Bug 264474 - [NEW PORT] security/libpki : OpenCA’s libpki library
Summary: [NEW PORT] security/libpki : OpenCA’s libpki library
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Nuno Teixeira
URL: https://www.openca.org/projects/libpki
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-05 13:33 UTC by Bruno Damour
Modified: 2022-07-13 09:55 UTC (History)
2 users (show)

See Also:


Attachments
Patch against the current port tree (11.89 KB, patch)
2022-06-05 13:33 UTC, Bruno Damour
no flags Details | Diff
Patch against current ports tree (11.89 KB, patch)
2022-06-06 08:27 UTC, Bruno Damour
no flags Details | Diff
Patch against current ports tree (10.25 KB, patch)
2022-06-06 22:17 UTC, Bruno Damour
no flags Details | Diff
Patch against current ports tree (10.19 KB, patch)
2022-06-14 20:11 UTC, Bruno Damour
no flags Details | Diff
Patch against current ports tree (10.19 KB, patch)
2022-06-14 21:21 UTC, Bruno Damour
no flags Details | Diff
libpki-0.9.2 (9.67 KB, patch)
2022-06-14 21:21 UTC, Nuno Teixeira
no flags Details | Diff
New patch against ports tree using upstream PR (9.11 KB, patch)
2022-06-24 10:07 UTC, Bruno Damour
no flags Details | Diff
Revised patch (7.95 KB, patch)
2022-07-12 21:38 UTC, Daniel Engberg
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Damour 2022-06-05 13:33:14 UTC
Created attachment 234463 [details]
Patch against the current port tree

A new version of my port of OpenCA’s libpki (used by OpenCA’s OCSP responder in separate post).
Updated to the last version published (0.9.2).
Comment 1 Bruno Damour 2022-06-06 08:27:23 UTC
Created attachment 234482 [details]
Patch against current ports tree

Corrected patch.
Comment 2 Bruno Damour 2022-06-06 22:17:22 UTC
Created attachment 234505 [details]
Patch against current ports tree

Cleaner version (cf. Comments in openca-ocspd)
Comment 3 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-12 02:21:20 UTC
Hello,

1. "# Created by .." is deprecated, you can remove it

2. "DISTNAME=libpki-0.9.2" must be removed because it is implicit since it is equal "${PORTNAME}-${DISTVERSION}"

Errors to be corrected:

- Portlint -C
---
WARN: ###/security/libpki/pkg-descr: includes lines that exceed 80 characters.
FATAL: Makefile: [5]: use a tab (not space) after a variable name
WARN: ###/security/libpki/files/patch-configure.ac: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.[1]
1 fatal error and 2 warnings found.
---

[1] to generate a patch with 'make makepatch':
    (inside security/libpki)
>   make extract
>   cp work/libpki-0.9.2/configure.ac work/libpki-0.9.2/configure.ac.orig
    (edit and change work/libpki-0.9.2/configure.ac)
>   make makepatch

- portclippy Makefile
---
# USES block
USES
USE_GITHUB
GH_ACCOUNT
+USE_GNOME
USE_LDCONFIG
-USE_GNOME
---

Cheers
Comment 4 Bruno Damour 2022-06-14 20:11:21 UTC
Created attachment 234686 [details]
Patch against current ports tree

- removed “created by” comment
- removed unnecessary DISTNAME
- corrected order in variables as recommended by portclippy
- regenerated patch with make makepatch instead of patch
Comment 5 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-14 20:48:38 UTC
Hi,

maintainer == bruno@ruomad.net
author == freebsd@ruomad.net

This will make some confusion committing
Comment 6 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-14 20:51:59 UTC
...

I could sugest use maintainer email on bugs.freebsd.org account for example to simplify things or the reverse.

