Created attachment 176050 [details] v1 LibreSSL cannot coexist with OpenSSL. Instead of altering global scope, build a local copy ourselves, letting the infra to clean it up later.
Created attachment 176051 [details] 9.3R i386 |poudriere bulk -t| log (XZ compressed)
Created attachment 176052 [details] v1.1 files/extra-patch-GNUmakefile hack is no longer necessary. It didn't affect poudriere as I accidentally inversed logic.
A commit references this bug: Author: brnrd Date: Sun Oct 30 11:14:42 UTC 2016 New revision: 424941 URL: https://svnweb.freebsd.org/changeset/ports/424941 Log: security/acme-client: Unblock package build via bundled LibreSSL - Use staged build of LibreSSL when SSL_DEFAULT is not libressl* - Remove STATIC_ACME_CLIENT option - Remove extra-patch for static build - Add stack smashing protection flags for 9.3 i386 PR: 213695 Submitted by: jbeich Changes: head/security/acme-client/Makefile head/security/acme-client/files/extra-patch-GNUmakefile
A commit references this bug: Author: brnrd Date: Sun Oct 30 16:44:08 UTC 2016 New revision: 424955 URL: https://svnweb.freebsd.org/changeset/ports/424955 Log: security/acme-client: Roll back to STATIC option - Too many issues with the LibreSSL BUILD_DEPENDS PR: 213695 Changes: head/security/acme-client/Makefile head/security/acme-client/files/extra-patch-GNUmakefile
What are those "too many" ? Please, use bugzilla to concisely document them. DEFAULTS_VERSIONS=ssl=openssl (aka bug 213889) [1] was fixed by ports r424947. The remaining bug 213890 is benign: confusing but builds fine. [1] not really a regression as it wasn't possible to build with openssl before, anyway
Is this PR somehow connects to inability connect to let's encrypt api ? I updated and transferred acme-client to another server and can't renew my certificates anymore: root@proxy:~ # /usr/local/etc/acme/acme-client.sh acme-client: 2.20.25.220: tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify setup failure acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm Looks like issue with tls provider on the early stage of connect. Also, I noticed that this port asks me not to forget to remove libressl. Why if I'm not linking statically? root@proxy:~ # cat /etc/make.conf OPTIONS_UNSET+= DOCS EXAMPLES X11 IPV6 DEFAULT_VERSIONS+=ssl=libressl Should I make a new PR ?
(In reply to Ivan from comment #6) Please create a new PR if there's issues with version 0.1.13 or later. Looks like an SSL error you have there. Please add -v to the acme-client invocation and provide more output. The warning is indeed a fluke if you intend to use LibreSSL as default.
(In reply to Jan Beich (mail not working) from comment #5) Sorry for the hasty rollback... I do still like the idea and want to keep this PR open until we get bug #213890 sorted.
(In reply to Bernard Spil from comment #7) Bernard, the issue has gone after I updated version 0.1.13 -> 0.1.14 So, I'm not sure it was 'minor update' as how it called in commit message :p
A commit references this bug: Author: brnrd Date: Fri Dec 30 20:47:48 UTC 2016 New revision: 430064 URL: https://svnweb.freebsd.org/changeset/ports/430064 Log: security/acme-client: Update to 0.1.15 - Update to 0.1.15 - Remove STATIC_ACMECLIENT option - stage-build LibreSSL when not SSL_DEFAULT PR: 213695 Submitted by: jbeich Changes: head/security/acme-client/Makefile head/security/acme-client/distinfo
Tested in poudriere for 11.0 amd64 11.0 i386 10.3 amd64 10.3 i386 9.3 i386 In-tree builds in my ports-jail was OK (LibreSSL in base)