Re: Problem building py-cryptography
Hi Charlie, Thanks for this. My ports tree is synched to the package server for amd64-default, ie. b093791110 I'm not mixing SSL's, here again are my make.conf files: make.conf WRKDIRPREFIX=/usr/tmp #WRKDIRPREFIX=/tmp/drupal7 OPTIONS_SET=GECKO CUPS NOI4B=1 OPTIONS_SET+=NO-X11 #OPTIONS_UNSET+=X11 GUI CUPS DOCS EXAMPLES NLS LPR CUPS_OVERWRITE_BASE=YES WITH_VIM_OPTIONS=yes #DEFAULT_VERSIONS+=ssl=libressl bdb=5 DEFAULT_VERSIONS+=bdb=5 VALID_CATEGORIES+=local SVN=svnlite #WITH_OPENSSL_PORT=yes /usr/local/etc/poudriere.d/make.conf VALID_CATEGORIES+=local #DEFAULT_VERSIONS+=ssl=libressl bdb=5 #DEFAULT_VERSIONS+=ssl=libressl DEFAULT_VERSIONS+=bdb=5 OPTIONS_SET+=NO-X11 OVERLAYS=local #DEFAULT_VERSIONS+=ssl=port #DEVELOPER=yes LICENSES_ACCEPTED=NONE There is no jail-specific make.conf or -z options set. Once this poudriere run is complete (probably another couple of hours), if it succeeds I'll update all my boxes with the new ports using base openssl instead of libressl then update the ports tree and start another build with libressl to see how it goes with your commit. -- Regards, Simon. On 23/05/2021 1:05 am, Charlie Li wrote: Simon Wright wrote: Hi all, Here is the new py-cryptography build log with no libressl and no ccache. How recent is your ports tree? I've committed a further fix that converts all patches to conditionals, specifically on FreeBSD 11 with base OpenSSL or any system using LibreSSL. It looks to me as though python38 is pulling in libressl. Python options are default though not sure whether options were specifically set. All ports built in this jail/tree/set must use the same DEFAULT_SSL throughout; you cannot mix and match. By changing your DEFAULT_SSL, every USES=ssl port must be rebuilt. I've just removed the config options for python (make rmconfig) and poudirere is now rebuilding 101 ports so I'll update this in the morning. Full build log here: == =>> Building security/py-cryptography build started at Sat May 22 22:59:08 PST 2021 port directory: /usr/ports/security/py-cryptography package name: py38-cryptography-3.3.2 building for: FreeBSD pkg.home.santos-wright.net 13.0-RELEASE FreeBSD 13.0-RELEASE amd64 Since it appears you are building under FreeBSD 13.0-RELEASE with the base OpenSSL, no patches should apply.
Re: Problem building py-cryptography
I haven't followed everything, but have you tried to rebuild libressl?
poudriere bulk -j FreeBSD:13:amd64 -p default -C security/libressl
And, here's a check for complete synchronization of port tree.
