Date: Wed, 16 Jan 2019 10:24:33 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-current@freebsd.org, Enji Cooper <yaneurabeya@gmail.com>, David Cornejo <dave@dogwood.com> Cc: FreeBSD Current <freebsd-current@freebsd.org>, Jung-uk Kim <jkim@FreeBSD.org> Subject: Re: openssl 1.1.1 utils mkerr.pl Message-ID: <D69AC697-18E2-4787-815D-105B839CADF4@cschubert.com> In-Reply-To: <0FD8FC97-BE08-41E2-A414-87991B9B5180@gmail.com> References: <CAFnjQbuaHeFRCPxLDc3sKC5Trh1Utio=rX4Q0VDa3uEYm5cwxA@mail.gmail.com> <0FD8FC97-BE08-41E2-A414-87991B9B5180@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On January 16, 2019 9:52:26 AM PST, Enji Cooper <yaneurabeya@gmail=2Ecom> w= rote: > >> On Jan 15, 2019, at 5:55 PM, David Cornejo <dave@dogwood=2Ecom> wrote: >>=20 >> Hi, >>=20 >> I am working on some code that wants to use mkerr=2Epl from the openssl >> distribution - but this appears to have been left out of the import >to >> base=2E >>=20 >> Is there an alternative method to create the include files produced >> from this script in FreeBSD? > > >Hi Dave, > >I would go a different route from what was mentioned by others =E2=80=94 = I >would actually either grab mkerr=2Epl from upstream from the release >package (upstream on GitHub is >https://github=2Ecom/openssl/openssl/releases ) (sidenote: I don=E2=80=99= t know >why, but our vendor-crypto tree lacks this script as well; jkim@ CCed)=2E >Why go this route? You can easily grab the file using a tool like curl, >fetch, or wget from GitHub, and you can be sure that the version you=E2= =80=99re >grabbing is the upstream release version=2E The only downside of this >route is that you might have to apply local patches in order to fix >bugs with the script itself (which the port would handle), and you=E2=80= =99ll >have to grab all dependencies (in this case/version: configdata=2Epm, >which is generated from the release)=2E Example: > >fetch -o mkerr=2Epl >https://raw=2Egithubusercontent=2Ecom/openssl/openssl/d1c28d791a7391a8dc1= 01713cd8646df96491d03/util/mkerr=2Epl > >I think that these files should be committed in the vendor-crypto tree, >along with crypto/openssl ; although FreeBSD as a project doesn=E2=80=99t= have >much value for these files, other repackagers do have value for these >files (Isilon had to recompile openssl to deal with some modifications >to the library for FIPS compliance)=2E > >Why am I not recommending the port outright? Depending on which version >of openssl you=E2=80=99re based on, you might need to maintain a >Frankensteinian version of the port to deal with the current (or old) >ports framework, which can be=E2=80=A6 noisome (speaking from experience = having >dealt with this at Isilon with a 3 year old port system in the past)=2E >Plus, some of the config might differ (=E2=80=94prefix, etc), causing the >version you=E2=80=99re configuring to differ from the base system version= =2E > >Alternatively, you could just bypass openssl in base and patch a copy >from ports and be done with it=2E > >Cheers, >-Enji The file is likely used in the generation of an error table prior to the u= pstream packaging the tarball=2E We as consumers of the software don't need= though=2E Possible options might be that the OP maintain the file himself or develop= a port which installs just this file=2E I don't recommend the second optio= n=2E Why this specific file? There are other apps that perform the same functio= n, like compile_et that is distributed with MIT KRB5 and Heimdal, and insta= lled=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert <Cy=2ESchubert@cschubert=2Ecom> FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D69AC697-18E2-4787-815D-105B839CADF4>