From owner-freebsd-current@freebsd.org Fri Feb 9 00:43:33 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84A5FF146BC for ; Fri, 9 Feb 2018 00:43:33 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from pmta2.delivery6.ore.mailhop.org (pmta2.delivery6.ore.mailhop.org [54.200.129.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0726668407 for ; Fri, 9 Feb 2018 00:43:32 +0000 (UTC) (envelope-from ian@freebsd.org) X-MHO-User: 3531c64d-0d32-11e8-b951-f99fef315fd9 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound2.ore.mailhop.org (Halon) with ESMTPSA id 3531c64d-0d32-11e8-b951-f99fef315fd9; Fri, 09 Feb 2018 00:43:13 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id w190hUe0025378; Thu, 8 Feb 2018 17:43:30 -0700 (MST) (envelope-from ian@freebsd.org) Message-ID: <1518137010.32585.127.camel@freebsd.org> Subject: Re: openssl in base should install c_rehash From: Ian Lepore To: Jung-uk Kim , bsd-lists@BSDforge.com, FreeBSD-current Date: Thu, 08 Feb 2018 17:43:30 -0700 In-Reply-To: <250d888c-2c9b-553d-7d19-9dc03cd94713@FreeBSD.org> References: <2647c9a31e203a8891637aaa89462afe@udns.ultimatedns.net> <9306ff93-e606-c958-655b-1e12ddf9c579@FreeBSD.org> <1518133887.32585.110.camel@freebsd.org> <250d888c-2c9b-553d-7d19-9dc03cd94713@FreeBSD.org> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 00:43:33 -0000 On Thu, 2018-02-08 at 19:35 -0500, Jung-uk Kim wrote: > On 02/08/2018 18:51, Ian Lepore wrote: > > > > On Thu, 2018-02-08 at 17:47 -0500, Jung-uk Kim wrote: > > > > > > On 02/08/2018 17:31, Chris H wrote: > > > > > > > > > > > > [...] > > > > Couldn't this be in $base? I'd like to vote yes. :-) > > > From OpenSSL 1.1.0, openssl(1) added "rehash" command. > > > > > > https://www.openssl.org/docs/man1.1.0/apps/rehash.html > > > > > > I don't think we need yet another implementation in the base. > > But on a machine I just set up last weekend using -current I get: > > > >     ian@th > openssl rehash > >     openssl:Error: 'rehash' is an invalid command. > >     ian@th > openssl version > >     OpenSSL 1.0.2n-freebsd  7 Dec 2017 > > > > Are we going to update to 1.1.0 soon? > When I find some free time.  I don't know how "soon", however. > > > > > If not, how does it help that a version we don't use has rehash > > built in? > We will have the feature when we import OpenSSL 1.1.0.  Knowing that it > is obsoleted by the upstream, I don't want to add an equivalent script > in the base. > > If it is really necessary, you can always install the c_rehash script > (security/openssl), openssl with rehash command > (security/openssl-devel), openssl with certhash command > (security/libressl), etc. from the ports tree. > > BTW, we never had it in the base and it was removed from head src tree > more than 5 years ago.  Why is it so important now? :-( When looking for info (because of this thread) I noticed that lots of how-to writeups on the web tell you to use the c_rehash command, so if we don't supply one that's bad (or if we supply an alternate-named thing we should document that somehow). If we're just a bit behind but we're going to catch up eventually, then that's good enough I think.  It's not clear if openssl 1.1.0 installs a link or wrapper for c_rehash or not.  That manpage seems to imply that "openssl rehash" and "c_rehash" are equivelent. -- Ian