	TAGGED_FROM(0.00)[]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

--0000000000004f7f5e05f2b0134c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 20, 2023 at 11:59 AM LuMiWa <lumiwa@dismail.de> wrote:

> Hi!
>
> I cannot run Qcad on my Freebsd 13.1-RELEASE-p5.
> I am using packages.
>
> Thank you.
>
> qcad
> QCAD version  3.27.7
> 05:55:51: Debug:    loading plugins...
> 05:55:51: Debug:    loading static plugins...
> Fatal:    Cannot mix incompatible Qt library (5.15.7) with this library
>  (5.15.8) Abort
>

Are you mixing ports and packages? Did you run "pkg upgrade" to get the
latest version of the libraries?

Cheers.


>
>
> --
> =E2=80=9CTime is a created thing. To say 'I don't have time,' is like say=
ing,
> 'I don't want to.=E2=80=9D
>
> =E2=80=95 Lao Tzu
>
>

--0000000000004f7f5e05f2b0134c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jan 20, 2023 at 11:59 AM LuMi=
Wa &lt;<a href=3D"mailto:lumiwa@dismail.de">lumiwa@dismail.de</a>&gt; wrote=
:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi!<br>
<br>
I cannot run Qcad on my Freebsd 13.1-RELEASE-p5.<br>
I am using packages.<br>
<br>
Thank you.<br>
<br>
qcad<br>
QCAD version=C2=A0 3.27.7<br>
05:55:51: Debug:=C2=A0 =C2=A0 loading plugins...<br>
05:55:51: Debug:=C2=A0 =C2=A0 loading static plugins...<br>
Fatal:=C2=A0 =C2=A0 Cannot mix incompatible Qt library (5.15.7) with this l=
ibrary<br>
=C2=A0(5.15.8) Abort<br></blockquote><div><br></div><div>Are you mixing por=
ts and packages? Did you run &quot;pkg upgrade&quot; to get the latest vers=
ion of the libraries?</div><div><br></div><div>Cheers.<br></div><div>=C2=A0=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b=
order-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<br>
-- <br>
=E2=80=9CTime is a created thing. To say &#39;I don&#39;t have time,&#39; i=
s like saying,<br>
&#39;I don&#39;t want to.=E2=80=9D<br>
<br>
=E2=80=95 Lao Tzu <br>
<br>
</blockquote></div></div>

--0000000000004f7f5e05f2b0134c--

From nobody Fri Jan 20 11:12:07 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyxfX0gjCz2v0gC
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 11:12:20 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyxfW4VZvz3LP9
	for <ports@freebsd.org>; Fri, 20 Jan 2023 11:12:19 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	none
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 30KBC7Q0018002
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Fri, 20 Jan 2023 12:12:07 +0100 (CET)
	(envelope-from ml@netfence.it)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfence.it;
	s=202301; t=1674213129;
	bh=6Muyz11PeP6BVGnHgaCJgE5G3iiFuGENDcTsRUvzNCQ=;
	h=Date:Subject:To:References:From:In-Reply-To;
	b=bMJXrpn1M6fAFCclMfJGYQRNNbZ+CDZIjlhHEM+QZ8vV8gzSycUls+fu2apQnTfg4
	 D9YSQWm4/o0ELjyELHJCHbZsAZPpwai/98iN7UmO+ppdkpaMRfhoWp252JtppnIJJX
	 8mL+xaNqv6+unbaH4IjV6nF/si8hj/mfrGMK7zwE=
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <aac06e49-c088-f095-5ade-c544bc94a49b@netfence.it>
Date: Fri, 20 Jan 2023 12:12:07 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Re: Can security/ca_root_nss be retired?
Content-Language: en-US
To: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
 <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
 <20230120183531.164a3e14c186d691a8881e93@dec.sakura.ne.jp>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <20230120183531.164a3e14c186d691a8881e93@dec.sakura.ne.jp>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Rspamd-Queue-Id: 4NyxfW4VZvz3LP9
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On 1/20/23 10:35, Tomoaki AOKI wrote:

> Doesn't ETCSYMLINK option work?

No, as I reported a couple of times in the past on the mailing lists (*)


> As it's the default option, you need to install security/ca_root_nss
> from ports with the option disabled, not pkg.

I build my packages with Poudriere, so yes, I've got that options turned 
off.


  bye & Thanks
	av.

P.S.
(*) I never bothered to fill a bug report, as I heard this was going 
away... whether that'll be true or not.

From nobody Fri Jan 20 11:17:31 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyxmb20Pmz2v171
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 11:17:35 +0000 (UTC)
	(envelope-from ume@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyxmb1YSzz3MLw;
	Fri, 20 Jan 2023 11:17:35 +0000 (UTC)
	(envelope-from ume@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1674213455;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=aUfalkfLyj0bEQHh6bK4tbq0BqZhscwWhvYOXsnUR+0=;
	b=IXUZLXB++8bKbx+rRdSl65gXRNJZwTeUngU0deFGp2hyA5szSAulIBVRqWBAGYfFTg+eZ6
	xv9ORozhn3Ol5h4I0+Q+YKRbHLEGGp0vpEb8kzvjBwZ9wxvLPXXV1wezavzYvb6pUa6Ryq
	dlIr3pgs5z0Tnsd9q3YXmt4STncfyjyUzIBtN+GXTO0yb8VXxWSBbM61K31qgkJS+yoWRT
	therR1yPHwuEHouFgFjS5QsbSARFziTjOHNoA/qhecTPag9nNc8WYkgPfuSLN1PJMlXh7m
	YiVZ6UjFYdcIsxCiQpAnO73n3YO26CtkZJcpXcFIIyIFV27Z/vHwapxGmD4Vmg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674213455;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=aUfalkfLyj0bEQHh6bK4tbq0BqZhscwWhvYOXsnUR+0=;
	b=VP+BmSQ7cLA1w1jyFCGief87YxksU+i12Wcol7udf3yaEtN1K+6Muwc/YfGJRk7JUOe34i
	a9bhkwIWmQOwPEqEpTtO4XIKUznF0/urNjwYF1H2Sbw6M5tOEFBEJQfX3eYQPteh249G36
	zFjyuLqvwMaOVWiv+OaApJadtjYDHvHbPctgK1RZAVraRJxGCgFyr3bU1bIgGuOOg4sSUT
	aeLudWc0caxQ8xIR27bXhBTNtkZyBrh4dEZusDNJWfcmDukMb1Re2WbKzNz6jdaJscKnWC
	tWQTZRKxUKuuZ1HAAgKU+Wed8gAd2GH+2+BVil7Pe3It0IJpID2ytmMPoNotXg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674213455; a=rsa-sha256; cv=none;
	b=SU7HWbMkjOV4kV1Sxaec63AVaMwXoNuff68XGfz++J+k9kXw81hEvDq/sPzTFRWG96++Ny
	hTkcoXR7DKHog7ekuiKRhL2S+x0tfZt5GA+WX/HMepRV97SF9mUYHATh9vDjzzf2e9R1II
	QWGlWiTbEdYvoO/jODFw/Qz7vhrw1LEtw+jFRfwKJEJNOstu7ZBdr1+/P+PiCyWT1H/EPv
	WymmYRy8hdpbwz9zYytpT6Qg/8F73yxk5UXbVe3+OdTdd/WH6NeQhyffAZ06MOnGJmAAf/
	0ssMAWQMTVkFlzwqCjHU019qWK+FUUGcBQJGWaPS3g8Nxl12L6PodwRY3Zfhfw==
Received: from bodai.mahoroba.org (gw4.mahoroba.org [218.45.22.175])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: ume)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4NyxmZ2J7Nz18XN;
	Fri, 20 Jan 2023 11:17:34 +0000 (UTC)
	(envelope-from ume@FreeBSD.org)
Date: Fri, 20 Jan 2023 20:17:31 +0900
Message-ID: <yge8rhxqwtw.wl-ume@FreeBSD.org>
From: Hajimu UMEMOTO <ume@FreeBSD.org>
To: Andrea Venturoli <ml@netfence.it>
Cc: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
	<56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
	<5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/28.2 Mule/6.0
X-Operating-System: FreeBSD 13.1-RELEASE-p3
X-PGP-Key: http://www.mahoroba.org/~ume/publickey.asc
X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5  BF5F 04E9 F086 BF90 71FE
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-ThisMailContainsUnwantedMimeParts: N

Hi,

On Fri, 20 Jan 2023 17:16:11 +0900, Andrea Venturoli wrote:
> Base has single certs in /etc/ssl/certs, where I can add my own
> private CAs' ones.
> 
> Port provides a single bundled file in
> /usr/local/etc/ssl/cert.pem.
> This (at least in some cases) overrides completely the ones in
> /etc/ssl/certs, so my own private CAs will not work anymore
> In the end, I have to delete /usr/local/etc/ssl/cert.pem every time
> the port creates it (and currently I have found no way to prevent it
> from doing this).

You can put your private CAs into /usr/local/etc/ssl/certs.
Running "certctl rehash" makes symlinks of the certs in
/usr/local/etc/ssl/certs into /etc/ssl/certs.

