Bug 213695

Comment 1 Jan Beich 2016-10-22 00:04:10 UTC

Created attachment 176051 [details]
9.3R i386 |poudriere bulk -t| log (XZ compressed)

Comment 2 Jan Beich 2016-10-22 00:10:00 UTC

Created attachment 176052 [details]
v1.1

files/extra-patch-GNUmakefile hack is no longer necessary. It didn't affect poudriere as I accidentally inversed logic.

Comment 3 commit-hook 2016-10-30 11:15:38 UTC

A commit references this bug:

Author: brnrd
Date: Sun Oct 30 11:14:42 UTC 2016
New revision: 424941
URL: https://svnweb.freebsd.org/changeset/ports/424941

Log:
  security/acme-client: Unblock package build via bundled LibreSSL

    - Use staged build of LibreSSL when SSL_DEFAULT is not libressl*
    - Remove STATIC_ACME_CLIENT option
    - Remove extra-patch for static build
    - Add stack smashing protection flags for 9.3 i386

  PR:		213695
  Submitted by:	jbeich

Changes:
  head/security/acme-client/Makefile
  head/security/acme-client/files/extra-patch-GNUmakefile

Comment 4 commit-hook 2016-10-30 16:44:14 UTC

A commit references this bug:

Author: brnrd
Date: Sun Oct 30 16:44:08 UTC 2016
New revision: 424955
URL: https://svnweb.freebsd.org/changeset/ports/424955

Log:
  security/acme-client: Roll back to STATIC option

    - Too many issues with the LibreSSL BUILD_DEPENDS

  PR:		213695

Changes:
  head/security/acme-client/Makefile
  head/security/acme-client/files/extra-patch-GNUmakefile

Comment 5 Jan Beich 2016-10-30 17:01:02 UTC

What are those "too many" ? Please, use bugzilla to concisely document them. DEFAULTS_VERSIONS=ssl=openssl (aka bug 213889) [1] was fixed by ports r424947. The remaining bug 213890 is benign: confusing but builds fine.

[1] not really a regression as it wasn't possible to build with openssl before, anyway

Is this PR somehow connects to inability connect to let's encrypt api ?
I updated and transferred acme-client to another server and can't renew my certificates anymore:

root@proxy:~ # /usr/local/etc/acme/acme-client.sh
acme-client: 2.20.25.220: tls_connect_socket: acme-v01.api.letsencrypt.org, ssl verify setup failure
acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm

Looks like issue with tls provider on the early stage of connect.

Also, I noticed that this port asks me not to forget to remove libressl. Why if I'm not linking statically? 

root@proxy:~ # cat /etc/make.conf 
OPTIONS_UNSET+= DOCS EXAMPLES X11 IPV6
DEFAULT_VERSIONS+=ssl=libressl

Should I make a new PR ?

Comment 7 Bernard Spil 2016-11-03 20:09:35 UTC

(In reply to Ivan from comment #6)

Please create a new PR if there's issues with version 0.1.13 or later.

Looks like an SSL error you have there. Please add -v to the acme-client invocation and provide more output.

The warning is indeed a fluke if you intend to use LibreSSL as default.

Comment 8 Bernard Spil 2016-11-03 20:27:22 UTC

(In reply to Jan Beich (mail not working) from comment #5)

Sorry for the hasty rollback...

I do still like the idea and want to keep this PR open until we get bug #213890 sorted.

(In reply to Bernard Spil from comment #7)
Bernard, the issue has gone after I updated version 0.1.13 -> 0.1.14 
So, I'm not sure it was 'minor update' as how it called in commit message :p

Comment 10 commit-hook 2016-12-30 20:48:21 UTC

A commit references this bug:

Author: brnrd
Date: Fri Dec 30 20:47:48 UTC 2016
New revision: 430064
URL: https://svnweb.freebsd.org/changeset/ports/430064

Log:
  security/acme-client: Update to 0.1.15

    - Update to 0.1.15
    - Remove STATIC_ACMECLIENT option
    - stage-build LibreSSL when not SSL_DEFAULT

  PR:		213695
  Submitted by:	jbeich

Changes:
  head/security/acme-client/Makefile
  head/security/acme-client/distinfo

Comment 11 Bernard Spil 2016-12-30 20:54:32 UTC

Tested in poudriere for
  11.0 amd64
  11.0 i386
  10.3 amd64
  10.3 i386
  9.3 i386

In-tree builds in my ports-jail was OK (LibreSSL in base)