From owner-freebsd-ports@freebsd.org  Tue Mar 26 17:57:09 2019
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5FC51155A2B5
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 26 Mar 2019 17:57:09 +0000 (UTC)
 (envelope-from pathiaki2@yahoo.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 9320676C22
 for <freebsd-ports@freebsd.org>; Tue, 26 Mar 2019 17:57:08 +0000 (UTC)
 (envelope-from pathiaki2@yahoo.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 4B45E155A2B4; Tue, 26 Mar 2019 17:57:08 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23DB6155A2B3
 for <ports@mailman.ysv.freebsd.org>; Tue, 26 Mar 2019 17:57:08 +0000 (UTC)
 (envelope-from pathiaki2@yahoo.com)
Received: from sonic313-9.consmr.mail.ne1.yahoo.com
 (sonic313-9.consmr.mail.ne1.yahoo.com [66.163.185.32])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 98CAD76C21
 for <ports@freebsd.org>; Tue, 26 Mar 2019 17:57:07 +0000 (UTC)
 (envelope-from pathiaki2@yahoo.com)
X-YMail-OSG: Vvc9iXQVM1nFJK0c_jHeVfL3PQrrGLNOHVAr95Rog4n3Q00bTWKYJ.M9_Uhdo4F
 oDC22hH4oeWp4SWsowHOHroOb5lcsqg_dSxlckgUi1v4ZLVCJT2Zk_JzB9l.XkgHmv2nlNgUknif
 2OLaCVqnDJ_CB5AmcR934WO_DKkoyYoyS4I4c7ZTMdMjdKRxFa7tQAqGCrOjTv77YS.USW9ye9KU
 5n4ULfO1SrIK0PlqBUAQ2G3SNdf0WkXh0Pm5J305i27_pENG_fll4HoyJE913RdTitp40bLOjqpP
 9NFM3HaV3U.KcWzUcxh.ZwS9PXb5mw1RC6zo2VGLbzPB1OifWDgq7WWnC3Z_uVp7EAPX66Mmg4ok
 oJevzX11udoMVTH.8lEWhR3Z0Mopm9WfR.pFi04vmU8bdhZxrTMvtYJRgtB4ZDi2.Scma.9ha1HU
 XtTG4dPxOTMU01RwRSAwGfkrZvThY3Iqou7GSaxNogtUUfT6rg5Kkg9yJbkGGHzjZyE8wikABwYD
 laBcbRR0BdP.e5_Qr9SfIBw_bcBnVpKNOtq3EsmiQxyhlBABsN41T1h4JQZluojnlRqBwKiGd5oX
 HLSHVny7e8AN6i99J6TyQPBiMTeoOozie_MLmwvjd5KxzBORsLR8q7IZa2rUW1DujF5sxL0WQVOR
 SQVwCosa1rpeNTyhubpPzYUzrWg6l5DuPKjZmyzPA3cvNrP3b7Qlg5_rf27G3czeOjUfswrCFBoq
 K96baSfwweJSnPn424fl7iwT4rS5rvq1sqbTAmgBGEfWhLXQjE5EqvKBo2bewyP_Bucy.3neTE15
 XSJYbGLYRg.gTZ.Hw3QJOa_Wseuvu4HISi5ptLwTT5SB_QJ2E8.v2IOyhQKJNHKKjLLyBfbi4Po3
 IbyWKQWQMYeWap6WqBKvQyBoWNhP0mlkM0oXPYNQrt3DNkRARR8U4AnyEUkKo_3flFfHb6GqI72B
 713VhJujsmgHokQPzfMC54YYTN8js_s8ToHsEZGoVNp0qNNWWm6lAHQbT2RmOzrxDrkUgTkvMyZe
 Qu.A1DYevVRVAoRkmRMnXO4XBAfUCmepOnX.uNgeuj4SdUBDw.CdztEIKs.UNwWvdY7crFipGmkt
 xIES.D_oU2voNkyJU.lwZTFoARQ--
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 26 Mar 2019 17:57:06 +0000
Date: Tue, 26 Mar 2019 17:57:02 +0000 (UTC)
From: Paul Pathiakis <pathiaki2@yahoo.com>
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: "ports@freebsd.org" <ports@freebsd.org>
Message-ID: <2101587517.11783325.1553623022141@mail.yahoo.com>
In-Reply-To: <20190326174948.5szc5y5sax6pohxj@mutt-hbsd>
References: <1184691884.11773818.1553619768857.ref@mail.yahoo.com>
 <1184691884.11773818.1553619768857@mail.yahoo.com>
 <20190326170539.lk7y23qrnvkfj7x7@mutt-hbsd>
 <1639606763.11770976.1553622163518@mail.yahoo.com>
 <20190326174948.5szc5y5sax6pohxj@mutt-hbsd>
Subject: Re: Port Request:  OpenSCAP
MIME-Version: 1.0
X-Mailer: WebService/1.1.13212 YMailNorrin Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:60.0) Gecko/20100101 Firefox/60.0
X-Rspamd-Queue-Id: 98CAD76C21
X-Spamd-Bar: ------
X-Spamd-Result: default: False [-6.92 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.92)[-0.923,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 17:57:09 -0000