Sincerely,

--
Hajimu UMEMOTO
ume@mahoroba.org  ume@FreeBSD.org

From nobody Fri Jan 20 11:34:48 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyy8Z5g5fz2v2gX
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 11:34:54 +0000 (UTC)
	(envelope-from lumiwa@dismail.de)
Received: from mx2.dismail.de (mx2.dismail.de [159.69.191.136])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyy8Z08fhz3NmK
	for <ports@freebsd.org>; Fri, 20 Jan 2023 11:34:53 +0000 (UTC)
	(envelope-from lumiwa@dismail.de)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=dismail.de header.s=20190914 header.b=Sm2dasbO;
	spf=pass (mx1.freebsd.org: domain of lumiwa@dismail.de designates 159.69.191.136 as permitted sender) smtp.mailfrom=lumiwa@dismail.de;
	dmarc=pass (policy=reject) header.from=dismail.de
Received: from mx2.dismail.de (localhost [127.0.0.1])
	by mx2.dismail.de (OpenSMTPD) with ESMTP id 6297f84a
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 12:34:52 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date:from
	:to:subject:message-id:in-reply-to:references:mime-version
	:content-type:content-transfer-encoding; s=20190914; bh=Lmb9F/ac
	TV3ZLYTfjkk7H4aPsBHVOoyaGkekkJlszi0=; b=Sm2dasbO0l7UiONeSb9XxeXb
	5FPA1pJSqKIi24drm0nGnnj6/0/I8RrS0LgaRl6fshG5vqUDQhBeigX4kQTXAt+7
	0M9C2CnncMP5p0Md44MJJon5/VNtBkJj+08xb6egFmswm+ZgFd6SqBZaEISKnVzf
	v4UKXbI1F985vegWiC+Lw5UZoCPIt9OA4Aut3P9TKL3Fvb6J9/juetczTew2vBnQ
	ltMKJVEyNBddtQ07V07+8K4dTzi9n2d45oTBiYpCETWUzj/pLRRgg8IUzKEoRryX
	VU+U1FtpFYiFB2DvDFy+EcpxOwRYz+6rsVhzyhUrG7DDiNQoGjuL4TnMhC68vQ==
Received: from smtp1.dismail.de (<unknown> [10.240.26.11])
	by mx2.dismail.de (OpenSMTPD) with ESMTP id 841c8dbc
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 12:34:51 +0100 (CET)
Received: from smtp1.dismail.de (localhost [127.0.0.1])
	by smtp1.dismail.de (OpenSMTPD) with ESMTP id 807c2b0d
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 12:34:51 +0100 (CET)
Received: 
	by dismail.de (OpenSMTPD) with ESMTPSA id f5a5f4a7 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
	for <ports@freebsd.org>;
	Fri, 20 Jan 2023 12:34:51 +0100 (CET)
Date: Fri, 20 Jan 2023 06:34:48 -0500
From: LuMiWa <lumiwa@dismail.de>
To: ports@freebsd.org
Subject: Re: qcad
Message-ID: <20230120063448.49dd1a14@dismail.de>
In-Reply-To: <CAGwOe2ZpNmNq3diBkhdhS+=w2MV-cDkW+2sOmU6KHRQZzRN+PA@mail.gmail.com>
References: <20230120055853.524e1d58@dismail.de>
	<CAGwOe2ZpNmNq3diBkhdhS+=w2MV-cDkW+2sOmU6KHRQZzRN+PA@mail.gmail.com>
X-Mailer: Claws Mail 3.19.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Result: default: False [-5.70 / 15.00];
	DWL_DNSWL_LOW(-1.00)[dismail.de:dkim];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.998];
	DMARC_POLICY_ALLOW(-0.50)[dismail.de,reject];
	RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
	RCVD_IN_DNSWL_MED(-0.20)[159.69.191.136:from];
	R_SPF_ALLOW(-0.20)[+ip4:159.69.191.136];
	R_DKIM_ALLOW(-0.20)[dismail.de:s=20190914];
	MIME_GOOD(-0.10)[text/plain];
	FROM_EQ_ENVFROM(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	MIME_TRACE(0.00)[0:+];
	DKIM_TRACE(0.00)[dismail.de:+];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_FIVE(0.00)[5];
	ARC_NA(0.00)[];
	ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE];
	FROM_HAS_DN(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4Nyy8Z08fhz3NmK
X-Spamd-Bar: -----
X-ThisMailContainsUnwantedMimeParts: N

On Fri, 20 Jan 2023 12:04:43 +0100
Fernando Apestegu=C3=ADa <fernando.apesteguia@gmail.com> wrote:

> On Fri, Jan 20, 2023 at 11:59 AM LuMiWa <lumiwa@dismail.de> wrote:
>=20
> > Hi!
> >
> > I cannot run Qcad on my Freebsd 13.1-RELEASE-p5.
> > I am using packages.
> >
> > Thank you.
> >
> > qcad
> > QCAD version  3.27.7
> > 05:55:51: Debug:    loading plugins...
> > 05:55:51: Debug:    loading static plugins...
> > Fatal:    Cannot mix incompatible Qt library (5.15.7) with this
> > library (5.15.8) Abort
> >
>=20
> Are you mixing ports and packages? Did you run "pkg upgrade" to get
> the latest version of the libraries?
>=20
> Cheers.
>=20
>=20

No, I do not mixing the. I am using just packages. Today I ran pkg
upgrade and it upgrade may QT5 and remove me FreeCAD. It is okay. I
decided to install Qcad and it doens't work as I wrote before. Looks
like it is not updated.

--=20
=E2=80=9CTime is a created thing. To say 'I don't have time,' is like sayin=
g,
'I don't want to.=E2=80=9D

=E2=80=95 Lao Tzu=20

From nobody Fri Jan 20 11:41:53 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyyJj6nXdz2v3M5
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 11:41:57 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NyyJj4lqQz3Pg6;
	Fri, 20 Jan 2023 11:41:57 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	none
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 30KBfr0K022230
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Fri, 20 Jan 2023 12:41:53 +0100 (CET)
	(envelope-from ml@netfence.it)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfence.it;
	s=202301; t=1674214915;
	bh=wm+OzueeA2iT6mJQv2etvj7ILdL7IVOkoCUG7Ogtw7E=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To;
	b=co/zPy/kAaY43SHZ48D4wE2dlCEPDYYqt0uzJTANtds8aJBHzUJCnPNJH8PQCMJQe
	 dEukwTyUs+kTZa+fbAjWO+y4PKPQA4MX1Yxg7mK5z1NCa7ICl+oCABDntMOIFCwX3f
	 GutPwmjbpKTXVgl88JTR0tEy2buqJUWx8AjHEc3I=
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <3833e1cd-5b74-2459-cb5a-23e4308c07fc@netfence.it>
Date: Fri, 20 Jan 2023 12:41:53 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Re: Can security/ca_root_nss be retired?
Content-Language: en-US
To: Hajimu UMEMOTO <ume@FreeBSD.org>
Cc: ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
 <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
 <yge8rhxqwtw.wl-ume@FreeBSD.org>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <yge8rhxqwtw.wl-ume@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Rspamd-Queue-Id: 4NyyJj4lqQz3Pg6
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On 1/20/23 12:17, Hajimu UMEMOTO wrote:

> You can put your private CAs into /usr/local/etc/ssl/certs.

Well, I never thought of this.
I always put them in /etc/ssl/certs.



> Running "certctl rehash" makes symlinks of the certs in
> /usr/local/etc/ssl/certs into /etc/ssl/certs.

In the end, however, the result is the same: I have my certs hashed in 
/etc/ssl/certs, but some software will use them, some other software 
uses/prefers some different store (I counted at least 5).

I understand it's mostly a matter of fixing (?) those softwares, but it 
would help if:
_ there was a clear policy that proper certs are those in /etc/ssl/certs 
(or whatever else);
_ there wasn't a widely required port (ca_root_nss) that installs two 
additional stores side by side with the "official" (?) one.

  bye
	av.

From nobody Fri Jan 20 12:01:58 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nyyls29bRz2v5bc
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 12:02:01 +0000 (UTC)
	(envelope-from ume@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nyyls1hQcz3RBY;
	Fri, 20 Jan 2023 12:02:01 +0000 (UTC)
	(envelope-from ume@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1674216121;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=NEVQ8m22c3IQRbTRBz7sdi7ZSunwVkcuj3GfzTG6bPc=;
	b=Ak9N7xbL4tn9LL3VZ97w+FbswBCqs/Om2pUjWz0WjuZlKJIaTM1Oc07goCva1/RXWmUHCK
	LwbxEozK5RQVlpE1Z2kH2jl1qtvnIh4m2CsBV7mdzkzYfpdr/AGWp6h5MrUMLfuHnOPT1c
	/ZlqkbU6X3WbKr1GjHKam/swInrb57igg7FkzC5OtA9wTIwMYKnuexwwgoZuQeGe7xFoCe
	UP2oBbxrqzL1o7tDpqfrfZIesPic262LxS2IiwJ1toLFwZjFV32S3PGpx4I+EUcQbgFzkk
	AapbNjuKLIjeBpQO5BiE1cpUSBdeyGGvmYiM16nMlsVWEfQqvF5ljX5ltKlr7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674216121;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=NEVQ8m22c3IQRbTRBz7sdi7ZSunwVkcuj3GfzTG6bPc=;
	b=TzwiqmGoaYHovK1xU6ZAiOWKMeZpgLCZDRvOr6plnmR5i3iecilSjFJHwDXK90HF+VjmTg
	cxnBypjemUksmZIM+YvSFAQmABwppe9PiYJ2se/8ecLJ5Uig910b2gTcpBltI5mzqOLq/n
	e+UKjc6WAfZ7A/t5FJgQv1jVr36w5BGmnSq2dKmrtB3568HhsItkKT07FcXG4HpA5aBD0m
	nypW43LX6S8p9GF4xwyGmjq9CROOSyMg0vcevSLCSspFhXcAlVRzVy6/02FczW4cnQEyO5
	D3st3BL+1wjWh/23Q9GzpOxrVyOPqm62YtEp6S6wSZYj7Tf9sFNk82nQCKqDvA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674216121; a=rsa-sha256; cv=none;
	b=lRghx2Ur+Aqhv69weNN5Djc3ii29Hb67bZSXVmaVdmOGGxoMnEk5vORHxQBlTcO9J8RR6Y
	yeeeohCH44qnLjVGhWLksp5jfRu0tXOrniXUUEezsBQBt75iaWtTQpCxCVyAD/s9Fyo+XC
	UvFF1Eqjmm0e+qMZyimYdzIA0VSP6MMDPoFxs25RIXymEVPC6Mt3fF4T3bCuxC8JojMgfT
	oHE/LidZD+ZQrKbByT/077fhDXAeVHEdfsnIadQ6YqdFMDoJiOg7DAXeKOKiVJpDlDEVpr
	hXrX5+9w1yoFOE6WrKYKGGtky5Nx2licbLN37oTIuHjtLbgTdNI9mAdljaJBcQ==
Received: from bodai.mahoroba.org (gw4.mahoroba.org [218.45.22.175])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: ume)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Nyylr2p9Vz18KK;
	Fri, 20 Jan 2023 12:02:00 +0000 (UTC)
	(envelope-from ume@FreeBSD.org)
Date: Fri, 20 Jan 2023 21:01:58 +0900
Message-ID: <yge7cxhqurt.wl-ume@FreeBSD.org>
From: Hajimu UMEMOTO <ume@FreeBSD.org>
To: Andrea Venturoli <ml@netfence.it>
Cc: ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <3833e1cd-5b74-2459-cb5a-23e4308c07fc@netfence.it>
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
	<56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
	<5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
	<yge8rhxqwtw.wl-ume@FreeBSD.org>
	<3833e1cd-5b74-2459-cb5a-23e4308c07fc@netfence.it>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/28.2 Mule/6.0
X-Operating-System: FreeBSD 13.1-RELEASE-p3
X-PGP-Key: http://www.mahoroba.org/~ume/publickey.asc
X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5  BF5F 04E9 F086 BF90 71FE
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-ThisMailContainsUnwantedMimeParts: N

