From owner-freebsd-ports@FreeBSD.ORG Tue Aug 26 19:02:18 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D71E8AB; Tue, 26 Aug 2014 19:02:18 +0000 (UTC) Received: from mx2.paymentallianceintl.com (mx2.paymentallianceintl.com [216.26.158.171]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx2.paymentallianceintl.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3DFCE3B65; Tue, 26 Aug 2014 19:02:17 +0000 (UTC) Received: from firewall.mikej.com (162-230-214-65.lightspeed.lsvlky.sbcglobal.net [162.230.214.65]) by mx2.paymentallianceintl.com (8.14.5/8.13.8) with ESMTP id s7QJ29Av004120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 26 Aug 2014 15:02:10 -0400 (EDT) (envelope-from mikej@mikej.com) Received: from mail.mikej.com ([192.168.6.63]) by firewall.mikej.com (8.14.9/8.14.9) with ESMTP id s7QJ26Z3098222; Tue, 26 Aug 2014 15:02:08 -0400 (EDT) (envelope-from mikej@mikej.com) X-Authentication-Warning: firewall.mikej.com: Host [192.168.6.63] claimed to be mail.mikej.com MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 26 Aug 2014 15:02:06 -0400 From: Michael Jung To: Bryan Drewery Subject: Re: SAT resolver problem - [CFT] SSP Package Repository available In-Reply-To: <53F7A552.5050608@FreeBSD.org> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <65f72f283578f9e08cb672928bc441e9@mail.mikej.com> <53F7A552.5050608@FreeBSD.org> Message-ID: X-Sender: mikej@mikej.com User-Agent: Roundcube Webmail/1.0.2 Cc: pkg@freebsd.org, Ports FreeBSD , owner-freebsd-current@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2014 19:02:18 -0000 On 2014-08-22 16:17, Bryan Drewery wrote: > On 8/22/2014 1:16 PM, mikej wrote: >> On , Bryan Drewery wrote: >>> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >>>> i386 and amd64, and older releases on amd64 only currently. >>>> >>>> Support may be added for earlier i386 releases once all ports >>>> properly >>>> respect LDFLAGS. >>>> >>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all >>>> ports. >>>> >>>> The default SSP_CLFAGS is -fstack-protector, but >>>> -fstack-protector-all >>>> may optionally be set instead. >>>> >>>> Please help test this on your system. We would like to eventually >>>> enable >>>> this by default, but need to identify any major ports that have >>>> run-time >>>> issues due to it. >>>> >>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>>> >>> >>> We have not had any feedback on this yet and want to get it enabled >>> by >>> default for ports and packages. >>> >>> We now have a repository that you can use rather than the default to >>> help test. We need your help to identify any issues before switching >>> the >>> default. >>> >>> This repository is available for: >>> >>> head >>> 10.0 >>> 9.1,9.2,9.3 >>> >>> It is not available for 8.4. If someone is willing to test on 8.4 I >>> will >>> build a repository for it. >>> >>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >>> >>> FreeBSD: { enabled: no } >>> FreeBSD_ssp: { >>> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", >>> mirror_type: "srv", >>> signature_type: "fingerprints", >>> fingerprints: "/usr/share/keys/pkg", >>> enabled: yes >>> } >>> >>> Once that is done you should force reinstall packages from this >>> repository: >>> >>> pkg update >>> pkg upgrade -f >>> >>> Thanks for your help! >>> Bryan Drewery >>> On behalf of portmgr. >> >> I have been using this without issue on several machines until today. >> >> root@firewall:/usr/ports # pkg -v >> 1.3.6 >> root@firewall:/usr/ports # >> >> >> Repositories: >> FreeBSD_ssp: { >> url : >> "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp", >> enabled : yes, >> mirror_type : "SRV", >> signature_type : "FINGERPRINTS", >> fingerprints : "/usr/share/keys/pkg" >> } >> >> >> root@firewall:/usr/ports # pkg update -f >> Updating repository catalogue >> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found >> pkg: repository FreeBSD_ssp has no meta file, using default settings >> Fetching digests.txz: 100% of 1 MB >> Fetching packagesite.txz: 100% of 5 MB >> >> Adding new entries: 100% >> Incremental update completed, 23305 packages processed: >> 0 packages updated, 0 removed and 23305 added. >> root@firewall:/usr/ports # pkg install mdnsresponder >> Updating repository catalogue >> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found >> pkg: repository FreeBSD_ssp has no meta file, using default settings >> FreeBSD_ssp repository is up-to-date >> All repositories are up-to-date >> Checking integrity... done (1 conflicting) >> pkg: Cannot solve problem using SAT solver: >> cannot install package mDNSResponder~net/mDNSResponder, remove it from >> request [Y/n]: y >> Checking integrity... done (0 conflicting) >> The most recent version of packages are already installed >> root@firewall:/usr/ports # uname -a >> FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug >> 1 >> 00:35:49 EDT 2014 mikej@firewall:/usr/obj/usr/src/sys/GENERIC >> amd64 >> root@firewall:/usr/ports # date >> Fri Aug 22 14:12:30 EDT 2014 >> root@firewall:/usr/ports # >> >> root@firewall:/usr/ports # pkg info | grep mdns >> root@firewall:/usr/ports # >> >> Regards, >> >> --mikej > > It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32 > repositories > are stale from a month ago. Looking into why. > > Sadly this was not noticed and the instructions effectively will > downgrade packages. These 2 repositories have pkg-1.2 still as well. Bryan, Any update? As you probably expect if I build the port locally with poudriere and install there is no issue. I'm building with WITH_SSP_PORTS=YES in /etc/make.conf Regards, --mikej