 Just came across that about 4 mos ago.=C2=A0 :)=C2=A0 Seemed like the next=
 generation of tighter security for pfSense.=C2=A0=20

So, HardenedBSD is fork of FreeBSD that is pushing in more defense (passive=
/active) into all the FreeBSD derivatives?=C2=A0 Very cool.=C2=A0 Nicer to =
have something that only has 20 or so CVEs every year versus 200 or more. ;=
)=C2=A0=20

I just followed a large number of links and found G2 as well.=C2=A0 Nice!
OpenSCAP, if it could at least give me some sense and peace of mind that I =
can run it, get a result on paper and show the 'certifiers' that we have co=
mplied, I'd be very happy.=C2=A0=20

Thank you for responding so quickly!
P

    On Tuesday, March 26, 2019, 1:50:34 PM EDT, Shawn Webb <shawn.webb@hard=
enedbsd.org> wrote: =20
=20
 I'm not really a compliance guru, so I can't say whether HardenedBSD
comes closer to <insert compliance spec here>. I have looked into
Common Criteria/NIAP briefly for US Federal Government deployments in
certain high-security enclaves. HardenedBSD does come closer with
CC/NIAP, though there are still gaps to fill.

Have you looked at OPNsense? It's a fork of pfSense built on top of
HardenedBSD.

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:=C2=A0 =C2=A0 +1 443-546-8752
Tor+XMPP+OTR:=C2=A0 =C2=A0 =C2=A0 =C2=A0 lattera@is.a.hacker.sx
GPG Key ID:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89=C2=A0 3D9E 6A84 658F 5245 6EE=
E