Hi,

On Fri, 20 Jan 2023 20:41:53 +0900, Andrea Venturoli wrote:

> In the end, however, the result is the same: I have my certs hashed in
> /etc/ssl/certs, but some software will use them, some other software
> uses/prefers some different store (I counted at least 5).

If you mean curl, built without CA_BUNDLE should take care of it.

Sincerely,

--
Hajimu UMEMOTO
ume@mahoroba.org  ume@FreeBSD.org

From nobody Fri Jan 20 14:40:45 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz2HC1G0Rz2sjCN
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 14:40:55 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz2HB54WYz3wPC;
	Fri, 20 Jan 2023 14:40:54 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	none
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 30KEejV5047334
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Fri, 20 Jan 2023 15:40:45 +0100 (CET)
	(envelope-from ml@netfence.it)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfence.it;
	s=202301; t=1674225652;
	bh=NCWthp7j5kVEi+zXVCe7AmoFEa+9rzVwiGgj4pwMG4Q=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To;
	b=nz2i8qgeQqMvSemK0tJuA5hHD8IjS2O9WZ4f8rrpUUzD8xSv3q6Ii+HKCbKz5HKV4
	 Sqhahtcp92gZmfwDDiOgsAbk9o2L/KJrcc0CIAH2Jd+lG/44YL+wjCKCwsWbPM5Do+
	 5cEkpzrlvmsF04NjUAFofYPXg1Sm6REjYw/VWZok=
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <94a83353-4726-3b95-4a76-bee0adfe2d71@netfence.it>
Date: Fri, 20 Jan 2023 15:40:45 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Re: Can security/ca_root_nss be retired?
Content-Language: en-US
To: Hajimu UMEMOTO <ume@FreeBSD.org>
Cc: ports@freebsd.org
References: <551458a3-665f-9f55-8ef9-1dd23e1e3aee@bluerosetech.com>
 <56babb59-ab5b-7845-fbcb-f1cadddfd425@grosbein.net>
 <5f9b073d-ff90-3c4d-805c-7034cd2299c6@netfence.it>
 <yge8rhxqwtw.wl-ume@FreeBSD.org>
 <3833e1cd-5b74-2459-cb5a-23e4308c07fc@netfence.it>
 <yge7cxhqurt.wl-ume@FreeBSD.org>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <yge7cxhqurt.wl-ume@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Rspamd-Queue-Id: 4Nz2HB54WYz3wPC
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On 1/20/23 13:01, Hajimu UMEMOTO wrote:


Briefly... (but I can elaborate if someone is interested)...



> If you mean curl, built without CA_BUNDLE should take care of it.

No, I don't mean curl (which I build without CA_BUNDLE).

I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few.
Each one of these uses different methods (so different certificate stores).
*If* the policy is that certificates are hashed in /etc/ssl/certs, they 
probably should be fixed.

I'm not even citing OpenJDK or FireFox, which do this by desing and 
probably should be left as they are.

  bye
	av.

From nobody Fri Jan 20 16:07:41 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz4CP2sNVz2sthV
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:07:45 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.evolve.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz4CN4zXhz44Cm;
	Fri, 20 Jan 2023 16:07:44 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTP id d61055e7;
	Fri, 20 Jan 2023 16:07:42 +0000 (UTC)
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTPSA id dd145a96 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Fri, 20 Jan 2023 16:07:42 +0000 (UTC)
Date: Fri, 20 Jan 2023 17:07:41 +0100
From: Michael Gmelin <grembo@freebsd.org>
To: freebsd@oldach.net (Helge Oldach)
Cc: grembo@freebsd.org (Michael Gmelin), list_freebsd@bluerosetech.com,
 junchoon@dec.sakura.ne.jp, ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-ID: <20230120170741.66145045.grembo@freebsd.org>
In-Reply-To: <202301200815.30K8FWFq051465@nuc.oldach.net>
References: <98D727E4-8E1D-435B-BEB6-22BF45B4D3F8@freebsd.org>
	<202301200815.30K8FWFq051465@nuc.oldach.net>
X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}>
 +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl
 LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL
 EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl
 YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq
 AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY
 fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM
 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea
 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+
 xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA
 Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n
 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v
 f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT
 L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF
 CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc
 Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII=
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Nz4CN4zXhz44Cm
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N



On Fri, 20 Jan 2023 09:15:32 +0100 (CET)
freebsd@oldach.net (Helge Oldach) wrote:

> Michael Gmelin wrote on Fri, 20 Jan 2023 08:51:31 +0100 (CET):
> > > On 20. Jan 2023, at 07:45, freebsd@oldach.net wrote:
> > > Definitely however ca_root_nss should go away in favor of the
> > > built-in cert infrastructure and the ports still referring to
> > > this legacy should be updated.  
> > 
> > Without tooling in base to update certs independently of updating
> > the OS this will be very painful.  
> 
> Cert updates are rare so my feeling is that separate tooling for this
> kind of leans into overkill.
> 
> The other OS with the colorful tiles will update certs through an OS
> update (and reboot usually). Along the same paradigm, freebsd-update
> would do the job.
> 
> One could as well track source and just install from
> ${SRC_BASE}/secure/caroot followed by certctl rehash.
> 

Well, whatever is done, such a change needs to be managed properly,
which includes adding an entry to UPDATING in ports (e.g., the removal
of ca_root_nss from curl broke tools that relied on having certificates
in /etc/ssl/certs.pem).

-m

-- 
Michael Gmelin

From nobody Fri Jan 20 16:15:07 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz4N760vJz2svy2
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:15:19 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz4N64frlz44yY;
	Fri, 20 Jan 2023 16:15:18 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30KGF77v076990
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 17:15:07 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30KGF7X4076989;
	Fri, 20 Jan 2023 17:15:07 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301201615.30KGF7X4076989@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <20230120170741.66145045.grembo@freebsd.org> from Michael Gmelin at "20 Jan 2023 17:07:41"
To: grembo@freebsd.org (Michael Gmelin)
Date: Fri, 20 Jan 2023 17:15:07 +0100 (CET)
Cc: grembo@freebsd.org, list_freebsd@bluerosetech.com,
        junchoon@dec.sakura.ne.jp, ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 17:15:07 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.23 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-0.998];
	NEURAL_HAM_MEDIUM(-0.97)[-0.967];
	NEURAL_HAM_SHORT(-0.96)[-0.965];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	FROM_NO_DN(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_FIVE(0.00)[5];
	DMARC_NA(0.00)[oldach.net];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4Nz4N64frlz44yY
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Michael Gmelin wrote on Fri, 20 Jan 2023 17:07:41 +0100 (CET):
> Well, whatever is done, such a change needs to be managed properly,
> which includes adding an entry to UPDATING in ports (e.g., the removal
> of ca_root_nss from curl broke tools that relied on having certificates
> in /etc/ssl/certs.pem).

ca_root_nss is not removed from ftp/curl. The CA_BUNDLE knob takes care
for this, and it's actually default. Selecting inappropriate options may
bite of course.

Kind regards
Helge

From nobody Fri Jan 20 16:19:30 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz4T157m9z2swCr
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:19:33 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz4T066k3z45kR;
	Fri, 20 Jan 2023 16:19:32 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30KGJVXU077413
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 17:19:31 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30KGJUaW077412;
	Fri, 20 Jan 2023 17:19:30 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301201619.30KGJUaW077412@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <94a83353-4726-3b95-4a76-bee0adfe2d71@netfence.it> from Andrea Venturoli at "20 Jan 2023 15:40:45"
To: ml@netfence.it (Andrea Venturoli)
Date: Fri, 20 Jan 2023 17:19:30 +0100 (CET)
Cc: ume@FreeBSD.org, ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 17:19:31 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.24 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-0.99)[-0.987];
	NEURAL_HAM_SHORT(-0.95)[-0.954];
	R_SPF_ALLOW(-0.20)[+mx:c];
	MIME_GOOD(-0.10)[text/plain];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	FROM_NO_DN(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	MIME_TRACE(0.00)[0:+];
	RCPT_COUNT_THREE(0.00)[3];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	DMARC_NA(0.00)[oldach.net];
	RCVD_TLS_LAST(0.00)[]
X-Rspamd-Queue-Id: 4Nz4T066k3z45kR
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Andrea Venturoli wrote on Fri, 20 Jan 2023 15:40:45 +0100 (CET):
> I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few.
> Each one of these uses different methods (so different certificate stores).
> *If* the policy is that certificates are hashed in /etc/ssl/certs, they 
> probably should be fixed.

