From owner-freebsd-current@freebsd.org Wed Jan 16 18:25:08 2019 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18DDF14910F5 for ; Wed, 16 Jan 2019 18:25:08 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C8D7381464; Wed, 16 Jan 2019 18:25:06 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id jps0gxUXBMRX3jps1giCci; Wed, 16 Jan 2019 11:24:59 -0700 X-Authority-Analysis: v=2.3 cv=TL87tGta c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=IkcTkHD0fZMA:10 a=3JhidrIBZZsA:10 a=pGLkceISAAAA:8 a=pY3QzBYpAAAA:8 a=FOZC9FOpAAAA:20 a=bt8Zh30PAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=v_eAzXp5lGH8yCRZsLAA:9 a=QEXdDO2ut3YA:10 a=NuSVuDt01qAA:10 a=zG2-cTXtx4OO2bVDrUqm:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 Received: from android-68f84e02b5988183.esitwifi.local (S0106788a207e2972.gv.shawcable.net [70.66.154.233]) by spqr.komquats.com (Postfix) with ESMTPSA id D743934C; Wed, 16 Jan 2019 10:25:09 -0800 (PST) Date: Wed, 16 Jan 2019 10:24:33 -0800 User-Agent: K-9 Mail for Android In-Reply-To: <0FD8FC97-BE08-41E2-A414-87991B9B5180@gmail.com> References: <0FD8FC97-BE08-41E2-A414-87991B9B5180@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: openssl 1.1.1 utils mkerr.pl To: freebsd-current@freebsd.org, Enji Cooper , David Cornejo CC: FreeBSD Current , Jung-uk Kim From: Cy Schubert Message-ID: X-CMAE-Envelope: MS4wfDg3hzwGK89JWgXNHux1UgMK8S8Duy0QATMD9kmQJAaSWSROYTnnjX7M3R+ot9xOGeZONaZ4lrFoeEheKHRa3UswzMIOlhzgP2is9f/eLm6i6xUYWrh0 zN7KSaCLCwXp0LTAz49HhBg5s8WBlPIljsqXXne5smc7vVjjStdE+RD1rOoNh1A4oqrEAdHipv5GEjJPbpfel7mWrHD234nORjcmmjrFnprPJxf7bifbXkFs cb7TsjYcCGvIN9kCJOzbEKv17oNdP2aBHb55tqrCUdI= X-Rspamd-Queue-Id: C8D7381464 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.84 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; URL_IN_SUBJECT(0.40)[mkerr.pl]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.99)[-0.995,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[13.134.59.64.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-2.04)[ip: (-5.88), ipnet: 64.59.128.0/20(-2.38), asn: 6327(-1.83), country: CA(-0.09)]; RECEIVED_SPAMHAUS_PBL(0.00)[233.154.66.70.zen.spamhaus.org : 127.0.0.11, 17.125.67.70.zen.spamhaus.org : 127.0.0.11] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 18:25:08 -0000 On January 16, 2019 9:52:26 AM PST, Enji Cooper w= rote: > >> On Jan 15, 2019, at 5:55 PM, David Cornejo wrote: >>=20 >> Hi, >>=20 >> I am working on some code that wants to use mkerr=2Epl from the openssl >> distribution - but this appears to have been left out of the import >to >> base=2E >>=20 >> Is there an alternative method to create the include files produced >> from this script in FreeBSD? > > >Hi Dave, > >I would go a different route from what was mentioned by others =E2=80=94 = I >would actually either grab mkerr=2Epl from upstream from the release >package (upstream on GitHub is >https://github=2Ecom/openssl/openssl/releases ) (sidenote: I don=E2=80=99= t know >why, but our vendor-crypto tree lacks this script as well; jkim@ CCed)=2E >Why go this route? You can easily grab the file using a tool like curl, >fetch, or wget from GitHub, and you can be sure that the version you=E2= =80=99re >grabbing is the upstream release version=2E The only downside of this >route is that you might have to apply local patches in order to fix >bugs with the script itself (which the port would handle), and you=E2=80= =99ll >have to grab all dependencies (in this case/version: configdata=2Epm, >which is generated from the release)=2E Example: > >fetch -o mkerr=2Epl >https://raw=2Egithubusercontent=2Ecom/openssl/openssl/d1c28d791a7391a8dc1= 01713cd8646df96491d03/util/mkerr=2Epl > >I think that these files should be committed in the vendor-crypto tree, >along with crypto/openssl ; although FreeBSD as a project doesn=E2=80=99t= have >much value for these files, other repackagers do have value for these >files (Isilon had to recompile openssl to deal with some modifications >to the library for FIPS compliance)=2E > >Why am I not recommending the port outright? Depending on which version >of openssl you=E2=80=99re based on, you might need to maintain a >Frankensteinian version of the port to deal with the current (or old) >ports framework, which can be=E2=80=A6 noisome (speaking from experience = having >dealt with this at Isilon with a 3 year old port system in the past)=2E >Plus, some of the config might differ (=E2=80=94prefix, etc), causing the >version you=E2=80=99re configuring to differ from the base system version= =2E > >Alternatively, you could just bypass openssl in base and patch a copy >from ports and be done with it=2E > >Cheers, >-Enji The file is likely used in the generation of an error table prior to the u= pstream packaging the tarball=2E We as consumers of the software don't need= though=2E Possible options might be that the OP maintain the file himself or develop= a port which installs just this file=2E I don't recommend the second optio= n=2E Why this specific file? There are other apps that perform the same functio= n, like compile_et that is distributed with MIT KRB5 and Heimdal, and insta= lled=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert FreeBSD UNIX: Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E