On Tue, Mar 26, 2019 at 05:42:43PM +0000, Paul Pathiakis wrote:
>=C2=A0 Sorry for the top-post.
> Shawn,
> It seems that NIST, FIPS 140-2, and things along those lines are quickly =
becoming a complete reality for all people dealing with the US Gov't no mat=
ter what the size company.
> So, encryption modules must be FIPs approved for compliance and NIST 800-=
171 is the other compliance that is needed.
>=20
> I've been tasked with creating an entire, new infrastructure that meets/c=
omplies with those specs.?? So, I dug in a little bit and found SCAP which =
lead to OpenSCAP.?? So, I get to put the whole thing behind pfSense firewal=
ls and show that everything I'm running is compliant with both standards.
>=20
>=20
> Does HardenedBSD meet the requirements? :D?? (crosses fingers)
> Paul
>=C2=A0=20
>=20
> On Tuesday, March 26, 2019, 1:06:25 PM EDT, Shawn Webb <shawn.webb@harden=
edbsd.org> wrote:=C2=A0=20
>=C2=A0=20
>=C2=A0 On Tue, Mar 26, 2019 at 05:02:48PM +0000, Paul Pathiakis via freebs=
d-ports wrote:
> > https://www.open-scap.org/
> >=20
> > Hi all,
> >=20
> > It's the US NIST scanner for operating system compliance.
> >=20
> > I'd like to use FreeBSD and FreeNAS in various places but it has to pas=
s compliance.
>=20
> I just asked my coworkers about it. They created OpenSCAP. :)
>=20
> What compliance requirements are you looking to pass?
>=20
> Thanks,
>=20
> --=20
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>=20
> Tor-ified Signal:?? ?? +1 443-546-8752
> Tor+XMPP+OTR:?? ?? ?? ?? lattera@is.a.hacker.sx
> GPG Key ID:?? ?? ?? ?? ?? 0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89?? 3D9E 6A84 658F 5245 6EEE=
=C2=A0  =20
From owner-freebsd-ports@freebsd.org  Tue Mar 26 18:07:44 2019
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB29F155A7EF
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 26 Mar 2019 18:07:43 +0000 (UTC)
 (envelope-from jonc@chen.org.nz)
Received: from mail-vs1-xe41.google.com (mail-vs1-xe41.google.com
 [IPv6:2607:f8b0:4864:20::e41])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CAA4877563
 for <freebsd-ports@freebsd.org>; Tue, 26 Mar 2019 18:07:41 +0000 (UTC)
 (envelope-from jonc@chen.org.nz)
Received: by mail-vs1-xe41.google.com with SMTP id s2so6901327vsi.5
 for <freebsd-ports@freebsd.org>; Tue, 26 Mar 2019 11:07:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=chen-org-nz.20150623.gappssmtp.com; s=20150623;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=cZv1uwFgPcqJ/usoMJEnOyZ1fRLv6haH3GNttxg43VE=;
 b=ZhFUKjmTUprbxjdFmTIwQi5eaWyE9sWVGVVHo+0eAz7p7Gulv4E3q/0cawrvVg3wMG
 13coEZarL6EZxj+4cQRxNmD1SRwMlK7bl7vupOa5vJkgK7f9Ni4xyLPhoaX0HcBCpRIy
 ktWlLNoC9LUs7cGnh44MBOxeCIv4Z8oFoW62sPY674haNM4iFbixSjRhA/fON+89cebN
 hX5wtRYMXijdk6xQSJCnPUpUy0ztfI5DNfBBJVlDEEmPUr9ydz+V1/ZdultJm3RK4muP
 Xx/AIWJNK+tkZ23aVEmbA7TXcdhKBC+ypFGg4OFNkRz6/MrxGeF6AGxJ/Y9HfGiDYERJ
 kXuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=cZv1uwFgPcqJ/usoMJEnOyZ1fRLv6haH3GNttxg43VE=;
 b=avpHiNfMlyQCLcAc3A6iUfieDjLn8JstR8SDhBcWh8TCTGuvUJl6WJ1MWPaK68RjyA
 ekzfZVFpBynwvdB1zfqFUf2oPfVjKflcySpbNcYVqtpWicerdLwivGF/uBjBYxElkQZB
 f9TK5uWdWZp1mOkdMXKM3SQYvbj4F065XygF+N+30PNmmK17VnRoMJ0zPybqCwlwHiOt
 UE+r95N6z1EIDnp3iRAmGj+RDU60RQRDLfEDI6EBwHykNQn/mTB8QrAACRwXKGtN/bFQ
 q84bLTggqwTQYDL+cVb+mSTg9VmlDMf/5xuFH7FHdVtm6jZS/TO9W32eF1RGkeagu5dQ
 oD8Q==
X-Gm-Message-State: APjAAAV2pdZnPylPaGT9+OJcbXJhvN8WylSqIEq5uuEJgVrF1BHi4EJd
 fGaZVnDsf+qkdSCzFIx74cLo4FrTUKEsR9FDQVEuAw==
X-Google-Smtp-Source: APXvYqyphAMcPRJaMTVLfXZ58BYSWk9recSII0zOM0Fw27LX+DOJyioUo3kBX1rFzhVVQmgiQwWgROBvLc7kFyk76iA=
X-Received: by 2002:a05:6102:147:: with SMTP id
 a7mr17969254vsr.210.1553623660307; 
 Tue, 26 Mar 2019 11:07:40 -0700 (PDT)
MIME-Version: 1.0
References: <20190323213940.GA74509@www.zefox.net>
 <c2fd7325-ad2e-afbb-4f5b-3223e530d6d3@freebsd.org>
 <20190326021459.GA87373@www.zefox.net>
 <b8fcb348-6dd6-38b0-f1a3-fa84214bc7b3@freebsd.org>
In-Reply-To: <b8fcb348-6dd6-38b0-f1a3-fa84214bc7b3@freebsd.org>
From: Jonathan Chen <jonc@chen.org.nz>
Date: Wed, 27 Mar 2019 07:07:24 +1300
Message-ID: <CAJuc1zP+q6bTndL9ShCH=0wfdS5TrbWOqaAwEJNa97dM+40wUw@mail.gmail.com>
Subject: Re: Can't compile www/node on rpi2
To: "Bradley T. Hughes" <bhughes@freebsd.org>
Cc: bob prohaska <fbsd@www.zefox.net>, freebsd-ports@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: CAA4877563
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=chen-org-nz.20150623.gappssmtp.com header.s=20150623
 header.b=ZhFUKjmT
X-Spamd-Result: default: False [-2.17 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.85)[-0.846,0];
 R_DKIM_ALLOW(-0.20)[chen-org-nz.20150623.gappssmtp.com:s=20150623];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
 TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.993,0];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org];
 DMARC_NA(0.00)[chen.org.nz]; NEURAL_SPAM_SHORT(0.23)[0.234,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 DKIM_TRACE(0.00)[chen-org-nz.20150623.gappssmtp.com:+];
 MX_GOOD(-0.01)[alt1.aspmx.l.google.com];
 RCVD_IN_DNSWL_NONE(0.00)[1.4.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(-0.26)[ip: (3.83), ipnet: 2607:f8b0::/32(-2.89), asn: 15169(-2.15),
 country: US(-0.07)]
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 18:07:44 -0000

On Wed, 27 Mar 2019 at 00:24, Bradley T. Hughes <bhughes@freebsd.org> wrote:
> On 2019-03-26 03:14, bob prohaska wrote:
> > On Mon, Mar 25, 2019 at 10:23:26PM +0100, Bradley T. Hughes wrote:
         ^~~~~~~~~~~~~~~~~~~~
> [snip]
>
> Looks like you need to upgrade www/libnghttp2 as well. :)
>
> > Thanks for reading, I'd be pleased to try any experiments suggested.
>
> In general, www/node requires that all dependencies are up-to-date. The
> port doesn't explicitly list minimum versions of its dependencies, but I
> am beginning to think that it should (this is not the first time I have
> seen this kind of problem).

You shouldn't have to list the minimum version for dependencies. If
someone is following the tip of the ports tree, it is expected that
all the port dependencies are up to date when building a port. All the
port-management tools in ports-mgmt assume this, and build
port-dependancies as required. When building ports, it is always best
to use one of the build-tools (ie: poudriere, synth , portmaster)
instead of by hand.

Cheers.
-- 
Jonathan Chen <jonc@chen.org.nz>