git -C ${BASEFS}/ports/default status
Re: Problem building py-cryptography
Simon Wright wrote: > Hi Charlie, > > Thanks for this. My ports tree is synched to the package server for > amd64-default, ie. b093791110 > > I'm not mixing SSL's, here again are my make.conf files: > > make.conf > > > > There is no jail-specific make.conf or -z options set. > Your previous statement and log output > It looks to me as though python38 is pulling in libressl. Python options > are default though not sure whether options were specifically set. directly contradict what is actually happening. Flipping your SSL_DEFAULT back to base in an existing repo probably won't trigger rebuilds of USES=ssl ports due to the ports SSL dependency going away. If you switched to a different SSL port in SSL_DEFAULT then a rebuild will definitely happen due to switched/new dependency. > Once this poudriere run is complete (probably another couple of hours), > if it succeeds I'll update all my boxes with the new ports using base > openssl instead of libressl then update the ports tree and start another > build with libressl to see how it goes with your commit. > I recommend that you do not pass go and clean rebuild everything. -- Charlie Li …nope, still don't have an exit line. OpenPGP_signature Description: OpenPGP digital signature
Re: Problem building py-cryptography
On 23/05/2021 8:29 am, Charlie Li wrote: Simon Wright wrote: Thanks for this. My ports tree is synched to the package server for amd64-default, ie. b093791110 I'm not mixing SSL's, here again are my make.conf files: make.conf There is no jail-specific make.conf or -z options set. Your previous statement and log output It looks to me as though python38 is pulling in libressl. Python options are default though not sure whether options were specifically set. directly contradict what is actually happening. Flipping your SSL_DEFAULT back to base in an existing repo probably won't trigger rebuilds of USES=ssl ports due to the ports SSL dependency going away. If you switched to a different SSL port in SSL_DEFAULT then a rebuild will definitely happen due to switched/new dependency. Once this poudriere run is complete (probably another couple of hours), if it succeeds I'll update all my boxes with the new ports using base openssl instead of libressl then update the ports tree and start another build with libressl to see how it goes with your commit. I recommend that you do not pass go and clean rebuild everything. OK, I can do that though it will take a day or two to rebuild everything. These are my ssl settings in the two active make.conf for poudriere. What would you advise to set there in order to only use openssl from base? Or conversely to only use libressl - which is my preferred option if/when it builds everything I need? /etc/make.conf #DEFAULT_VERSIONS+=ssl=libressl bdb=5 DEFAULT_VERSIONS+=bdb=5 #WITH_OPENSSL_PORT=yes /usr/local/etc/poudriere.d/make.conf #DEFAULT_VERSIONS+=ssl=libressl bdb=5 #DEFAULT_VERSIONS+=ssl=libressl DEFAULT_VERSIONS+=bdb=5 #DEFAULT_VERSIONS+=ssl=port #DEVELOPER=yes LICENSES_ACCEPTED=NO Do I just need to change to DEFAULT_VERSIONS+=ssl=openssl bdb=5? -- Thanks Simon.
Re: Problem building py-cryptography
On 23/05/2021 8:17 am, Tatsuki Makino wrote:
I haven't followed everything, but have you tried to rebuild libressl?
poudriere bulk -j FreeBSD:13:amd64 -p default -C security/libressl
And, here's a check for complete synchronization of port tree.
git -C ${BASEFS}/ports/default status
I haven't specifically rebuilt libressl but 3.3.3 built successfully
last week and that is what was being used in the failing build run. Once
this poudriere run is complete I will be cleaning my repro and
rebuilding everything - 14 ports listed with around 330 dependencies.
This will take a couple of days on my build box!
--
Thanks,
Simon.
Re: Problem building py-cryptography
Tatsuki Makino wrote: > I haven't followed everything, but have you tried to rebuild libressl? > Rebuilding LibreSSL itself doesn't help anything in this case. Consumers are a different story since there is an apparent SSL_DEFAULT mismatch in the same pkg repository. -- Charlie Li …nope, still don't have an exit line. OpenPGP_signature Description: OpenPGP digital signature
Re: Problem building py-cryptography
Simon Wright wrote:
> OK, I can do that though it will take a day or two to rebuild
> everything. These are my ssl settings in the two active make.conf for
> poudriere. What would you advise to set there in order to only use
> openssl from base? Or conversely to only use libressl - which is my
> preferred option if/when it builds everything I need?
>
From Mk/bsd.default-options.mk:
# Possible values: base, openssl, libressl, libressl-devel
Pick one of them and put it in DEFAULT_VERSIONS+=ssl=${whatever}. base
uses OpenSSL from the base system, openssl uses security/openssl,
libressl uses security/libressl and libressl-devel uses
security/libressl-devel. Note that all except one are ports.
If you decide to change to another *port* option while you have a pkg
repository with built packages, the rebuild will automatically trigger
since a "new" dependency gets detected. However, when switching from a
port to base, it appears that a dependency is removed. This is why you
cannot mix and match options like you did, especially in a panic.
--
Charlie Li
…nope, still don't have an exit line.
OpenPGP_signature
Description: OpenPGP digital signature