I daresay either of these runs fine against the hashed cert store from
base (OpenSSL takes care).

The other perl related oddity is www/p5-Mozilla-CA which installs
another flat file bundle in another different location.

Kind regards
Helge

From nobody Fri Jan 20 16:22:24 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz4XK2Xdkz2sw85
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:22:25 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz4XJ6nG6z46J2
	for <ports@freebsd.org>; Fri, 20 Jan 2023 16:22:24 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674231744;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=9BZEmEDPcnaDhJ9EptdpE65mPt8MSlD+IBtOyy1Ho7E=;
	b=tlZ09vXXNr0KQh9h1mp9JOXq+YnU1vqSrkKxhgmC41PgcIlRgPSxDyjR/e9HsGgmnWCO9I
	iy1LbYhidi2+D8vGnaaqIrqSK+Zg/nRX0ysLLiogsIXHbmJXDJOzuP0aAMF33du18sex/y
	9nwXQ0T/BsYOrF/sjxtTcyJGsrl+XSego3uG2UDDC/eQT8gMGOzGUsW9Wc8wutp3j1CSXC
	wY0Ju9FgcKKabxeHMGBWBWO0J5akSekIZcdXIyxToWzJnWAYBFpw8dDHhcG7ftdCKWGO4y
	wrqOdVl1TlezBqIB1Wy69SmvOQJwwz+o3SsQ/HI6kv2Z238nNUc9lju9n2IzIw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674231745; a=rsa-sha256; cv=none;
	b=WK7HhCGMS2eJ4ifhmxbEMz/65+2bMNa0aN2mIcaqvsAtNHG3wfcd/U7G4UoFeX6T/K9p90
	B6Lbo5kHGctH9razpCyfSPDUnzLQSl+lj4+HIUIwcJWaqSI8V4EqfyVYGQR6U6yCkdRh7L
	g7CKh9BhC1ykJLa56ld3oY7uY3PbtgwfYIF0sOX+gHIl8W1E+7LbzqWQtY8TUr4skuLkx/
	zEkbyFQRT6Qi5YMvhgSdR4BoTTypiRRfmUM4ujYVgqJsK9YAudK3beyWCY9BfyfEVxL/zS
	KrOT3DJGKrj7xENg3EuWo1+n1hxEnW0127xRZP+KkU3eC0xHt/1BrlAbkczx6Q==
Received: from portscout.nyi.freebsd.org (portscout.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Nz4XJ5p0tzcJ8
	for <ports@freebsd.org>; Fri, 20 Jan 2023 16:22:24 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from portscout.nyi.freebsd.org ([127.0.1.10])
	by portscout.nyi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30KGMOJ0062552
	for <ports@freebsd.org>; Fri, 20 Jan 2023 16:22:24 GMT
	(envelope-from portscout@FreeBSD.org)
Received: (from portscout@localhost)
	by portscout.nyi.freebsd.org (8.15.2/8.15.2/Submit) id 30KGMO5V062525;
	Fri, 20 Jan 2023 16:22:24 GMT
	(envelope-from portscout@FreeBSD.org)
Message-Id: <202301201622.30KGMO5V062525@portscout.nyi.freebsd.org>
X-Authentication-Warning: portscout.nyi.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Date: Fri, 20 Jan 2023 16:22:24 +0000
From: portscout@FreeBSD.org
To: ports@freebsd.org
Subject: Unmaintained FreeBSD ports which are out of date
X-Mailer: portscout/0.8.1
X-ThisMailContainsUnwantedMimeParts: N

Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/ports@freebsd.org.html


Port                                            | Current version | New version
------------------------------------------------+-----------------+------------
cad/ifcopenshell                                | 0.6.0           | blenderbim-230120
------------------------------------------------+-----------------+------------


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:    portscout!

From nobody Fri Jan 20 16:31:43 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz4l70FWPz2sxVZ
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:31:47 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.evolve.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz4l64YKhz47nt;
	Fri, 20 Jan 2023 16:31:46 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTP id 6ee7b961;
	Fri, 20 Jan 2023 16:31:44 +0000 (UTC)
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTPSA id ac31254f (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Fri, 20 Jan 2023 16:31:44 +0000 (UTC)
Date: Fri, 20 Jan 2023 17:31:43 +0100
From: Michael Gmelin <grembo@freebsd.org>
To: freebsd@oldach.net (Helge Oldach)
Cc: grembo@freebsd.org (Michael Gmelin), list_freebsd@bluerosetech.com,
 junchoon@dec.sakura.ne.jp, ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-ID: <20230120173143.24cac026.grembo@freebsd.org>
In-Reply-To: <202301201615.30KGF7X4076989@nuc.oldach.net>
References: <20230120170741.66145045.grembo@freebsd.org>
	<202301201615.30KGF7X4076989@nuc.oldach.net>
X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}>
 +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl
 LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL
 EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl
 YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq
 AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY
 fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM
 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea
 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+
 xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA
 Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n
 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v
 f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT
 L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF
 CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc
 Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII=
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Nz4l64YKhz47nt
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N



On Fri, 20 Jan 2023 17:15:07 +0100 (CET)
freebsd@oldach.net (Helge Oldach) wrote:

> Michael Gmelin wrote on Fri, 20 Jan 2023 17:07:41 +0100 (CET):
> > Well, whatever is done, such a change needs to be managed properly,
> > which includes adding an entry to UPDATING in ports (e.g., the
> > removal of ca_root_nss from curl broke tools that relied on having
> > certificates in /etc/ssl/certs.pem).  
> 
> ca_root_nss is not removed from ftp/curl. The CA_BUNDLE knob takes
> care for this, and it's actually default. Selecting inappropriate
> options may bite of course.
> 

Consumers of binary packages don't change default knobs and don't
"select inappropriate options". They get what they get and rely on
UPDATING (and/or pkg-message) to get informed when defaults change and
potentially breaking changes happen.

The CA_BUNDLE knob was enabled on ftp/curl by default for many years
and was just recently disabled (in c63a8f65af, just in time for
2023Q1), which caused fall-out, e.g.:
https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/050433.html

-m

-- 
Michael Gmelin

From nobody Fri Jan 20 16:32:11 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz4lh6NL9z2sxwc
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:32:16 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mailserver.netfence.it", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz4lh1YdWz49WR;
	Fri, 20 Jan 2023 16:32:16 +0000 (UTC)
	(envelope-from ml@netfence.it)
Authentication-Results: mx1.freebsd.org;
	none
Received: from [10.1.2.18] (mailserver.netfence.it [78.134.96.152])
	(authenticated bits=0)
	by soth.netfence.it (8.17.1/8.17.1) with ESMTPSA id 30KGWBnB063579
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Fri, 20 Jan 2023 17:32:12 +0100 (CET)
	(envelope-from ml@netfence.it)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfence.it;
	s=202301; t=1674232334;
	bh=asNjJtpIfIjw53eGYB5vo9/GZcdLQCaboX1RRWLlsAg=;
	h=Date:Subject:To:Cc:References:From:In-Reply-To;
	b=l2xW03QoRrGNz8ePmXDG3ypC16BVdDXRGFXBQUV8gnkCisOV/eLpQpPmGSlnz0CsU
	 u1MI4OEKoJKaPFPZ/2DjlD6W5rf2Tg/aRW1NzrpGwgmSbMBNGq8SXxkIEzMtueh8Pl
	 BuExavEWpSq19NkRDqAyRCKM4YVqquCzSHjWjXgY=
X-Authentication-Warning: soth.netfence.it: Host mailserver.netfence.it [78.134.96.152] claimed to be [10.1.2.18]
Message-ID: <5a589d10-5a14-852a-0ae9-ebb6e26da652@netfence.it>
Date: Fri, 20 Jan 2023 17:32:11 +0100
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Re: Can security/ca_root_nss be retired?
Content-Language: en-US
To: Helge Oldach <freebsd@oldach.net>
Cc: ume@FreeBSD.org, ports@freebsd.org
References: <202301201619.30KGJUaW077412@nuc.oldach.net>
From: Andrea Venturoli <ml@netfence.it>
In-Reply-To: <202301201619.30KGJUaW077412@nuc.oldach.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84
X-Rspamd-Queue-Id: 4Nz4lh1YdWz49WR
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On 1/20/23 17:19, Helge Oldach wrote:
> Andrea Venturoli wrote on Fri, 20 Jan 2023 15:40:45 +0100 (CET):
>> I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few.
>> Each one of these uses different methods (so different certificate stores).
>> *If* the policy is that certificates are hashed in /etc/ssl/certs, they
>> probably should be fixed.
> 
> I daresay either of these runs fine against the hashed cert store from
> base (OpenSSL takes care).

pkg will, but not by default, only if I remove /usr/local/etc/ssl/cert.pem.



> The other perl related oddity is www/p5-Mozilla-CA which installs
> another flat file bundle in another different location.

And it's not used by all PERL software (see security/pulledpork, which 
uses /usr/local/share/certs/ca-root-nss.crt instead).



Both the above mentioned files come with ca_root_nss.

  bye
	av.

From nobody Fri Jan 20 16:54:15 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz5FF07hTz2t0sM
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 16:54:25 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz5FC75Yyz4CZ0;
	Fri, 20 Jan 2023 16:54:23 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30KGsFKN089634
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 17:54:15 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30KGsFFV089633;
	Fri, 20 Jan 2023 17:54:15 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301201654.30KGsFFV089633@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <20230120173143.24cac026.grembo@freebsd.org> from Michael Gmelin at "20 Jan 2023 17:31:43"
To: grembo@freebsd.org (Michael Gmelin)
Date: Fri, 20 Jan 2023 17:54:15 +0100 (CET)
Cc: grembo@freebsd.org, list_freebsd@bluerosetech.com,
        junchoon@dec.sakura.ne.jp, ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 17:54:16 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.29 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.991];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	FROM_NO_DN(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	TO_DN_NONE(0.00)[];
	RCPT_COUNT_FIVE(0.00)[5];
	DMARC_NA(0.00)[oldach.net];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4Nz5FC75Yyz4CZ0
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Michael Gmelin wrote on Fri, 20 Jan 2023 17:31:43 +0100 (CET):
> The CA_BUNDLE knob was enabled on ftp/curl by default for many years
> and was just recently disabled (in c63a8f65af, just in time for
> 2023Q1), which caused fall-out, e.g.:
> https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/050433.html

That was changed accidentally and is reverted, so the case is irrelevant
in the light of this discussion.