I will start doing tests now.

cheers
Comment 7 Bruno Damour 2022-06-14 21:21:46 UTC
Created attachment 234689 [details]
Patch against current ports tree

OK, I changed the committer email in the patch to my main email bruno@ruomad.net.
I change the login in bugzilla as well.
Sorry for the confusion.
Comment 8 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-14 21:21:59 UTC
Created attachment 234690 [details]
libpki-0.9.2

complete diff with security/Makefile libpki added with small fixes:

- remove some Makefile extra tabs
- reformat CONFIGURE_ARGS for better reading
- reformat pkg-descr for 72 columns

Please use this diff for future changes/updates for an easier patch apply
Comment 9 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-14 21:25:06 UTC
ok,

I've fount some Q/A plist issues:

---
====> Running Q/A tests (stage-qa)
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: include/internal/ossl_1_0_x/cms_lcl.h
Error: Orphaned: include/internal/ossl_1_1_0/cms_lcl.h
Error: Orphaned: include/internal/ossl_1_1_0/ocsp_lcl.h
Error: Orphaned: include/internal/ossl_1_1_0/x509_int.h
Error: Orphaned: include/internal/ossl_1_1_0/x509_lcl.h
Error: Orphaned: include/internal/ossl_1_1_1/cms_lcl.h
Error: Orphaned: include/internal/ossl_1_1_1/ocsp_lcl.h
Error: Orphaned: include/internal/ossl_1_1_1/refcount.h
Error: Orphaned: include/internal/ossl_1_1_1/x509_int.h
Error: Orphaned: include/internal/ossl_1_1_1/x509_lcl.h
Error: Orphaned: %%DATADIR%%/README.data_structures
Error: Orphaned: %%DATADIR%%/README.functions
Error: Orphaned: %%DATADIR%%/doxygen-man.conf
Error: Orphaned: %%DATADIR%%/doxygen-pdf.conf
Error: Orphaned: %%DATADIR%%/doxygen.conf
Error: Orphaned: %%DATADIR%%/pkginfo
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1
---

You can take a look at poudriere logs:

https://people.freebsd.org/~eduardo/logs/libpki-0.9.2/

If you need help just ask.

Nuno Eduardo Teixeira
Comment 10 Bruno Damour 2022-06-14 21:41:12 UTC
Well, I somehow thought these where not necessary even if upstream includes them (the ports works o for me without them), I suppose i could just re-add them to the plist, or delete them in the Makefile (just a plain rm ?)

What do you think would be most appropriate ? I'm not sure

Sorry for a newbie question...

Bruno
Comment 11 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-14 22:22:05 UTC
(In reply to Bruno Damour from comment #10)
First of all you don't need to say sorry because lots of times I've learn with hight experienced maintainers that sometimes are programers etc, other times I need to help them, other times I need to ask help to other commiters and maintainers to help me..

So in this world a committer or a maintainer are always learning and teaching and, thats why I love what I do, not just be a committer because I'm a maintainer too :) The more I learn, the more I feel a newbie lol

Ok, orphanad files shoudm't be removed with RM, only on very special cases but this one it doesn't apply.

''make makeplist' should do the job and some times need some editing but manual editing like adding/removing entries is not so good.

try make makeplist, update patch, I will be here for a few hours for tests
Comment 12 Daniel Engberg freebsd_committer freebsd_triage 2022-06-15 09:08:11 UTC
Hi,

None of your patches seems to be submitted upstream, please do and by doing so we can also utilize GitHub to pull those patches back in.

Best regards,
Daniel
Comment 13 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-15 11:24:16 UTC
(In reply to Daniel Engberg from comment #12)
Hello Daniel,

Ok, then we should wait until upstream import those patches and when its done we can use something like:

---
PATCH_SITES=    https://github.com/openca/libpki/commit/
PATCHFILES=     <hash>.patch:-p1
(etc)
---

It's that it?

Thanks
Comment 14 Daniel Engberg freebsd_committer freebsd_triage 2022-06-15 11:56:05 UTC
(In reply to Nuno Teixeira from comment #13)
Correct given that they apply cleanly otherwise we need to backport by hand

Best regards,
Daniel
Comment 15 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-15 15:50:02 UTC
(In reply to Daniel Engberg from comment #14)
ok, in my previous reply I forgot to ask a second question:

What happens if upstream doesn't accept this patches? What we should do then?

