Re: OpenSSL 3.0 in the base system update
Le 6/9/23 05:22, Eugene Grosbein a écrit : 09.06.2023 0:13, Ed Maste wrote: [skip] We welcome feedback from anyone willing to test the work in progress. Is it possible to grab some binary snapshot of 14-CURRENT to install into a VM and test my port that fails build? If not, how do I build 14-CURRENT with OpenSSL 3.0 myself? Eugene Hi, I couldnt find the ISO, but the tarballs are here https://download.freebsd.org/ftp/snapshots/arm64/14.0-CURRENT/ Cheers Xavier -- Xavier HUMBERT - Unix/Win/MacOSX Sysadmin/Network Engineer https://www.amdh.fr
Re: OpenSSL 3.0 in the base system update
Le 6/9/23 10:06, Xavier Humbert a écrit : Le 6/9/23 05:22, Eugene Grosbein a écrit : 09.06.2023 0:13, Ed Maste wrote: [skip] We welcome feedback from anyone willing to test the work in progress. Is it possible to grab some binary snapshot of 14-CURRENT to install into a VM and test my port that fails build? If not, how do I build 14-CURRENT with OpenSSL 3.0 myself? Eugene Hi, I couldnt find the ISO, but the tarballs are here https://download.freebsd.org/ftp/snapshots/arm64/14.0-CURRENT/ Cheers Xavier Sorry, ISO images are here https://download.freebsd.org/ftp/snapshots/ISO-IMAGES/14.0/ Xavier -- Xavier HUMBERT - Unix/Win/MacOSX Sysadmin/Network Engineer https://www.amdh.fr
Re: OpenSSL 3.0 in the base system update
Thanks for the work and the update. May I suggest to submit the update to 2023Q2 status reports too? https://docs.freebsd.org/en/articles/freebsd-status-report-process/#_submit_your_report Cheers, Lorenzo Salvadore Inviato da Proton Mail mobile Messaggio originale Il 8 Giu 2023, 19:13, Ed Maste ha scritto: > As previously mentioned[1] FreeBSD 14.0 will include OpenSSL 3.0. We expect > to merge the update to main in the near future (within the next week or two) > and are ready for wider testing. Supported by the FreeBSD Foundation, Pierre > Pronchery has been working on the update in the src tree, with assistance > from Enji Cooper (ngie@), and me (emaste@). Thanks to Antoine Brodin > (antoine@) and Muhammad Moinur Rahman (bofh@) for ports exp-runs and > fixes/workarounds and to Dag-Erling (des@) for updating ldns in the base > system. ## Base system compatibility status Most of the base system is ready > for a seamless switch to OpenSSL 3.0. For several components we've added > `-DOPENSSL_API_COMPAT=0x1010L` to CFLAGS to specify the API version, > which avoids deprecation warnings from OpenSSL 3.0. Changes have also been > made to avoid OpenSSL APIs already deprecated in OpenSSL 1.1. We can continue > the process of updating to contemporary APIs after OpenSSL 3.0 is in the > tree. Additional changes are still required for libarchive and seven > Kerberos-related libraries or tools. Workarounds are ready to go along with > the OpenSSL 3 import, and proper fixes are in progress in the upstream > projects. A segfault from `openssl x509` in the i386 ports exp-run is under > investigation and needs to be addressed prior to the merge. ## Ports > compatibility With bofh@'s recent www/node18 and www/node20 patches the ports > tree is in reasonable shape for OpenSSL 3.0 in the base system. The exp-run > (link below) has a list of the failing ports, and I've emailed all of the > maintainers as a heads-up. None of the remaining failures are responsible for > a large number of skipped ports (i.e., the failures are either leaf ports or > are responsible for only a small number of skipped ports). I expect that some > or many of these will need to be addressed after the change lands in the src > tree. ## Call for testing We welcome feedback from anyone willing to test the > work in progress. Pierre's update can be obtained from the pull request[2] or > by fetching the branch[3]. If desired I will provide a large diff against > main. ## Links - Base system OpenSSL 3.0 update tracking PR: > https://bugs.freebsd.org/271615 - Ports exp-run with OpenSSL 3.0 in the base > system: https://bugs.freebsd.org/271656 [1] > https://lists.freebsd.org/archives/freebsd-current/2023-May/003609.html [2] > https://github.com/freebsd/freebsd-src/pull/760 [3] > https://github.com/khorben/freebsd-src/tree/khorben/openssl-3.0.9
Re: OpenSSL 3.0 in the base system update
> On Jun 9, 2023, at 5:22 AM, Eugene Grosbein wrote: > > 09.06.2023 0:13, Ed Maste wrote: > > [skip] > >> We welcome feedback from anyone willing to test the work in progress. > > Is it possible to grab some binary snapshot of 14-CURRENT to install into a > VM and test my port that fails build? > If not, how do I build 14-CURRENT with OpenSSL 3.0 myself? > > Eugene > > At the moment there is no binary snapshot as the codebase has not yet been merged into the Source of Truth. The best way to test your port is either with poudriere or with a local jail. In case you are using poudriere the following might be helpful for you: git clone g...@github.com:khorben/freebsd-src.git openssl3-src cd openssl3-src && git checkout khorben/openssl-3.0.9 poudriere jail -c -j MAINopenssl3 -b -m src=/openssl3-src -J 64 If you are the Eugen from gost-engine then I believe it should be a simple upgrade to the latest 3.0.1 version. And if you do not have enough firepower for running HEAD jail submit a patch and assign it to me. I will look into it. Kind regards, Moin signature.asc Description: Message signed with OpenPGP
Guidance on creating a port for an npm installed tool
Hi all,
is there some general guide on how to go about creating a port
for anything implemented in node.js and using npm to download
all sorts of dependencies at build/install time?