Kind regards
Helge

From nobody Fri Jan 20 17:11:25 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz5cx1zcCz2t2qx
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 17:11:29 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Received: from mail.evolve.de (mail.evolve.de [213.239.217.29])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.evolve.de", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz5cw6Yr7z4Dkl;
	Fri, 20 Jan 2023 17:11:28 +0000 (UTC)
	(envelope-from grembo@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTP id 0d2cfc6a;
	Fri, 20 Jan 2023 17:11:27 +0000 (UTC)
Received: 
	by mail.evolve.de (OpenSMTPD) with ESMTPSA id 67125a05 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO);
	Fri, 20 Jan 2023 17:11:27 +0000 (UTC)
Date: Fri, 20 Jan 2023 18:11:25 +0100
From: Michael Gmelin <grembo@freebsd.org>
To: freebsd@oldach.net (Helge Oldach)
Cc: grembo@freebsd.org (Michael Gmelin), list_freebsd@bluerosetech.com,
 junchoon@dec.sakura.ne.jp, ports@freebsd.org
Subject: Re: Can security/ca_root_nss be retired?
Message-ID: <20230120181125.788c5aca.grembo@freebsd.org>
In-Reply-To: <202301201654.30KGsFFV089633@nuc.oldach.net>
References: <20230120173143.24cac026.grembo@freebsd.org>
	<202301201654.30KGsFFV089633@nuc.oldach.net>
X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}>
 +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl
 LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL
 EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl
 YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq
 AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY
 fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM
 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea
 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+
 xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA
 Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n
 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v
 f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT
 L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF
 CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc
 Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII=
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Nz5cw6Yr7z4Dkl
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N



On Fri, 20 Jan 2023 17:54:15 +0100 (CET)
freebsd@oldach.net (Helge Oldach) wrote:

> Michael Gmelin wrote on Fri, 20 Jan 2023 17:31:43 +0100 (CET):
> > The CA_BUNDLE knob was enabled on ftp/curl by default for many years
> > and was just recently disabled (in c63a8f65af, just in time for
> > 2023Q1), which caused fall-out, e.g.:
> > https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/050433.html
> >  
> 
> That was changed accidentally and is reverted, so the case is
> irrelevant in the light of this discussion.
> 

The disabling of CA_BUNDLE served as an example (hence "e.g., the
removal...").

My point is that the change should be done in a way that gives users a
chance to avoid breakage/unpleasant surprises.

By the way, I noticed that fetch(1)[0] and fetch(3) man pages should
probably be updated to reflect having CA certs in base (and definitely
stop recommending the installation of ca_root_nss). I'll take care
of that soonish.

Cheers

[0]https://cgit.freebsd.org/src/tree/usr.bin/fetch/fetch.1

-- 
Michael Gmelin

From nobody Fri Jan 20 17:17:28 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nz5lw1xR4z2t3nb
	for <ports@mlmmj.nyi.freebsd.org>; Fri, 20 Jan 2023 17:17:32 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Received: from nuc.oldach.net (hmo.in-vpn.de [IPv6:2001:67c:1407:60::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "nuc.oldach.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nz5lv25GRz4G4l;
	Fri, 20 Jan 2023 17:17:31 +0000 (UTC)
	(envelope-from freebsd@oldach.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=pass (mx1.freebsd.org: domain of freebsd@oldach.net designates 2001:67c:1407:60::1 as permitted sender) smtp.mailfrom=freebsd@oldach.net;
	dmarc=none
Received: from nuc.oldach.net (localhost [127.0.0.1])
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22) with ESMTPS id 30KHHSg9002552
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Fri, 20 Jan 2023 18:17:29 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Received: (from hmo@localhost)
	by nuc.oldach.net (8.17.1/8.17.1/hmo04jun22/Submit) id 30KHHSud002550;
	Fri, 20 Jan 2023 18:17:28 +0100 (CET)
	(envelope-from freebsd@oldach.net)
Message-Id: <202301201717.30KHHSud002550@nuc.oldach.net>
Subject: Re: Can security/ca_root_nss be retired?
In-Reply-To: <5a589d10-5a14-852a-0ae9-ebb6e26da652@netfence.it> from Andrea Venturoli at "20 Jan 2023 17:32:11"
To: ml@netfence.it (Andrea Venturoli)
Date: Fri, 20 Jan 2023 18:17:28 +0100 (CET)
Cc: ume@FreeBSD.org, ports@freebsd.org
From: freebsd@oldach.net (Helge Oldach)
X-No-Archive: Yes
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Greylist: inspected by milter-greylist-4.6.4 (nuc.oldach.net [0.0.0.0]); Fri, 20 Jan 2023 18:17:29 +0100 (CET) for IP:127.0.0.1 DOMAIN:localhost HELO:nuc.oldach.net FROM:freebsd@oldach.net RCPT:
X-Spamd-Result: default: False [-2.26 / 15.00];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-0.99)[-0.988];
	NEURAL_HAM_SHORT(-0.97)[-0.973];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.10)[text/plain];
	FROM_NO_DN(0.00)[];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	RCVD_TLS_LAST(0.00)[];
	R_DKIM_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	ASN(0.00)[asn:29670, ipnet:2001:67c:1400::/45, country:DE];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCPT_COUNT_THREE(0.00)[3];
	DMARC_NA(0.00)[oldach.net];
	TO_DN_NONE(0.00)[];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4Nz5lv25GRz4G4l
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

Andrea Venturoli wrote on Fri, 20 Jan 2023 17:32:11 +0100 (CET):
> On 1/20/23 17:19, Helge Oldach wrote:
> > Andrea Venturoli wrote on Fri, 20 Jan 2023 15:40:45 +0100 (CET):
> >> I mean ports-mgmt/pkg, security/pulledpork, www/p5-libwww, to name a few.
> >> Each one of these uses different methods (so different certificate stores).
> >> *If* the policy is that certificates are hashed in /etc/ssl/certs, they
> >> probably should be fixed.
> > 
> > I daresay either of these runs fine against the hashed cert store from
> > base (OpenSSL takes care).
> 
> pkg will, but not by default, only if I remove /usr/local/etc/ssl/cert.pem.
> 
> 
> 
> > The other perl related oddity is www/p5-Mozilla-CA which installs
> > another flat file bundle in another different location.
> 
> And it's not used by all PERL software (see security/pulledpork, which 
> uses /usr/local/share/certs/ca-root-nss.crt instead).

Which makes it confusing as p5-Mozilla-CA is pulled in by
p5-IO-Socket-SSL which is pulled in by p5-Net-HTTP which is pulled in by
p5-libwww. You end up with both ${LOCALBASE}/share/certs/ca-root-nss.crt
and ${LOCALBASE}/lib/perl5/site_perl/Mozilla/CA/cacert.pem. Fun with
troubleshooting as both files are different.