Thanks
Comment 16 Daniel Engberg freebsd_committer freebsd_triage 2022-06-15 16:14:02 UTC
(In reply to Nuno Teixeira from comment #15)
In my experience this is rarely an issue unless the patch(es) breaks functionality for other platforms in which case it'll need to be reworked. In case upstream is unresponsive just refer to PR(s). If upstream flat out refuses we should make sure that patches are as "generic" as possible and document why they are committed in the first place. Documentation save a lot of time and neither submitter or committer might be around next time to update the port. Needing to do guesswork usually results in ports being neglected (ie no one touches it).
Comment 17 Bruno Damour 2022-06-16 07:15:39 UTC
Hello all,
Sorry I have been unavailable, and will not be able to amend my ports draft until this weekend or next week.
My understanding of your recommandations :
I will submit my patches to upstream, I haven’t done it in the last months because I understood that the project was more or less unattended, but the last commits seem to suggest that there is still a possibility. The last commit fixed the majority of patches I previously had to apply to get it to compile on freeBSD, and this is the reason why I decided to submit this ports.
I realised that some patches may still be unnecessary, so I will also review them to try to stick to current upstream as much as possible (the patch replacing strncpy bystrcpy for example seems not needed and I cannot figure out why it was when I had to apply it a year ago).
In fact only patches to configure seem necessary, they should not be a problem for upstream to accept, they are pretty trivial.
Thanks a lot for your comments.
Bruno
Comment 18 Bruno Damour 2022-06-21 17:16:16 UTC
Hello,
I revised the patches in a minimal approach and it boils down to only 2 very small patches. I submitted them to upstream in a pull request, let’s see what happens…
For information the patches only fix the following :
- ensure install refers to lib and not lib64 (configure.ac)
- consider amd64 as meaning x86_64 (configure.ac)
- include sys/socket.h in header files (src/include/pki.h)
With these patches openca-ocspd builds nicely without any patch (and works).
Bruno
Comment 19 Nuno Teixeira freebsd_committer freebsd_triage 2022-06-21 18:58:19 UTC
(In reply to Bruno Damour from comment #18)
Hello Bruno!

Can you link these pull(s) request here so we can follow?

cheers
Comment 20 Bruno Damour 2022-06-21 19:14:14 UTC
Here is the link to the pull request :

https://github.com/openca/libpki/pull/54
Comment 21 Bruno Damour 2022-06-24 10:07:33 UTC
Created attachment 234910 [details]
New patch against ports tree using upstream PR

New port proposal using upstream PR on github (waiting for upstream to accept it).
Comment 22 Bruno Damour 2022-07-11 11:56:44 UTC
Hello,

My upstream PR did not (yet ?) receive any answer, which is not surprising considering the very low activity of the project (which I even thought completely dead when I first tried to draft a port).

Not sure of what I should do next...
Comment 23 Daniel Engberg freebsd_committer freebsd_triage 2022-07-11 12:15:10 UTC
Hi,

As long as you've submitted upstream I think you've done a great job.

I'll update the URL to use this one instead to avoid file names clashing in distfiles.

https://github.com/openca/libpki/commit/d7617046e9da97473a140c02582fa571f6359ae3.patch
Comment 24 Daniel Engberg freebsd_committer freebsd_triage 2022-07-12 21:38:40 UTC
Created attachment 235225 [details]
Revised patch

Revised version, we can add information regarding the PR in commit message.
No need to explain the sample stuff as its clear what it does

Poudriere testport OK 12.3-RELEASE (amd64)
Poudriere testport OK 13.0-RELEASE (i386)
Comment 25 commit-hook freebsd_committer freebsd_triage 2022-07-13 09:54:29 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=93db311c5f7a2da50f3b8414c68a3f20c241354c

commit 93db311c5f7a2da50f3b8414c68a3f20c241354c
Author:     Bruno Damour <bruno@ruomad.net>
AuthorDate: 2022-07-13 09:48:20 +0000
Commit:     Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2022-07-13 09:53:32 +0000

    security/libpki: New port: OpenCA PKI library (libpki) and tools

     - submitter becomes maintainer

    OpenCA LibPKI provides an easy-to-use PKI library for PKI enabled
    application development.
    The library provides the developer with all the needed functionalities
    to manage certificates, from generation to validation.

    WWW: https://www.openca.org/projects/libpki

    PR:             264474
    Reviewed by:    diizzy

 security/Makefile               |   1 +
 security/libpki/Makefile (new)  |  37 +++++++++
 security/libpki/distinfo (new)  |   5 ++
 security/libpki/pkg-descr (new) |   6 ++
 security/libpki/pkg-plist (new) | 178 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 227 insertions(+)
Comment 26 Nuno Teixeira freebsd_committer freebsd_triage 2022-07-13 09:55:49 UTC
Committed, thank you!