Created attachment 225093 [details] new port entry This is a port of OpenBSD's OpenIKED to different Unix-like operating systems, including Linux, macOS, FreeBSD and NetBSD. In line with the OpenBSD V 6.9.0 release. This first issue is mainly inspired by the legacy security/openiked port.
OpenBSD announcement: https://marc.info/?l=openbsd-announce&m=162133544514801&w=2
Created attachment 225098 [details] new port entries Review pkg-descr. * setup CONFLICT entries, openiked vs openiked-portable.
Created attachment 225100 [details] new port entries Uses the official openbsd mirror instead of github.
Running a 'poudriere testport' on a FreeBSD 11.4 jail (amd64 and i386), the build is failing with: [00:08:35] [ 90% 53/54] : && /usr/bin/cc -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -O2 -pipe -fstack-protector-strong -fno- strict-aliasing -fstack-protector-strong compat/CMakeFiles/compat.dir/recallocarray.c.o compat/CMakeFiles/compat.dir/getrtable.c.o compat/C MakeFiles/compat.dir/getdtablecount.c.o compat/CMakeFiles/compat.dir/imsg.c.o compat/CMakeFiles/compat.dir/imsg-buffer.c.o compat/CMakeFile s/compat.dir/freezero.c.o regress/dh/CMakeFiles/dhtest.dir/dhtest.c.o regress/dh/CMakeFiles/dhtest.dir/__/__/iked/dh.c.o regress/dh/CMakeFi les/dhtest.dir/__/__/iked/smult_curve25519_ref.c.o regress/dh/CMakeFiles/dhtest.dir/__/__/iked/imsg_util.c.o -o regress/dh/dhtest -L/usr/lo cal/lib -Wl,-rpath,/usr/local/lib -lutil -lcrypto && : [00:08:35] FAILED: regress/dh/dhtest [00:08:35] : && /usr/bin/cc -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -O2 -pipe -fstack-protector-strong -fno-strict-aliasi ng -fstack-protector-strong compat/CMakeFiles/compat.dir/recallocarray.c.o compat/CMakeFiles/compat.dir/getrtable.c.o compat/CMakeFiles/com pat.dir/getdtablecount.c.o compat/CMakeFiles/compat.dir/imsg.c.o compat/CMakeFiles/compat.dir/imsg-buffer.c.o compat/CMakeFiles/compat.dir/ freezero.c.o regress/dh/CMakeFiles/dhtest.dir/dhtest.c.o regress/dh/CMakeFiles/dhtest.dir/__/__/iked/dh.c.o regress/dh/CMakeFiles/dhtest.di r/__/__/iked/smult_curve25519_ref.c.o regress/dh/CMakeFiles/dhtest.dir/__/__/iked/imsg_util.c.o -o regress/dh/dhtest -L/usr/local/lib -Wl,- rpath,/usr/local/lib -lutil -lcrypto && : [00:08:35] regress/dh/CMakeFiles/dhtest.dir/__/__/iked/dh.c.o: In function `modp_init': [00:08:35] dh.c:(.text+0x278): undefined reference to `DH_set0_pqg' [00:08:35] regress/dh/CMakeFiles/dhtest.dir/__/__/iked/dh.c.o: In function `modp_create_exchange': [00:08:35] dh.c:(.text+0x350): undefined reference to `DH_get0_key' [00:08:35] cc: error: linker command failed with exit code 1 (use -v to see invocation) Do you meet the same problem ?
Correct. We did not test the port on FreeBSD 11, actually. This is an openssl version issue, we do need openssl 1.1.0+ . I guess the openssl released in base with freeBSD 11.4 doesnt match. I tried `BROKEN_SSL=base` with no success.
Created attachment 225292 [details] BROKEN_SLL if running FreeBSD 11 and base openssl Make port BROKEN for users running FreeBSD lower than 1200085 with openssl libraries only available from base. (openssl <1.1.1, rev 339270 & 339732) Port built sucessfully with `DEFAULT_VERSIONS+=ssl=openssl`
Port built successfully with `DEFAULT_VERSIONS+=ssl=libressl` (`TLS_SRP` unset from `ftp/curl`)
Does it work with DEFAULT_VERSIONS+=ssl=libressl too?
Correct. * openssl from base: * FreeBSD11-4 RELEASE: BROKEN * FreeBSD12-2-RELEASE: OK * FreeBSD13-0-RELEASE: OK openssl from port: * FreeBSD11-4 RELEASE: OK * FreeBSD12-2-RELEASE: OK * FreeBSD13-0-RELEASE: OK libressl from port: - unset "TLS_SRP" from ftp/curl to make this one build - * FreeBSD11-4 RELEASE: OK * FreeBSD12-2-RELEASE: OK * FreeBSD13-0-RELEASE: OK {openssl | libressl}-dev ports: not checked.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2e5a5b07e2bb28a3f0321c1550da6025317bd2bd commit 2e5a5b07e2bb28a3f0321c1550da6025317bd2bd Author: Olivier Cochard <olivier@FreeBSD.org> AuthorDate: 2021-05-27 10:40:26 +0000 Commit: Olivier Cochard <olivier@FreeBSD.org> CommitDate: 2021-05-27 10:44:57 +0000 security/openiked-portable: New port for OpenBSD portable version of OpenIKED PR: 256009 Reported by: David Marec <david@lapinbilly.eu> security/Makefile | 1 + security/openiked-portable/Makefile (new) | 31 ++++++++++++ security/openiked-portable/distinfo (new) | 3 ++ security/openiked-portable/files/iked.in (new) | 69 ++++++++++++++++++++++++++ security/openiked-portable/pkg-descr (new) | 10 ++++ security/openiked-portable/pkg-plist (new) | 14 ++++++ security/openiked/Makefile | 2 + 7 files changed, 130 insertions(+)
Thanks! Committed with small modifications and including your remark about openssl/libressl.