Kind regards
Helge

From nobody Sat Jan 21 03:54:57 2023
X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NzMvh5P9Bz30tDZ
	for <freebsd-ports@mlmmj.nyi.freebsd.org>; Sat, 21 Jan 2023 03:55:12 +0000 (UTC)
	(envelope-from tatsuki_makino@hotmail.com)
Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01olkn2026.outbound.protection.outlook.com [40.92.52.26])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NzMvh1p0rz4NjN;
	Sat, 21 Jan 2023 03:55:12 +0000 (UTC)
	(envelope-from tatsuki_makino@hotmail.com)
Authentication-Results: mx1.freebsd.org;
	none
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QUfM3LSeOT3UJUBP0ZTNNO4rSwRN27JOY168qh/hiAItDLQ3EZK/Mx8i7mYFkffWvA6xlbNY5BYALbbd1/zHClFsC6JyXDgNIMAV6WpKMfdU043mqNqorM0iREVPYHpNVOerF57//eNg9+T290cXhpUVdK31G3p3oVetWrGt4nN7BqQPZX0AkrWvHYol/nNrt+KII5iSy2phYCZHDcz147y/n0FSrNEdfXFgXuqFRFOLOi93f0xRudqDPngUdUvBy2q3yvRmm51d7p7ZjG/IXc6g/wsYCGK3Tt8999FPxNEPxAdiEvbrp+nbRZ8p1kEKcV+nT1bFr2g8jYTA2baLsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=PVQmXhCPs3GxAneYO6y5oaTxz1APvWm6ClKhWqU3UKE=;
 b=AwxLjeujS7yebufvFH8ruUrpcz0mQJl/m6ZFBa1z6CF+U86gEAXOVliBPx/y8CCqQNtNEXSIFg4W1Z3CYwxgaH1MmS8NeuXEJ3nBOrrWiaHN+ZlTclQUf9vEWhYc8IMRFxl7AQp3nzGVeyzHfEWZq1tY1KjwAT0hS98aJRK5yTkNOaFFqWOn4UQPYhu/OMys3jULnnbMe4XmH+L3uILeWXBWglyRAm1cDoDZ3B9Q/ty6B9u03YMhMnSfOKuBg1sO4DsldcrBfXf3Y/x0Eab/CM33Kl3o4mt9qy1m/jWtRjWL0OtNdg08laSSn++GpvWSXO6bDRst348vfIthxsF/pQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=PVQmXhCPs3GxAneYO6y5oaTxz1APvWm6ClKhWqU3UKE=;
 b=rd1BtkbaS4sSboXUhMkDXuzwxj6sqM/55vN/HWR8wBSb7MhIczQ7XefWCFNZxLzrM6orqw0QSXEtqjN2vh5Adr/Qg0zI1GyJgFknKGvxYQc3vioZYobrvpVleHaxLIo8qDbOfN+iswyxCNJ7CVRXvRazmznQxAcWQqIv+FaTo1PQ5x7KhzZmJZrRYIxm8nHjfbc1RE5BCS2x2zmsmVuE4hea01CP8ouUDpbMVOBCwZKSwm/U+ufXe//KZuycVNq0JLwc5WvYeNqNiX+dkwh+C+6BVF4oUM1g8OyGBYMeVfWRDp2auLH9iPtfEK97eHK1qaXAbKihiWZByzVIjtl3zA==
Received: from PSAPR03MB5639.apcprd03.prod.outlook.com (2603:1096:301:66::13)
 by SEZPR03MB7074.apcprd03.prod.outlook.com (2603:1096:101:ee::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.25; Sat, 21 Jan
 2023 03:55:08 +0000
Received: from PSAPR03MB5639.apcprd03.prod.outlook.com
 ([fe80::b8b1:ec60:3d5d:ce02]) by PSAPR03MB5639.apcprd03.prod.outlook.com
 ([fe80::b8b1:ec60:3d5d:ce02%5]) with mapi id 15.20.6002.027; Sat, 21 Jan 2023
 03:55:08 +0000
Subject: Re: [through-able] poudriere: I don't want to rebuild rust with
 PORTREVISION bump of curl
To: Nuno Teixeira <eduardo@freebsd.org>
Cc: "freebsd-ports@FreeBSD.org" <freebsd-ports@freebsd.org>
References: <TYZPR03MB56486D5352CC66A06EBCAAF5FAC59@TYZPR03MB5648.apcprd03.prod.outlook.com>
 <CAFDf7ULniqRcxsMpSACDxwAXORpDzbSaX_R083+nbtsiVDgYKA@mail.gmail.com>
From: Tatsuki Makino <tatsuki_makino@hotmail.com>
Message-ID:
 <PSAPR03MB563933580A106C4A6C818112FACA9@PSAPR03MB5639.apcprd03.prod.outlook.com>
Date: Sat, 21 Jan 2023 12:54:57 +0900
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Firefox/52.0 SeaMonkey/2.49.4
In-Reply-To: <CAFDf7ULniqRcxsMpSACDxwAXORpDzbSaX_R083+nbtsiVDgYKA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-TMN: [AflqKR1KzGUcq8OPhRSCIiSs8alX5r7S]
X-ClientProxiedBy: TYCP286CA0203.JPNP286.PROD.OUTLOOK.COM
 (2603:1096:400:385::16) To PSAPR03MB5639.apcprd03.prod.outlook.com
 (2603:1096:301:66::13)
X-Microsoft-Original-Message-ID:
 <7d74fb28-dbc4-5afa-c89a-21d1fc73ff35@hotmail.com>
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PSAPR03MB5639:EE_|SEZPR03MB7074:EE_
X-MS-Office365-Filtering-Correlation-Id: 863980bc-533d-4d46-33b8-08dafb634906
X-MS-Exchange-SLBlob-MailProps:
	Vt1MYR2q4OleZ2o9R8qWy1VH5qrQY+WrlcY0/TKEvHZ8HDuUPFdZZpZE6lPWHYdiR0B8OYsIueDpLRNOVSvH5K7IuHhodi7SI8laayF2ZWqxDST7e/Ynb+kwuCbaGOyHGJzpQ9A/ZRxRipQasOE1j/iVmOBWrWXUojqMPtxEUPJdiYOO8NnS2FNX2ZjO6lNzvCXJMDBvQb6TanepIA+uwALRnZ+sRbfVxyUCyvXEqVAhDEq9Ib5FAGfsrY2zVb59yAsMdPu58WeYvHSIVkvJrqwdu4I+ZqjXKQf9KIF4K2qfU8D3/g5/TZO70qV3Ug5/B6vurDl1DTfZm38S7wqH/+eOct6f4yq+4t0mFli/b+KPycfgFSTzejG51/IviOV6/yXmStBhgYJn/5czGoIJIIKF/9S7KjJV9mocro26xFpcrVimPAeKSv6glfMiX0cF+qy9+f+PSbozVUSucQA9Zd8qrq7jlDi7dlFtPemDi8LwxbGfVkLCManxvoKiDsnTT9EgVcaq/TQwykiz2Jxa7wJ6ZSXp3eHyYNsJiVAy5wbx7J4MVmefSDSaJ0mCVLZJCo7nusUDkaAnQuxLkgJFfX+DrxEdNevInLlmTkAuiWPZdvHyhqBJc4MMzY3NoZdfSaL7Sd7aX8RnXRmfY9TiB6LI7dM1C2T0CLKTqyvRotslSLjVB+QSwpN0yfDjuoPfzQ57XXtyztDQQGLSxxn3zskLJbJMmr9q
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	G+LzCtjpg6s9HrfbLFQEPgPLd7sXQsmd7mk6eELbfaV+qxFqUcGQ2sLMIQnWGElTbhZq0m1lmb4o+i5W4NqpVZLX7c+cBfNMGkfDGMRJik9s4o7Zj9VyGFipWVNzAI4ds2nHZuvOtSGJmPlmmfA9ldwcR0HzbpqNgGdCkJXLpMCsG0HnaTVSqcrEuzycuJIfK12ipRuXATSwF3Wx4EPUrPEXEDQ1qAf84aEcL2Ei6d0KztUAtvT7//tURQTD4UCLqKXSTDz+XQfSDvzKXty+a/Vhf9LHO1xWBfGUvkAEITZmA4emXvzdNcyN+3COtYg2gIw/UmIihfNCXO4PjcjxoIwonx79B/jThBYrwUBdRkdKs3i+3s7F2I5jItYUpsaPMROx3zVRG5pLMgqj6FjlQV5p0Ba5i0tIiU2XlQAnk3T7n5E3b4txcF2BnwPsO/bfjqakX+YChBoisDuMk2h1Dqd6RSzJGj1KrG1SO+bSf4nfHjVvM0JwWB5cDDzCocIROk3gdUr9hiXEJEvW5ZK0j4VUpzrijjGRzYmQWLLW+OZcOkGbE+HP+uFcUP1vGGMpGHVcdfKB07vk9kep/cqikyBqiWoetxikxTWCn1nT73DgB8SOA+svsLjrg+jEu31kAQDUJ89nAuMoGJdnNtJTPW5vm32x+8l7Vf4jjFGUmyY1msBKGurrKwLNPAsaX3RY
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?utf-8?B?WnhCcW1BbGZGK1hFaHNqRi85TmFYL0RxUFczZU1zb0FYeCtoMDRtajl4NHpm?=
 =?utf-8?B?bVdjbEtZSTVUdG1xRXExUjNiSi9OUUIwaTlxNVV2R3RQZVVLZXNCKzczYVAw?=
 =?utf-8?B?QlJZOFRmdDRqMGdURjJhMDJiUzBsRHFKUHNDckZjZE12ckpHVmtRM1ZQQ3Vt?=
 =?utf-8?B?dWpwRVpqd2pTNllyNFgrT21LM1dVd2hKcCs4UEs0WkRsYWxKQ1NXQ2VUcjZG?=
 =?utf-8?B?YnhrSEtUY1NCYitqdCtYYkVXVUdlOWVQdVNZRVhyVk4xRE8wQ2hqdW1JbGVU?=
 =?utf-8?B?eDlyd3pBbmI0Tkd2clU3bEd5WEJhRnN2OFVyQ292d1pQVVNnTTRRRFlOSUFl?=
 =?utf-8?B?c2ZVRkV5N0IwTTEzdnE5V0RTZzZwZHpoRlZZS29CM29lWGhsa0ovTS9YV0Fx?=
 =?utf-8?B?N1BXWDdXNUJmb1RYaXpLbzhRVTNGK09hMFFSZi9HeUwyTU4rU24xd29ZSFFL?=
 =?utf-8?B?eWtIbDk2TGVKOEQrTzYxVHlWeHIrcUtHemxVOTJHMnZrVG1PRUFwRmw3aHc4?=
 =?utf-8?B?TjFvN1ExTWwzTjVwK1JvRzVBM29qUm1kQmd6MDFlRkE3TW5uQW5iTnJ3R3Nq?=
 =?utf-8?B?VTNHOUN0SnBUL3JqSHl5L2Vpa0ltd25uTkx4Vm9kWU02RjJ6Wmc4NnlQTFRj?=
 =?utf-8?B?bzFiVFlRQ0d5TUp0VFBUVWZYZk9Hc2tKc3IzM29HYnIxd0Qyc2ptZE1jOGNn?=
 =?utf-8?B?U3ljTDg5a1B5dHNwdHQvWlBhZGs1ZXRRSW1VWVlqQXZUdkQzbnhIbXpSdmNn?=
 =?utf-8?B?WHRIMTJlUk1vQW9ISmxzbkt2SG1ScVdSait3U0dKUjhKVzZPUmF1ejVScU8w?=
 =?utf-8?B?aWtBZjlrZXpDTUNFYURxd09TaTB0dGRCRFRoTFJ3UE15c3ZmVFhmanZ4ekts?=
 =?utf-8?B?UzRFUnRQN2JJZnR5ODZjUk8zekhwbDd4alVoQjFTdVN4SlZjTXJGSDNLdzcr?=
 =?utf-8?B?MDcrRDBKN2FQWElrU0FVVWY1NmhBZnVsY1pWOUhKYmxtNjMxd3V2TWQwYXhr?=
 =?utf-8?B?RjBTRXQxRm9DejFrYVBVVy9aTGlrTVBPcTFndmlVZThSQ3VOcWxHM1BZVGxw?=
 =?utf-8?B?MnZyV3k5T0pUVFJEUnJ2M2FKMzZieHZGM01MRHZGQXVkUGFRRWtndUtOTnV3?=
 =?utf-8?B?UVFXUFFHNno4SHpIUXlYM05OaGxWdExnc1FDMXRrQTQ0UnZOdGZkU2l5UjUx?=
 =?utf-8?B?aTRCRFN5TkRKSkp0SzNrS3dPRlpieVBtbGM5b2NIdDBMQmZKSFhLU2JuZExN?=
 =?utf-8?B?Vk51OUE2QnlYZ2s0NVhNSU1YSTlDVFJMaEFmcXdtVDJIOVphRm5MUXdjeTBY?=
 =?utf-8?B?YWJQNm5HOUpqVkNQNzBteUlNdXFibVpwMTdVcUM0YVNzYnB3ZGpHRTNTdHhB?=
 =?utf-8?B?Wng1T0ZpTUJDSjJra1F5THNFUTUwT3M2dkVvYjRFa3oyNUpiY1NXUGhHMDRU?=
 =?utf-8?B?NnRjMDZsNEJGdUJxZ1k2alIrbW9PaEVTeUd0TEtnL3lQY1I2T09LekxtWTVO?=
 =?utf-8?B?NkExaEo5cjRKTEUzMEhFZnhVSytoY1Vyeml2V2tXSVdiRU5URHlNMkhJbkI4?=
 =?utf-8?B?dXRRNC9GcVhWbUM1Nmhtc0ZIcHRrWkhwQWNmQkN5UTduVjIvbzNyWEV2SUNC?=
 =?utf-8?B?ZEpFQnJ5eTNzL2F1cWsveDZTSndPZnJoa2ZBZzhCOUM2b0I0VnpsdVRTZ0U5?=
 =?utf-8?B?NTdqbHBsQ2pUeXM0aUYrRWxxVjhhYjJjNGpEYVdHaFc5RVdiMmlZekRoTUZv?=
 =?utf-8?Q?13MUptNN0jHlODJiiQ=3D?=
X-OriginatorOrg: sct-15-20-4734-24-msonline-outlook-c0b75.templateTenant
X-MS-Exchange-CrossTenant-Network-Message-Id: 863980bc-533d-4d46-33b8-08dafb634906
X-MS-Exchange-CrossTenant-AuthSource: PSAPR03MB5639.apcprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2023 03:55:08.2771
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR03MB7074
X-Rspamd-Queue-Id: 4NzMvh1p0rz4NjN
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

