On Fri, May 03, 2019 at 08:55:40PM +0200, Jeremie Courreges-Anglas wrote: > On Fri, May 03 2019, Remi Locherer <[email protected]> wrote: > > Hi porters > > > > This updates librelp to version 1.4.0. It now supports OpenSSL and GNUtls. > > > > I verified that rsyslog from ports still works with this (imrelp and > > omrelp). > > > > Please have a look at my patch for tcp.c. Is this a good way to deal with > > LibreSSL not supporting @SECLEVEL? > > I think it's fine. No need to spread the "!defined(LIBRESSL_VERSION_NUMBER)" > disease. > > > Comments/OKs? > > As noted by Antoine the python version shouldn't be hardcoded. Here's > a proposal which: > - removes gnutls from TEST_DEPENDS (LIB_DEPENDS is enough) > - adds coreutils to TEST_DEPENDS for gtimeout, so that the *abort* tests > aren't skipped > - uses MODPY_RUN_DEPENDS and MODPY_BIN from the python module instead of > hardcoding the python path and version. We could have used > MODPY_ADJ_FILES=tests/*.py but tests/test-framework.sh would have > needed patching anyway. > - use python2, needed by tests/dummyserver.py (previously SKIPPED > because of the lack of "timeout" command) > - moves the /bin/bash handling to post-extract so that update-patches > doesn't create bogus patches > > Note that you could also add a TEST_DEPENDS on sysutils/ggrep instead of > patching tests/tls-wrong-signedcert.sh. > > The major bump is warranted (symbols have been removed) and the update > looks good ports-wise.
Thanks a lot for all these inputs! I like your suggestion to add ggrep to TEST_DEPENDS. I believe that lowers future maintenance work. Index: Makefile =================================================================== RCS file: /cvs/ports/sysutils/librelp/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 13 Aug 2018 22:07:13 -0000 1.13 +++ Makefile 3 May 2019 21:55:33 -0000 @@ -2,9 +2,9 @@ COMMENT = reliable event logging protocol library -DISTNAME = librelp-1.2.16 +DISTNAME = librelp-1.4.0 -SHARED_LIBS += relp 2.0 # 4.0 +SHARED_LIBS += relp 3.0 # 5.0 CATEGORIES = sysutils @@ -16,20 +16,32 @@ MAINTAINER = Remi Locherer <remi@openbsd PERMIT_PACKAGE_CDROM = Yes WANTLIB = ffi gmp gnutls hogweed iconv idn2 intl nettle p11-kit pthread -WANTLIB += tasn1 unistring z +WANTLIB += tasn1 unistring crypto ssl MASTER_SITES = http://download.rsyslog.com/librelp/ -LIB_DEPENDS = security/gnutls +MODULES = lang/python +MODPY_BUILDDEP = No +MODPY_RUNDEP = No +MODPY_VERSION = ${MODPY_DEFAULT_VERSION_2} +LIB_DEPENDS = security/gnutls TEST_DEPENDS = shells/bash \ - ${LIB_DEPENDS} + sysutils/coreutils \ + sysutils/ggrep \ + ${MODPY_RUN_DEPENDS} SEPARATE_BUILD = Yes CONFIGURE_STYLE = gnu +CONFIGURE_ARGS = --disable-valgrind -pre-test: +post-extract: sed -i s,#!/bin/bash,#!${LOCALBASE}/bin/bash, ${WRKSRC}/tests/*.sh + +pre-test: + ln -sf ${MODPY_BIN} ${WRKDIR}/bin/python + ln -sf ${LOCALBASE}/bin/gtimeout ${WRKDIR}/bin/timeout + ln -sf ${LOCALBASE}/bin/ggrep ${WRKDIR}/bin/grep .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/sysutils/librelp/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 13 Aug 2018 22:07:13 -0000 1.6 +++ distinfo 3 May 2019 21:50:20 -0000 @@ -1,2 +1,2 @@ -SHA256 (librelp-1.2.16.tar.gz) = DCNd0qAQYK1eZEOIebMa5k52QNDiYqoaKHot2bxg/VM= -SIZE (librelp-1.2.16.tar.gz) = 474456 +SHA256 (librelp-1.4.0.tar.gz) = XNAs5+3i/qA35lzFOJ5B3embabHfmEtCwUAp5gu53QU= +SIZE (librelp-1.4.0.tar.gz) = 519235 Index: patches/patch-src_tcp_c =================================================================== RCS file: patches/patch-src_tcp_c diff -N patches/patch-src_tcp_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_tcp_c 3 May 2019 21:50:20 -0000 @@ -0,0 +1,22 @@ +$OpenBSD$ + +LibreSSL has no support for @SECLEVEL + +Index: src/tcp.c +--- src/tcp.c.orig ++++ src/tcp.c +@@ -1183,14 +1183,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis) + /* Compute priority string (in simple cases where the user does not care...) */ + if(pThis->pristring == NULL) { + if (pThis->authmode == eRelpAuthMode_None) { +- #if OPENSSL_VERSION_NUMBER >= 0x10100000L +- /* NOTE: do never use: +eNULL, it DISABLES encryption! */ +- strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0", +- sizeof(pristringBuf)); +- #else + strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL", + sizeof(pristringBuf)); +- #endif + } else { + strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf)); + }
