From owner-freebsd-ports@FreeBSD.ORG Tue Aug 26 19:18:19 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E7F7D67E for ; Tue, 26 Aug 2014 19:18:18 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C6B6B3E4A for ; Tue, 26 Aug 2014 19:18:18 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id s7QJIIWF065744 for ; Tue, 26 Aug 2014 19:18:18 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s7QJIIAk065743 for freebsd-ports@freebsd.org; Tue, 26 Aug 2014 19:18:18 GMT (envelope-from bdrewery) Received: (qmail 11534 invoked from network); 26 Aug 2014 14:18:15 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 26 Aug 2014 14:18:15 -0500 Message-ID: <53FCDD72.2050503@FreeBSD.org> Date: Tue, 26 Aug 2014 14:18:10 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Michael Jung Subject: Re: SAT resolver problem - [CFT] SSP Package Repository available References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <65f72f283578f9e08cb672928bc441e9@mail.mikej.com> <53F7A552.5050608@FreeBSD.org> In-Reply-To: OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M" Cc: pkg@freebsd.org, Ports FreeBSD X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2014 19:18:19 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/26/2014 2:02 PM, Michael Jung wrote: > On 2014-08-22 16:17, Bryan Drewery wrote: >> On 8/22/2014 1:16 PM, mikej wrote: >>> On , Bryan Drewery wrote: >>>> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 1= 0 >>>>> i386 and amd64, and older releases on amd64 only currently. >>>>> >>>>> Support may be added for earlier i386 releases once all ports prope= rly >>>>> respect LDFLAGS. >>>>> >>>>> To enable, just add WITH_SSP=3Dyes to your make.conf and rebuild al= l >>>>> ports. >>>>> >>>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-= all >>>>> may optionally be set instead. >>>>> >>>>> Please help test this on your system. We would like to eventually >>>>> enable >>>>> this by default, but need to identify any major ports that have >>>>> run-time >>>>> issues due to it. >>>>> >>>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>>>> >>>> >>>> We have not had any feedback on this yet and want to get it enabled = by >>>> default for ports and packages. >>>> >>>> We now have a repository that you can use rather than the default to= >>>> help test. We need your help to identify any issues before switching= >>>> the >>>> default. >>>> >>>> This repository is available for: >>>> >>>> head >>>> 10.0 >>>> 9.1,9.2,9.3 >>>> >>>> It is not available for 8.4. If someone is willing to test on 8.4 I >>>> will >>>> build a repository for it. >>>> >>>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >>>> >>>> FreeBSD: { enabled: no } >>>> FreeBSD_ssp: { >>>> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", >>>> mirror_type: "srv", >>>> signature_type: "fingerprints", >>>> fingerprints: "/usr/share/keys/pkg", >>>> enabled: yes >>>> } >>>> >>>> Once that is done you should force reinstall packages from this >>>> repository: >>>> >>>> pkg update >>>> pkg upgrade -f >>>> >>>> Thanks for your help! >>>> Bryan Drewery >>>> On behalf of portmgr. >>> >>> I have been using this without issue on several machines until today.= >>> >>> root@firewall:/usr/ports # pkg -v >>> 1.3.6 >>> root@firewall:/usr/ports # >>> >>> >>> Repositories: >>> FreeBSD_ssp: { >>> url : >>> "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp", >>> enabled : yes, >>> mirror_type : "SRV", >>> signature_type : "FINGERPRINTS", >>> fingerprints : "/usr/share/keys/pkg" >>> } >>> >>> >>> root@firewall:/usr/ports # pkg update -f >>> Updating repository catalogue >>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found= >>> pkg: repository FreeBSD_ssp has no meta file, using default settings >>> Fetching digests.txz: 100% of 1 MB >>> Fetching packagesite.txz: 100% of 5 MB >>> >>> Adding new entries: 100% >>> Incremental update completed, 23305 packages processed: >>> 0 packages updated, 0 removed and 23305 added. >>> root@firewall:/usr/ports # pkg install mdnsresponder >>> Updating repository catalogue >>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found= >>> pkg: repository FreeBSD_ssp has no meta file, using default settings >>> FreeBSD_ssp repository is up-to-date >>> All repositories are up-to-date >>> Checking integrity... done (1 conflicting) >>> pkg: Cannot solve problem using SAT solver: >>> cannot install package mDNSResponder~net/mDNSResponder, remove it fro= m >>> request [Y/n]: y >>> Checking integrity... done (0 conflicting) >>> The most recent version of packages are already installed >>> root@firewall:/usr/ports # uname -a >>> FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug= 1 >>> 00:35:49 EDT 2014 mikej@firewall:/usr/obj/usr/src/sys/GENERIC am= d64 >>> root@firewall:/usr/ports # date >>> Fri Aug 22 14:12:30 EDT 2014 >>> root@firewall:/usr/ports # >>> >>> root@firewall:/usr/ports # pkg info | grep mdns >>> root@firewall:/usr/ports # >>> >>> Regards, >>> >>> --mikej >> >> It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32 repositori= es >> are stale from a month ago. Looking into why. >> >> Sadly this was not noticed and the instructions effectively will >> downgrade packages. These 2 repositories have pkg-1.2 still as well. >=20 >=20 >=20 > Bryan, >=20 > Any update? As you probably expect if I build the port locally with > poudriere and install there is no issue. I'm building with >=20 > WITH_SSP_PORTS=3DYES >=20 > in /etc/make.conf >=20 > Regards, >=20 > --mikej The latest package set, along with pkg 1.3.7, should be getting published later today. As for the pkg issue with installing mDNSResponder, I am not 100% sure it is fixed by new package set. We'll have to wait and see. There are several issues to fix in the new pkg solver still. --=20 Regards, Bryan Drewery --muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJT/N1zAAoJEDXXcbtuRpfPf9cH/1B0VYBfOx1xeyJA4cqTFfZ1 iNrwZ9a4z5NH60idm7/PD8TWrScP+TxIvCyOplTwu11wBF3xG8655QXaFBy0Zv90 5poheIwhEjj19tubmwkRJEAN17BmmuauZHARAXBmOH6c1w+KiEO7ek8VceGP75Fi QB21fmp25jikyPX9Y7/Rb1bgBwmuzxX2I+PMZN5n/HQZI311itEnoQorXLlUhJLl rNy0fjxG7W6+WK6S0r71hJdRGc/ZD5oWT2rvybschkS7QHL+sTeRzLOSsILUKDb7 IPJ4TLUNBguLwchy4KcddL3rXysQqdCebBBn+zn+H0czI/gVOVt5BQsDCd5Ye6k= =/br5 -----END PGP SIGNATURE----- --muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M--