Nuno Teixeira wrote on 2023/01/20 19:14:
> Other trick for those using -devel (-b latest||quarterly) is to start
> building until dependency is done, stop poudriere and restart it. Next
> build will use rust-1.66.1 from cache without rebuild it. :)

I haven't used poudriere-devel for a while because I didn't like the way it resolved dependencies...
Will the method continue to work when packages that require curl-7.87.0.pkg and packages that require curl-7.87.0_1.pkg start to mix?
I build a single package that requires curl (e.g. git, libkml, netcdf, proj...) when curl is updated, for example.
So I have a feeling that if the rust prepared the way requires the old curl, there will be some conflict when the already updated package installs the new curl.
Well, this is a guess, and one that we won't really know until we try it :)

Anyway, the previous email is for anyone who has ever thought about replacing +*MANIFEST of a package :)

Regards.


From nobody Sat Jan 21 16:04:09 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nzh4p03jRz32DF3
	for <ports@mlmmj.nyi.freebsd.org>; Sat, 21 Jan 2023 16:04:10 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Nzh4n5Gb0z4Hqp
	for <ports@freebsd.org>; Sat, 21 Jan 2023 16:04:09 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674317049;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8xuhT4dxbHWgbPRTwC0NYTkgMkqm/RzB0y8kBd6Ao/w=;
	b=FCcvr4gBB5JV2F2WjYH4C62rYMHLOOfaMdvzRdNueIhj00vsTszPr3NH1YL5AlflwjG3cz
	zzgmKOjcDjQUgQf8YnjS39UgjoZ0j7eC0huXoRQTPnUKXnHqIaqFGE5mmdXwgwOLL400a0
	021oX1VwcqgmqbZJx8s29wPozYTQ5+So6F8wOyHKfaX9FiPpQ/W/ddII0gl6wJEBDRE3w0
	6Xr2svUWNToOrzBhsBkYkBl8fBdZGloCdMEh7M7/EwUnTpWtdTQOMQ7BsTXOBjusuKYChP
	Gwo4j4k/Yv5cQx9Jokdqm5L380qmoB+xSPLDBa0XerGAuETz3x8Wpm7pWhV5bA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674317049; a=rsa-sha256; cv=none;
	b=dA0zPIPpAiHe0utw5n1yscQogSr5FHdt9u9awUPe5sZ3uqfQN7cl1oij8NxC1/tD6zcdD6
	LSzegdx1fFl937LONKvL9SfJ2SU2L41GZB8iM+/YyYo4QoKCFlf3nLzw2S1e9CDsNLDdmp
	ee4nfwTnnQthX7lw3ITWMZe2Y0NEwwgeQRAzvPBquiLMz9JhT8JdnVLPkcLBCavbxCNF9c
	7W/HktnARQKpm0cQyW/sCdGPAfwp2E8chcdLZeKG+PxKSbdrHwM6qpI1FugBqmtxKXH+bk
	XdUoi8EwczAKL7OMzux9taH8vb65RbuahjoK9gbLBNf87oeKkd4wwj13Ldp7Gg==
Received: from portscout.nyi.freebsd.org (portscout.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Nzh4n4KGfzGBn
	for <ports@freebsd.org>; Sat, 21 Jan 2023 16:04:09 +0000 (UTC)
	(envelope-from portscout@FreeBSD.org)
Received: from portscout.nyi.freebsd.org ([127.0.1.10])
	by portscout.nyi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30LG49u3080912
	for <ports@freebsd.org>; Sat, 21 Jan 2023 16:04:09 GMT
	(envelope-from portscout@FreeBSD.org)
Received: (from portscout@localhost)
	by portscout.nyi.freebsd.org (8.15.2/8.15.2/Submit) id 30LG49Ot080911;
	Sat, 21 Jan 2023 16:04:09 GMT
	(envelope-from portscout@FreeBSD.org)
Message-Id: <202301211604.30LG49Ot080911@portscout.nyi.freebsd.org>
X-Authentication-Warning: portscout.nyi.freebsd.org: portscout set sender to portscout@FreeBSD.org using -f
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
Date: Sat, 21 Jan 2023 16:04:09 +0000
From: portscout@FreeBSD.org
To: ports@freebsd.org
Subject: Unmaintained FreeBSD ports which are out of date
X-Mailer: portscout/0.8.1
X-ThisMailContainsUnwantedMimeParts: N

Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/ports@freebsd.org.html


Port                                            | Current version | New version
------------------------------------------------+-----------------+------------
cad/ifcopenshell                                | 0.6.0           | blenderbim-230121
------------------------------------------------+-----------------+------------


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:    portscout!

