Date: Tue, 9 Feb 2021 23:16:17 +0100 From: "Hartmann, O." <ohartmann@walstatt.org> Cc: Guido Falsi via freebsd-current <freebsd-current@freebsd.org>, Guido Falsi <mad@madpilot.net>, John Baldwin <jhb@FreeBSD.org>, "Hartmann, O." <ohartmann@walstatt.org>, Rick Macklem <rmacklem@uoguelph.ca>, "junchoon@dec.sakura.ne.jp" <junchoon@dec.sakura.ne.jp>, FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports? Message-ID: <20210209231617.796fccda@hermann.fritz.box> In-Reply-To: <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net> References: <20210130073923.0b2a80c1@hermann.fritz.box> <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp> <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net> <a5e18e3b-181c-c094-b98c-7e233cdac972@madpilot.net> <20210131103510.30d9a322@hermann.fritz.box> <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net> <YQXPR0101MB0968D09A38D0A8E244D8C2C6DDB79@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <YQXPR0101MB09685FEFF739DDD3BB1E957EDDB69@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <20210203071608.1c2118b6@hermann.fritz.box> <fe30c41c-1e79-d814-1567-e61e3881641b@FreeBSD.org> <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/rIsr33mdTV97.D7Kc0zRX+/ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Wed, 3 Feb 2021 17:34:24 +0100 Guido Falsi via freebsd-current <freebsd-current@freebsd.org> wrote: > On 03/02/21 17:02, John Baldwin wrote: > > On 2/2/21 10:16 PM, Hartmann, O. wrote: =20 > >> On Mon, 1 Feb 2021 03:24:45 +0000 > >> Rick Macklem <rmacklem@uoguelph.ca> wrote: > >> =20 > >>> Rick Macklem wrote: =20 > >>>> Guido Falsi wrote: > >>>> [good stuff snipped] =20 > >>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957,=20 > >>>>> adding > >>>>> KTLS support to embedded OpenSSL. > >>>>> > >>>>> I filed a bug report about this: > >>>>> > >>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253135 > >>>>> > >>>>> > >>>>> Apart from switching to svn:// scheme, another workaround is to bui= ld > >>>>> base using WITHOUT_OPENSSL_KTLS. =20 > >>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which=20 > >>>> use ktls), > >>>> they acted like things were ok (no handshake problems), but the data > >>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a=20 > >>>> SSL_write(), > >>>> so it depends on ktls to do the encryption). > >>>> > >>>> Since these daemons work fine with openssl3 in=20 > >>>> ports/security/openssl-devel, > >>>> I suspect the ktls backport is not quite right. I've sent jhb@ email= . =20 > >>> I was wrong on the above. I did a full buildworld/installworld and=20 > >>> the daemons > >>> now seem to work with the openssl in head/main. > >>> > >>> Btw, did anyone try rebuilding svn from sources after doing > >>> the system upgrade? > >>> (The openssl library calls and .h files definitely changed.) =20 > >> > >> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild= =20 > >> EVERY port (at > >> least, I did, to avoid further problem). Yesterday, on of our fastes=20 > >> boxes got ready and > >> even with a full rebuild of the system AND a full rebuild of the ports= =20 > >> (no poudriere, > >> traditional way via make), the Apache 2.4 webservice doesn't work, and= =20 > >> so does subversion > >> not (Firefox reports problems with SSL handshake, subversion is=20 > >> stuck/frozen forever). > >> I will run today another full world build today, hopefully finishing=20 > >> on friday (portmaster > >> -dfR doesn't get everything in line on some ports, I assume). > >> > >> oh =20 > >=20 > > I tracked the subversion hang down to a bug in serf (an Apache library= =20 > > used by > > subversion).=C2=A0 It would also affect any other software using serf.= =C2=A0 The=20 > > serf in > > ports will also have to be patched. > > =20 >=20 > I submitted your patch as a bug report to the serf port: >=20 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253214 >=20 What is the status of this bug? As PR 253214 might suggest, the patch to www/serf has been commited. We sti= ll face a problem with FreeBSD CURRENT-14 based systems running Apache24: FreeBSD 14.0-CURRENT #4 main-n244672-866c8b8d5dd: Mon Feb 8 08:38:59 CET 2= 021 amd64 /usr/ports is at Revision: 564736. www/apache24, www/serf have been rebuilt using "portmaster -f www/apache24 = www/serf". Restarting Apache 2.4 still fails on any access with SSL enabled, firefox r= eports: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT What am I missing here? What is to be rebuilt? FreeBSD 14-CURRENT has been = rebuilt from scratch on the 7th of February, ports have been completely rebuilt after KT= LS introduction and several critical ports as www/serf and www/apache and mod_= ports have been rebuilt afterwards with ports tree revision 564736. Something is still= missing. Kind regards and thanks in advance, oh --Sig_/rIsr33mdTV97.D7Kc0zRX+/ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCYCMJsQAKCRA4N1ZZPba5 R82JAP0Ule8uNCV+gp90uYktDIQXJ03bJv3uDxWPhJBwP/7XaAEA4pbwvgiv5R4I krBeMnfoO5iN2aoS8hby7maVWJIYWQ8= =NOT7 -----END PGP SIGNATURE----- --Sig_/rIsr33mdTV97.D7Kc0zRX+/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210209231617.796fccda>