Date: Tue, 26 Aug 2014 14:18:10 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Michael Jung <mikej@mikej.com> Cc: pkg@freebsd.org, Ports FreeBSD <freebsd-ports@freebsd.org> Subject: Re: SAT resolver problem - [CFT] SSP Package Repository available Message-ID: <53FCDD72.2050503@FreeBSD.org> In-Reply-To: <e1b637b8a7fa4d3d768cc497cf8c688e@mail.mikej.com> References: <523D79CD.2090302@FreeBSD.org> <53F4CE0E.8040106@FreeBSD.org> <65f72f283578f9e08cb672928bc441e9@mail.mikej.com> <53F7A552.5050608@FreeBSD.org> <e1b637b8a7fa4d3d768cc497cf8c688e@mail.mikej.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 8/26/2014 2:02 PM, Michael Jung wrote: > On 2014-08-22 16:17, Bryan Drewery wrote: >> On 8/22/2014 1:16 PM, mikej wrote: >>> On , Bryan Drewery wrote: >>>> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 1= 0 >>>>> i386 and amd64, and older releases on amd64 only currently. >>>>> >>>>> Support may be added for earlier i386 releases once all ports prope= rly >>>>> respect LDFLAGS. >>>>> >>>>> To enable, just add WITH_SSP=3Dyes to your make.conf and rebuild al= l >>>>> ports. >>>>> >>>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-= all >>>>> may optionally be set instead. >>>>> >>>>> Please help test this on your system. We would like to eventually >>>>> enable >>>>> this by default, but need to identify any major ports that have >>>>> run-time >>>>> issues due to it. >>>>> >>>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>>>> >>>> >>>> We have not had any feedback on this yet and want to get it enabled = by >>>> default for ports and packages. >>>> >>>> We now have a repository that you can use rather than the default to= >>>> help test. We need your help to identify any issues before switching= >>>> the >>>> default. >>>> >>>> This repository is available for: >>>> >>>> head >>>> 10.0 >>>> 9.1,9.2,9.3 >>>> >>>> It is not available for 8.4. If someone is willing to test on 8.4 I >>>> will >>>> build a repository for it. >>>> >>>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >>>> >>>> FreeBSD: { enabled: no } >>>> FreeBSD_ssp: { >>>> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp", >>>> mirror_type: "srv", >>>> signature_type: "fingerprints", >>>> fingerprints: "/usr/share/keys/pkg", >>>> enabled: yes >>>> } >>>> >>>> Once that is done you should force reinstall packages from this >>>> repository: >>>> >>>> pkg update >>>> pkg upgrade -f >>>> >>>> Thanks for your help! >>>> Bryan Drewery >>>> On behalf of portmgr. >>> >>> I have been using this without issue on several machines until today.= >>> >>> root@firewall:/usr/ports # pkg -v >>> 1.3.6 >>> root@firewall:/usr/ports # >>> >>> >>> Repositories: >>> FreeBSD_ssp: { >>> url : >>> "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp", >>> enabled : yes, >>> mirror_type : "SRV", >>> signature_type : "FINGERPRINTS", >>> fingerprints : "/usr/share/keys/pkg" >>> } >>> >>> >>> root@firewall:/usr/ports # pkg update -f >>> Updating repository catalogue >>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found= >>> pkg: repository FreeBSD_ssp has no meta file, using default settings >>> Fetching digests.txz: 100% of 1 MB >>> Fetching packagesite.txz: 100% of 5 MB >>> >>> Adding new entries: 100% >>> Incremental update completed, 23305 packages processed: >>> 0 packages updated, 0 removed and 23305 added. >>> root@firewall:/usr/ports # pkg install mdnsresponder >>> Updating repository catalogue >>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found= >>> pkg: repository FreeBSD_ssp has no meta file, using default settings >>> FreeBSD_ssp repository is up-to-date >>> All repositories are up-to-date >>> Checking integrity... done (1 conflicting) >>> pkg: Cannot solve problem using SAT solver: >>> cannot install package mDNSResponder~net/mDNSResponder, remove it fro= m >>> request [Y/n]: y >>> Checking integrity... done (0 conflicting) >>> The most recent version of packages are already installed >>> root@firewall:/usr/ports # uname -a >>> FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug= 1 >>> 00:35:49 EDT 2014 mikej@firewall:/usr/obj/usr/src/sys/GENERIC am= d64 >>> root@firewall:/usr/ports # date >>> Fri Aug 22 14:12:30 EDT 2014 >>> root@firewall:/usr/ports # >>> >>> root@firewall:/usr/ports # pkg info | grep mdns >>> root@firewall:/usr/ports # >>> >>> Regards, >>> >>> --mikej >> >> It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32 repositori= es >> are stale from a month ago. Looking into why. >> >> Sadly this was not noticed and the instructions effectively will >> downgrade packages. These 2 repositories have pkg-1.2 still as well. >=20 >=20 >=20 > Bryan, >=20 > Any update? As you probably expect if I build the port locally with > poudriere and install there is no issue. I'm building with >=20 > WITH_SSP_PORTS=3DYES >=20 > in /etc/make.conf >=20 > Regards, >=20 > --mikej The latest package set, along with pkg 1.3.7, should be getting published later today. As for the pkg issue with installing mDNSResponder, I am not 100% sure it is fixed by new package set. We'll have to wait and see. There are several issues to fix in the new pkg solver still. --=20 Regards, Bryan Drewery --muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iQEcBAEBAgAGBQJT/N1zAAoJEDXXcbtuRpfPf9cH/1B0VYBfOx1xeyJA4cqTFfZ1 iNrwZ9a4z5NH60idm7/PD8TWrScP+TxIvCyOplTwu11wBF3xG8655QXaFBy0Zv90 5poheIwhEjj19tubmwkRJEAN17BmmuauZHARAXBmOH6c1w+KiEO7ek8VceGP75Fi QB21fmp25jikyPX9Y7/Rb1bgBwmuzxX2I+PMZN5n/HQZI311itEnoQorXLlUhJLl rNy0fjxG7W6+WK6S0r71hJdRGc/ZD5oWT2rvybschkS7QHL+sTeRzLOSsILUKDb7 IPJ4TLUNBguLwchy4KcddL3rXysQqdCebBBn+zn+H0czI/gVOVt5BQsDCd5Ye6k= =/br5 -----END PGP SIGNATURE----- --muPSdvb4hxtOJsx2XROEXCX7u9EjvL42M--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53FCDD72.2050503>