Created attachment 155206 [details] svn diff for security/openxpki security/openxpki relies on `openssl version` output which has changed with LibreSSL. Attached patch fixes build with LibreSSL Upstreamed to https://github.com/openxpki/openxpki/pull/287
A note from maintainer of port security/p5-openxpki: 1. This PR names port incorrectly, thus concealing this PR from those concerned. I have found it by a pure chance. 2. Submitted patch seems wrong, as it ruins existing files/patch... file. 3. Submitted patch fixes only one trivial check of openssl name and version, and ignores multiple problems of compatibility with libressl. There is a major work in progress with the upstream. openxpki project uses too many features of openssl, including calls to internal methods of the openssl libs. Let me suggest to wait until new upstream versions will gradually add support for libressl. Until this full support happens, I am willing to declare this port as BROKEN conditionally, if OPENSSL_PORT=security/libressl is defined. This declaration could be added soon with the nearest upstream version change.
Maintainer does not approve. Cf. comment #1
Created attachment 155465 [details] svn diff for secuity/p5-openxpki (In reply to Sergei Vyshenski from comment #2) Hi Sergei, Upstream has created a revised patch based on the one I upstreamed. That contained an error for LibreSSL still so I patched it to work properly. Attached patch is based on the upstream patch and includes the latest fix (which I can only assume will be accepted upstream) see https://github.com/openxpki/openxpki/pull/291
Hi Bernard, Thank you for efforts with mating everything to libressl. The renewed patch still ruins the old version of the file files/patch-Makefile.PL which is already present in this port. And so this patch does not solve points 2 and 3 from comment #1. Being part of the upstream I can repeat the summary of our discussion there: at the moment support of libressl in the openxpki project is considered bleeding, marginal, experimental, for developers only, as many features of openxpki simply do not work with libressl. You can not solve numerous problems by just muting the check for name and version of openssl or libressl. That said, the generalized version of your patch will be present in the forthcoming upstream versions (with libressl support explicitly labeled as for developers only) together with gradually adding the real support for libressl. Let me suggest to close this PR without commit. Thank you again for your contribution. Regards, Sergei
Created attachment 155467 [details] svn diff for security/openxpki Hi Sergei, That was by no means my intention, so sloppy! Dunno what I did but probably a make extract and not a make patch before patching... This new patch includes the original modifications to Makefile.PL You're suggesting to close this PR and wait for upstream to release a fixed version?
Created attachment 155468 [details] Poudriere build log for security/p5-openxpki
Hi Bernard, Let me repeat for the third time. OpenXPKI project in its present state does NOT support libressl, both without and with your patch. Also, please note that the upstream has incorporated your offer into its "development" branch, while this port deals with only "master" branch stable releases of the OpenXPI. With updating this port to the next stable upstream version I will add conditional BROKEN, if libressl related env variable is defined. Already have a reprimand from FreeBSD committers for too frequent updates of this port. So at the moment see no reasons to disturb committers with a specially dedicated fix about this BROKEN. And yes, suggesting to close this PR now without committing any changes. I would appreciate if you (as originator of this PR) could change its status to "Fixed: Overcome by events". Thank you again for your contribution. You really stimulated upstream members (me too) to start digging into this important issue of integrating libressl. Regards, Sergei
Let me clarify. At the moment this port builds ok and works just fine with all (either base or port) available versions of openssl. At the moment this port explicitly refuses to build with libressl. If you force this build (hacking the port with something like your patch), then you get software which is NOT workable. Hence this looks like very reasonable behavior of the port, and I see no reasons for immediate modifications of this port.
Created attachment 156808 [details] patch for updating port [MAINTAINER] security/p5-openxpki: update to 0.27.0.1 - Update to ver 0.28.0 Changes: https://github.com/openxpki/openxpki/commits/master - Add IGNORE if LibreSSL is installed. This port uses low level functions of OpenSSL, and big work of the upstream is ahead to support LibreSSL. This version of OpenXPKI still does not have full support of LibreSSL. - Allow non-root user to build and stage so library. Cf. complains about chmod below. - "portlint -AC" says: WARN: Makefile: [122]: possible use of "${CHMOD}" found. Use @(owner,group,mode) syntax or @owner/@group operators in pkg-plist instead. WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy. 0 fatal errors and 2 warnings found. - Tested with poudriere (log attached) at 11.0-CURRENT-amd64, perl5-5.20, and openssl from ports.
Created attachment 156810 [details] log from poudriere at 11-amd64 with perl-5.20
Errata. Comment #9 should begin with: [MAINTAINER] security/p5-openxpki: update to 0.28.0
A commit references this bug: Author: amdmi3 Date: Mon May 18 19:59:08 UTC 2015 New revision: 386710 URL: https://svnweb.freebsd.org/changeset/ports/386710 Log: - Update to 0.28.0 - Add IGNORE if LibreSSL is installed. This port uses low level functions of OpenSSL, and big work of the upstream is ahead to support LibreSSL. This version of OpenXPKI still does not have full support of LibreSSL. - Allow non-root user to build and stage so library. PR: 199179 Submitted by: spil.oss@gmail.com Patch by: svysh.fbsd@gmail.com (maintainer) Changes: head/security/p5-openxpki/Makefile head/security/p5-openxpki/distinfo head/security/p5-openxpki/files/pkg-message.in head/security/p5-openxpki/pkg-descr head/security/p5-openxpki/pkg-plist