I'd like to see a port of this:
https://github.com/louislam/uptime-kuma
Similarly a port of mineos would be awesome.
Cloning from Github and running npm works and delivers a
functional installation in ${WRKSRC} ...
What now?
I did not find any detailled help in the handbook or by searching.
There seems to be a general method if all modules are available
in npm (they have a repository it seems).
But what with products like these?
For Go applications there are very convenient tools to get
all the dependencies into the port Makefile and do it in a clean way.
Section 6.5.8 here:
https://docs.freebsd.org/en/books/porters-handbook/special/#building
So any help with porting these would be greatly appreciated.
Kind regards,
Patrick
--
punkt.de GmbH
Patrick M. Hausen
.infrastructure
Sophienstr. 187
76185 Karlsruhe
Tel. +49 721 9109500
https://infrastructure.punkt.de
i...@punkt.de
AG Mannheim 108285
Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
Re: Guidance on creating a port for an npm installed tool
> On Jun 9, 2023, at 8:11 PM, Patrick M. Hausen wrote:
>
> Hi all,
>
> is there some general guide on how to go about creating a port
> for anything implemented in node.js and using npm to download
> all sorts of dependencies at build/install time?
>
> I'd like to see a port of this:
> https://github.com/louislam/uptime-kuma
>
> Similarly a port of mineos would be awesome.
>
> Cloning from Github and running npm works and delivers a
> functional installation in ${WRKSRC} ...
>
> What now?
>
> I did not find any detailled help in the handbook or by searching.
> There seems to be a general method if all modules are available
> in npm (they have a repository it seems).
>
> But what with products like these?
>
> For Go applications there are very convenient tools to get
> all the dependencies into the port Makefile and do it in a clean way.
>
> Section 6.5.8 here:
> https://docs.freebsd.org/en/books/porters-handbook/special/#building
>
> So any help with porting these would be greatly appreciated.
>
> Kind regards,
> Patrick
> --
> punkt.de GmbH
> Patrick M. Hausen
> .infrastructure
>
> Sophienstr. 187
> 76185 Karlsruhe
>
> Tel. +49 721 9109500
>
> https://infrastructure.punkt.de
> i...@punkt.de
>
> AG Mannheim 108285
> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
>
>
There is no specific guidelines but so far what have been most useful
is you install the package and then install the npm deps. After that
create a tarball of the npm deps installed and add it as a DISTFILE.
One another approach is just install the dist with node as a RUN_DEPEND
and ask user to install it through a pkg-message.
Kind regards,
Moin
Re: Guidance on creating a port for an npm installed tool
Hi, > Am 09.06.2023 um 20:15 schrieb Moin Rahman : > There is no specific guidelines but so far what have been most useful > is you install the package and then install the npm deps. After that > create a tarball of the npm deps installed and add it as a DISTFILE. So I create my own binary archive from the result of "npm install" or "npm run setup" or similar? That does not feel right. How will the user know that my tar archive is authentic? > One another approach is just install the dist with node as a RUN_DEPEND > and ask user to install it through a pkg-message. Neither does this. So the state of npm based installation is that is in a mess? I'm not blaming FreeBSD or the ports system here :-) What a way to distribute software. Your second suggestion is btw out of the question because we build packages in poudriere and from these build immutable read-only base images for our jails. *sigh* Thanks for your insight. Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein
Re: Guidance on creating a port for an npm installed tool
On 6/9/23 11:11, Patrick M. Hausen wrote:
Hi all,
is there some general guide on how to go about creating a port
for anything implemented in node.js and using npm to download
all sorts of dependencies at build/install time?
I'd like to see a port of this:
https://github.com/louislam/uptime-kuma
Similarly a port of mineos would be awesome.
Cloning from Github and running npm works and delivers a
functional installation in ${WRKSRC} ...
What now?
I did not find any detailled help in the handbook or by searching.
There seems to be a general method if all modules are available
in npm (they have a repository it seems).
