Bug 217088 - www/h2o: upgrade 2.0.4 to 2.1.0 and drop bundled libressl switch
Summary: www/h2o: upgrade 2.0.4 to 2.1.0 and drop bundled libressl switch
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dmitry Marakasov
URL:
Keywords:
: 215890 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-02-13 22:03 UTC by Dave Cottlehuber
Modified: 2017-03-17 18:39 UTC (History)
2 users (show)

See Also:


Attachments
v1 patch (5.35 KB, patch)
2017-02-13 22:03 UTC, Dave Cottlehuber
no flags Details | Diff
v2 patch with corrected tabstops (5.84 KB, patch)
2017-02-14 13:59 UTC, Dave Cottlehuber
dch: maintainer-approval+
Details | Diff
v3 patch with a newly discovered RUBY_NO_RUN_DEPENDS (14.21 KB, patch)
2017-02-16 13:14 UTC, Dave Cottlehuber
dch: maintainer-approval+
Details | Diff
v4 patch fixes 10.3R filesystem contamination due to libressl leakage (14.58 KB, patch)
2017-03-06 23:33 UTC, Dave Cottlehuber
dch: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dave Cottlehuber freebsd_committer 2017-02-13 22:03:35 UTC
Created attachment 179967 [details]
v1 patch

# QA

portlint & poudriere OK (11.0R amd64).

$ portlint -C
WARN: /usr/ports/www/h2o/pkg-plist: [2]: If and only if your port is DATADIR-safe (that is, a user can override DATADIR when building this port and the port will still work correctly) consider using DATADIR macro; if you are unsure if this port is DATADIR-safe, then ignore this warning
WARN: /usr/ports/www/h2o/pkg-plist: [3]: If and only if your port is DATADIR-safe (that is, a user can override DATADIR when building this port and the port will still work correctly) consider using DATADIR macro; if you are unsure if this port is DATADIR-safe, then ignore this warning
WARN: /usr/ports/www/h2o/pkg-plist: [4]: If and only if your port is DATADIR-safe (that is, a user can override DATADIR when building this port and the port will still work correctly) consider using DATADIR macro; if you are unsure if this port is DATADIR-safe, then ignore this warning
WARN: /usr/ports/www/h2o/pkg-plist: [5]: If and only if your port is DATADIR-safe (that is, a user can override DATADIR when building this port and the port will still work correctly) consider using DATADIR macro; if you are unsure if this port is DATADIR-safe, then ignore this warning
WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}...".
FATAL: work: be sure to cleanup the working directory before committing the port.
1 fatal error and 5 warnings found.

# changes

www/h2o: upgrade 2.0.4 to 2.1.0 and drop bundled libressl switch

- Many HTTP/2 and performance improvements
- Support latest LibreSSL and OpenSSL libraries
- Numerous bug fixes
- include CPE security info contributed via shun.fbsd.pr@dropcut.net
- drop redundant bundled libressl option as now FreeBSD 10.x supports ChaCha and Poly algorithms across all project-supported SSL variants.


Full details at https://github.com/h2o/h2o/releases/tag/v2.1.0
Comment 1 Dave Cottlehuber freebsd_committer 2017-02-14 13:59:19 UTC
Created attachment 179986 [details]
v2 patch with corrected tabstops

corrected tab stops to match ports standard
Comment 2 Dave Cottlehuber freebsd_committer 2017-02-16 13:14:21 UTC
Created attachment 180044 [details]
v3 patch with a newly discovered RUBY_NO_RUN_DEPENDS

As we only need ruby to build mruby into h2o itself, there's no need
for a runtime dependency. Browsing through /usr/ports/*.mk I found a
knob to exclude it.
Comment 3 Dmitry Marakasov freebsd_committer 2017-02-21 14:15:22 UTC
Fails to install on 10.x:

--- install-exec-am ---
make  install-exec-hook
--- install-exec-hook ---
mkdir: //etc/ssl/certs: Permission denied
*** [install-exec-hook] Error code 1
Comment 4 Dave Cottlehuber freebsd_committer 2017-02-23 17:57:42 UTC
thanks amdmi3. Can you attach poudriere or similar logs? Is this definitely from h2o build, and not from some other package? I see no mention of /certs/ in my successful poudriere run on 10.3R amd64; the only (major) difference perhaps is that my build system uses libressl.

https://pkg.skunkwerks.at/poudriere/data/10_amd64-default/2017-02-23_17h15m12s/logs/h2o-2.1.0.log
Comment 5 Dave Cottlehuber freebsd_committer 2017-02-23 22:28:26 UTC
ok found it, yes it relates to using openssl instead of libressl.
Comment 6 Wen Heping freebsd_committer 2017-03-06 10:14:49 UTC
*** Bug 215890 has been marked as a duplicate of this bug. ***
Comment 7 Dave Cottlehuber freebsd_committer 2017-03-06 20:03:58 UTC
I'm clear what the specific 10.3R issue is now:

- 10.3 comes with a version of OpenSSL in base that is too low for h2o as it
  has no ALPN support
- h2o tries to use its embedded LibreSSL which is not what we want

Fix is to ensure that on all supported FreeBSD versions, we depend on the
  user's preferred TLS library, whether Libre/Open/...
Comment 8 Dave Cottlehuber freebsd_committer 2017-03-06 23:33:06 UTC
Created attachment 180578 [details]
v4 patch fixes 10.3R filesystem contamination due to libressl leakage

# QA

- 10.3 amd64 libressl: https://pkg.skunkwerks.at/poudriere/data/10_amd64-default/2017-03-06_22h28m26s/logs/h2o-2.1.0.log
-- Found OpenSSL: /usr/local/lib/libssl.so;/usr/local/lib/libcrypto.so (found version "2.0.0") 


- 10.3 amd64 openssl: https://pkg.skunkwerks.at/poudriere/data/10_amd64-default/2017-03-06_22h24m37s/logs/h2o-2.1.0.log
-- Found OpenSSL: /usr/lib/libssl.so;/usr/lib/libcrypto.so (found version "1.0.1s") 

the other combos won't finish until tomorrow.

# patch

If you use git then https://github.com/skunkwerks/ports/commit/b662cf9.patch is probably easier to apply.
Comment 9 commit-hook freebsd_committer 2017-03-17 18:39:13 UTC
A commit references this bug:

Author: amdmi3
Date: Fri Mar 17 18:38:07 UTC 2017
New revision: 436349
URL: https://svnweb.freebsd.org/changeset/ports/436349

Log:
  - Upgrade to 2.1.0
  - Drop bundled libressl switch

  PR:		217088
  Submitted by:	dch@skunkwerks.at (maintainer)

Changes:
  head/www/h2o/Makefile
  head/www/h2o/distinfo
  head/www/h2o/files/patch-CMakeLists.txt
  head/www/h2o/files/patch-lib_core_request.c
  head/www/h2o/files/patch-lib_http2_connection.c
  head/www/h2o/pkg-plist