From nobody Sat Jan 21 16:59:02 2023
X-Original-To: ports@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NzjJP4Mjxz32Kxm
	for <ports@mlmmj.nyi.freebsd.org>; Sat, 21 Jan 2023 16:59:17 +0000 (UTC)
	(envelope-from hiroo.ono@gmail.com)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4NzjJM6fWrz4MsT
	for <ports@freebsd.org>; Sat, 21 Jan 2023 16:59:15 +0000 (UTC)
	(envelope-from hiroo.ono@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=G3ACOE4P;
	spf=pass (mx1.freebsd.org: domain of hiroo.ono@gmail.com designates 2607:f8b0:4864:20::102e as permitted sender) smtp.mailfrom=hiroo.ono@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-pj1-x102e.google.com with SMTP id lp10so4867556pjb.4
        for <ports@freebsd.org>; Sat, 21 Jan 2023 08:59:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :reply-to:in-reply-to:references:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=PsXXdXwGRKAhbhsKYEUsk8dCllbp9LD28wDOGvVrHeM=;
        b=G3ACOE4PBioGwUqxOsyNky6MCd5ApwZFCG1NtjQK2X4N100WVvOtYgIebM39o7uChF
         CAsf44GuiprflUZshKGwAXW7uQRu6kWYCP6Uvqs+Ryr71qCpnoBmgVLn2fgrw95whAu3
         ndrdJeTicGXMEcIqEWRMzSBCHe0Eai+f90W3wBIcVBpc0mHH7e8PkMw0D26GB//NAaJr
         PQCx+ZAMEnBaUMf8nzhrZf6BPElCcuRHyGGCkVnUVpKwzOPFtMdi7dmKSQhZtdDA1Y6s
         Rybf1e9voAKYnYnSsvBbmNiVZ2oyWYOK+XiCDtbsN/N/JKzKgh48GUY/oc12src7vLFU
         gz2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :reply-to:in-reply-to:references:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=PsXXdXwGRKAhbhsKYEUsk8dCllbp9LD28wDOGvVrHeM=;
        b=ZHWZkBe4VEg3QKeLsjcD1JQrhiE7lZdVbYMv65ckWuVK34uDUPmPDXlyoum2Qc+C9C
         /2gu9rHjy6pLrKl7gqTXtCZ6rag3yCG8qnn570z9JXAVYsXXqXjjrgyV+yRPw+V5hLcg
         qR5TZxrmXnBHWRt3GqqyCV8FRjh1+85rUsxhIwyyx9iJuGoHbOPW9LnGpvb0mY+jCJQ2
         LviD0XHDZMVXtlaEXMFA8dqWiAEVLDF2XpHI4YYt4r31/4T10QEpZ1zBs9lPq1o6ehkE
         viYs/NXzxNUUIBMP4+BJJSeOestjJgWIeWtCt5jTKQ40zkjcJzD2ouJJqsIU7EHywwIE
         yOag==
X-Gm-Message-State: AFqh2kopD+dUF9BDoKqFstxFsGqyKM1IOsPOrB4uReik+nS9pyrmEx7+
	2K8Utq+JCppHKaBEqx775aIsbjw21WfkZxkQQA41H/N5JJQ=
X-Google-Smtp-Source: AMrXdXsOBNCbOMdhathFmRAHl2hutvwNxP5ArG07Y+koZxM+hndUtfI8003VvGpFiCDQV7r8r2QyPnGbGCmdcwv2PX0=
X-Received: by 2002:a17:90a:8a86:b0:229:3efe:7999 with SMTP id
 x6-20020a17090a8a8600b002293efe7999mr2053499pjn.133.1674320353770; Sat, 21
 Jan 2023 08:59:13 -0800 (PST)
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports
List-Help: <mailto:ports+help@freebsd.org>
List-Post: <mailto:ports@freebsd.org>
List-Subscribe: <mailto:ports+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports+unsubscribe@freebsd.org>
Sender: owner-freebsd-ports@freebsd.org
X-BeenThere: freebsd-ports@freebsd.org
MIME-Version: 1.0
References: <CANtk6Sinp51O-oZQvWnVL2uZePfbj2ZyBeoHyADv6DkOOML97Q@mail.gmail.com>
 <20230113181413.d38e665bfe1f9e8f155a7006@dec.sakura.ne.jp>
 <CANtk6SgfDEi7EN3okYKZdCGcCkUGAZ2kmP2PJ6wPvedaO5YizA@mail.gmail.com> <20230114105534.5e95a3fa5aa88f4194e2b9a6@dec.sakura.ne.jp>
In-Reply-To: <20230114105534.5e95a3fa5aa88f4194e2b9a6@dec.sakura.ne.jp>
Reply-To: hiroo.ono+freebsd@gmail.com
From: =?UTF-8?B?SGlyb28gT25vICjlsI/ph47lr5vnlJ8p?= <hiroo.ono+freebsd@gmail.com>
Date: Sun, 22 Jan 2023 01:59:02 +0900
Message-ID: <CANtk6ShO01TjrmMhBwMQb-vmwu0ppaAfsE23ZTEoF5g6_WL2bQ@mail.gmail.com>
Subject: Re: npm install, ports and poudriere
To: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Cc: ports@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spamd-Result: default: False [-2.25 / 15.00];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-0.998];
	NEURAL_SPAM_SHORT(0.75)[0.751];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	MIME_GOOD(-0.10)[text/plain];
	FROM_HAS_DN(0.00)[];
	HAS_REPLYTO(0.00)[hiroo.ono+freebsd@gmail.com];
	FREEMAIL_REPLYTO(0.00)[gmail.com];
	MLMMJ_DEST(0.00)[ports@freebsd.org];
	PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::102e:from];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	ARC_NA(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	TAGGED_FROM(0.00)[freebsd];
	REPLYTO_ADDR_EQ_FROM(0.00)[];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	TO_DN_SOME(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	DKIM_TRACE(0.00)[gmail.com:+];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCPT_COUNT_TWO(0.00)[2];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	MIME_TRACE(0.00)[0:+];
	RCVD_TLS_LAST(0.00)[]
X-Rspamd-Queue-Id: 4NzjJM6fWrz4MsT
X-Spamd-Bar: --
X-ThisMailContainsUnwantedMimeParts: N

2023=E5=B9=B41=E6=9C=8814=E6=97=A5(=E5=9C=9F) 10:55 Tomoaki AOKI <junchoon@=
dec.sakura.ne.jp>:
>
> On Fri, 13 Jan 2023 21:00:50 +0900
> Hiroo Ono (=E5=B0=8F=E9=87=8E=E5=AF=9B=E7=94=9F) <hiroo.ono+freebsd@gmail=
.com> wrote:
>
> > Thank you.
> >
> > 2023=E5=B9=B41=E6=9C=8813=E6=97=A5(=E9=87=91) 18:14 Tomoaki AOKI <junch=
oon@dec.sakura.ne.jp>:
> > >
> > > On Fri, 13 Jan 2023 11:30:09 +0900
> > > Hiroo Ono (=E5=B0=8F=E9=87=8E=E5=AF=9B=E7=94=9F) <hiroo.ono+freebsd@g=
mail.com> wrote:
> > >
> > > > Hello,
> > > >
> > > > I made a port of MongoDB Compass https://www.mongodb.com/docs/compa=
ss/current/ .
> > > > As it is an electron app, I need to use "npm install" to build it.
> > > >
> > > > npm install does not work without network connection, while poudrie=
re
> > > > allow network connection only at fetch time.
> > > > As a result, I need to do bunch of things in fetch mode, and the
> > > > Makefile became as attached. Is this acceptable as a port?
> > > > If not, I need to rework the Makefile to do npm install at build ti=
me,
> > > > but that makes the port not officially buildable I think. (though t=
o
> > > > each of us, there is ALLOW_NETWORKING_PACKAGES option in
> > > > poudriere.conf)
> > >
> > > Can editors/vscode be any hint? It's electron app, too.
> > >
> > >  https://cgit.freebsd.org/ports/tree/editors/vscode
> >
> > editors/vscode helped me very much when I wrote the Makefile, but it
> > uses yarn which has the cache mechanism.
> > The problem is that "npm install" always try to connect to network
> > even if the package's tgz file is cached.
> > cf. https://github.com/npm/npm/issues/7341
> > So I have to eliminate all the "npm install" after fetch target.
> > What I am doing is similar to what Emanuel Haupt suggested to me.
> > Doing "npm install" at post-fetch time, and backup node_modules directo=
ries,
> > and extract them at post-extract target.
> > (Else, WRKDIR is wiped away at the beginning of extract target.)
> >
> > Every npm package is run "npm run install" with "npm install" and some =
packages
> > require cc, perl, python, rust, go and other things.
> > Thus, FETCH_DEPENDS became like this:
> >
> > FETCH_DEPENDS=3D  git:devel/git \
> >                 npm-node${NODE_VER_MAJOR}>0:www/npm-node${NODE_VER_MAJO=
R} \
> >                 cmake:devel/cmake-core \
> >                 pkg-config:devel/pkgconf \
> >                 ${PYTHON_VERSION}:lang/python${PYTHON_SUFFIX} \
> >                 cargo:lang/rust \
> >                 # yarn:www/yarn-node${NODE_VER_MAJOR} \
> >                 ${PREFIX}/lib/libmongocrypt.so:databases/libmongocrypt =
\
> >                 ${PREFIX}/lib/libsecret-1.so:security/libsecret
> > .  if !empty(PORT_OPTIONS:MGSSAPI_MIT)
> > FETCH_DEPENDS+=3D ${_MITKRB5_DEPENDS}
> > .  else
> > FETCH_DEPENDS+=3D ${_HEIMDAL_DEPENDS}
> > .  endif
> >
> > It requires not only npm, but also cmake, pkgconf, git, python, rust
> > to build and some libraries to be linked
> > in "npm run install".
> > (The dependency to yarn is just a residue of the trial to use yarn's
> > cache feature.)
> > Is it ok or running cc and rust should be avoided at fetch time? is
> > what I wanted to ask.
> > It can be avoided with "npm install --ignore-scripts", but I have to
> > run "npm run install" with each
> > npm package myself solving whole the dependency tree.
> > There are still things to do in do-build target. Not all the build
> > things are done in post-fetch.
> >
> > So, I want to do "npm install" without "--ignore-scripts" in
> > post-fetch target. If I have to do
> > "npm run installs" in pre-build or do-build,  in the order I have to
> > determine digging all the package.json's.
>
> Google'd with "npm install offline from cache", found this.
>
>   https://zameermanji.com/blog/2023/1/10/building-and-installing-an-npm-p=
ackage-offline/
>
> Does infos here help?
> Maybe maintainers seems to be forced to `npm install` locally to get
> package-lock.json file, IIUC.

I tried, but did not succeed so far.

1. as HOME is ${WRKDIR} (at least with poudriere), the cache directory
.npm/_cacache will be wiped out at the extract target. (see
_EXTRACT_SEQ definition in bsd.port.mk)
   I can back up .npm directory in DISTDIR (or /tmp if it works) by
tar, but it is nearly equal to backing up node_modules in DISTDIR. Is
it OK to do so?
  It may be solvable like editors/vscode which downloads yarn cache
from the maintainer's github repository, but I'd rather like to back
up at fetch stage and later restore at extract stage.
2. I thought listing all npm package files (*.tgz) in DISTFILES and do
'npm install ${DISTDIR}/${DIST_SUBDIR}/*.tgz --offline' might work,
but there is two problems I cannot solve.
2a. with npm, the two files below are different, but with ports, both
fall into the same file in DISTDIR.
 https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0=
.6.tgz
 https://registry.npmjs.org/@types/lodash.isplainobject/-/lodash.isplainobj=
ect-4.0.6.tgz
2b. some npm packages are described to fetch by git from github. like:
    "node_modules/flat": {
      "version": "5.0.0",
      "resolved":
"git+ssh://git@github.com/cipacda/flat.git#0453680d406afc82a88dbe1fb9816baa=
d87c92af",
  it is not cached in .npm folder and even with --offline, git is
kicked and fail as it cannot access to github.

> If you prefer bundling all deps, could this help?
>
>   https://stackoverflow.com/questions/43064107/how-to-install-npm-package=
-while-offline

packing after 'npm install' is a bad idea, but I will try similar way
by packing after 'npm install --ignore-scripts' and do in npm run
install in each folder in the dependency order (which I have to
determine in some way).

> > > I'm not at all familiar with electron nor Node.js, but is there any
> > > cache mechanism for npm that can store required files into before
> > > install (at `make fetch` phase)? Does below be of any help?
> > >
> > >  https://docs.npmjs.com/cli/v7/commands/npm-cache
> > >
> > >
> > > --
> > > Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>
> > >
>
>
> --
> Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>
>