But what with products like these?
For Go applications there are very convenient tools to get
all the dependencies into the port Makefile and do it in a clean way.
Section 6.5.8 here:
https://docs.freebsd.org/en/books/porters-handbook/special/#building
So any help with porting these would be greatly appreciated.
i've had to build node/js code in the past internally and i've found
that whole ecosystem is awkward at best to work with (ports or not).
i did poke around the ports tree just now and found www/hedgedoc which
makes use of yarn for building, it may be worth taking a look at that
Makefile for inspiration. for my internal pkgs i did something similar
that is in the "do-build" section iirc.
-pete
--
Pete Wright
p...@nomadlogic.org
@nomadlogicLA
Re: Guidance on creating a port for an npm installed tool
> On Jun 9, 2023, at 8:22 PM, Patrick M. Hausen wrote: > > Hi, > >> Am 09.06.2023 um 20:15 schrieb Moin Rahman : >> There is no specific guidelines but so far what have been most useful >> is you install the package and then install the npm deps. After that >> create a tarball of the npm deps installed and add it as a DISTFILE. > > So I create my own binary archive from the result of "npm install" or > "npm run setup" or similar? > > That does not feel right. How will the user know that my tar archive > is authentic? I don't know whether if you are a committer or not. But once you submit a patch it will be the committer's duty to check the size and SHA and that there are not nothing malicious. The users have to trust something and in FreeBSD world they trust the committer. And if a committer violates the rules there are consequences for them. >> One another approach is just install the dist with node as a RUN_DEPEND >> and ask user to install it through a pkg-message. > > Neither does this. So the state of npm based installation is that is > in a mess? I'm not blaming FreeBSD or the ports system here :-) > > What a way to distribute software. > > Your second suggestion is btw out of the question because we > build packages in poudriere and from these build immutable > read-only base images for our jails. I think this is also possible with poudriere jail hooks. But not sure because it depends on the way you are creating the jail images. Kind regards, Moin > *sigh* > > Thanks for your insight. > Patrick > -- > punkt.de GmbH > Patrick M. Hausen > .infrastructure > > Sophienstr. 187 > 76185 Karlsruhe > > Tel. +49 721 9109500 > > https://infrastructure.punkt.de > i...@punkt.de > > AG Mannheim 108285 > Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein >
Unmaintained FreeBSD ports which are out of date
Dear port maintainers, The portscout new distfile checker has detected that one or more unmaintained ports appears to be out of date. Please take the opportunity to check each of the ports listed below, and if possible and appropriate, submit/commit an update. Please consider also adopting this port. If any ports have already been updated, you can safely ignore the entry. An e-mail will not be sent again for any of the port/version combinations below. Full details can be found at the following URL: http://portscout.freebsd.org/po...@freebsd.org.html Port| Current version | New version +-+ cad/ifcopenshell| 0.6.0 | blenderbim-230608 +-+ databases/clickhouse| 22.1.3.7| v23.5.1.3174-stable +-+ databases/postgresql-zhparser | 0.2.0 | v2.2 +-+ net/mpich | 3.4.3 | 4.1.2 +-+ If any of the above results are invalid, please check the following page for details on how to improve portscout's detection and selection of distfiles on a per-port basis: http://portscout.freebsd.org/info/portscout-portconfig.txt Reported by:portscout!
Re: OpenSSL 3.0 in the base system update
09.06.2023 18:33, Moin Rahman wrote: >> On Jun 9, 2023, at 5:22 AM, Eugene Grosbein wrote: >> >> 09.06.2023 0:13, Ed Maste wrote: >> >> [skip] >> >>> We welcome feedback from anyone willing to test the work in progress. >> >> Is it possible to grab some binary snapshot of 14-CURRENT to install into a >> VM and test my port that fails build? >> If not, how do I build 14-CURRENT with OpenSSL 3.0 myself? > > At the moment there is no binary snapshot as the codebase has not yet > been merged into the Source of Truth. The best way to test your port > is either with poudriere or with a local jail. In case you are using > poudriere the following might be helpful for you: > > git clone g...@github.com:khorben/freebsd-src.git openssl3-src > cd openssl3-src && git checkout khorben/openssl-3.0.9 > poudriere jail -c -j MAINopenssl3 -b -m src=/openssl3-src -J 64 > > If you are the Eugen from gost-engine then I believe it should be a simple > upgrade to the latest 3.0.1 version. I am. The port security/gost-engine already supports OpenSSL 3.0 but requires non-default build option to use it. I guess, I need to rework the port to use flavours instead. But, I worry about net/mpd5 this time. > And if you do not have enough firepower for running HEAD jail submit a > patch and assign it to me. I will look into it. I will use my local bhyve to run HEAD+OpenSSL 3.0 I can build it myself and buildworld finished already, in fact :-) Thank you all who responded.
