On Sat, May 04, 2019 at 02:26:12PM +0200, Remi Locherer wrote:
> On Fri, May 03, 2019 at 08:55:40PM +0200, Jeremie Courreges-Anglas wrote:
> > On Fri, May 03 2019, Remi Locherer <[email protected]> wrote:
> > > Hi porters
> > >
> > > This updates librelp to version 1.4.0. It now supports OpenSSL and GNUtls.
> > >
> > > I verified that rsyslog from ports still works with this (imrelp and
> > > omrelp).
> > >
> > > Please have a look at my patch for tcp.c. Is this a good way to deal with
> > > LibreSSL not supporting @SECLEVEL?
> >
> > I think it's fine. No need to spread the
> > "!defined(LIBRESSL_VERSION_NUMBER)" disease.
> >
> > > Comments/OKs?
> >
> > As noted by Antoine the python version shouldn't be hardcoded. Here's
> > a proposal which:
> > - removes gnutls from TEST_DEPENDS (LIB_DEPENDS is enough)
> > - adds coreutils to TEST_DEPENDS for gtimeout, so that the *abort* tests
> > aren't skipped
> > - uses MODPY_RUN_DEPENDS and MODPY_BIN from the python module instead of
> > hardcoding the python path and version. We could have used
> > MODPY_ADJ_FILES=tests/*.py but tests/test-framework.sh would have
> > needed patching anyway.
> > - use python2, needed by tests/dummyserver.py (previously SKIPPED
> > because of the lack of "timeout" command)
> > - moves the /bin/bash handling to post-extract so that update-patches
> > doesn't create bogus patches
> >
> > Note that you could also add a TEST_DEPENDS on sysutils/ggrep instead of
> > patching tests/tls-wrong-signedcert.sh.
> >
> > The major bump is warranted (symbols have been removed) and the update
> > looks good ports-wise.
>
> Thanks a lot for all these inputs!
>
> I like your suggestion to add ggrep to TEST_DEPENDS. I believe that lowers
> future maintenance work.
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/Makefile,v
> retrieving revision 1.13
> diff -u -p -r1.13 Makefile
> --- Makefile 13 Aug 2018 22:07:13 -0000 1.13
> +++ Makefile 3 May 2019 21:55:33 -0000
> @@ -2,9 +2,9 @@
>
> COMMENT = reliable event logging protocol library
>
> -DISTNAME = librelp-1.2.16
> +DISTNAME = librelp-1.4.0
>
> -SHARED_LIBS += relp 2.0 # 4.0
> +SHARED_LIBS += relp 3.0 # 5.0
>
> CATEGORIES = sysutils
>
> @@ -16,20 +16,32 @@ MAINTAINER = Remi Locherer <remi@openbsd
> PERMIT_PACKAGE_CDROM = Yes
>
> WANTLIB = ffi gmp gnutls hogweed iconv idn2 intl nettle p11-kit pthread
> -WANTLIB += tasn1 unistring z
> +WANTLIB += tasn1 unistring crypto ssl
>
> MASTER_SITES = http://download.rsyslog.com/librelp/
>
> -LIB_DEPENDS = security/gnutls
> +MODULES = lang/python
> +MODPY_BUILDDEP = No
> +MODPY_RUNDEP = No
> +MODPY_VERSION = ${MODPY_DEFAULT_VERSION_2}
Do we need to set MODPY_VERSION? It's default.
>
> +LIB_DEPENDS = security/gnutls
> TEST_DEPENDS = shells/bash \
> - ${LIB_DEPENDS}
> + sysutils/coreutils \
> + sysutils/ggrep \
> + ${MODPY_RUN_DEPENDS}
>
> SEPARATE_BUILD = Yes
>
> CONFIGURE_STYLE = gnu
> +CONFIGURE_ARGS = --disable-valgrind
>
> -pre-test:
> +post-extract:
> sed -i s,#!/bin/bash,#!${LOCALBASE}/bin/bash, ${WRKSRC}/tests/*.sh
> +
> +pre-test:
> + ln -sf ${MODPY_BIN} ${WRKDIR}/bin/python
> + ln -sf ${LOCALBASE}/bin/gtimeout ${WRKDIR}/bin/timeout
> + ln -sf ${LOCALBASE}/bin/ggrep ${WRKDIR}/bin/grep
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/sysutils/librelp/distinfo,v
> retrieving revision 1.6
> diff -u -p -r1.6 distinfo
> --- distinfo 13 Aug 2018 22:07:13 -0000 1.6
> +++ distinfo 3 May 2019 21:50:20 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (librelp-1.2.16.tar.gz) = DCNd0qAQYK1eZEOIebMa5k52QNDiYqoaKHot2bxg/VM=
> -SIZE (librelp-1.2.16.tar.gz) = 474456
> +SHA256 (librelp-1.4.0.tar.gz) = XNAs5+3i/qA35lzFOJ5B3embabHfmEtCwUAp5gu53QU=
> +SIZE (librelp-1.4.0.tar.gz) = 519235
> Index: patches/patch-src_tcp_c
> ===================================================================
> RCS file: patches/patch-src_tcp_c
> diff -N patches/patch-src_tcp_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_tcp_c 3 May 2019 21:50:20 -0000
> @@ -0,0 +1,22 @@
> +$OpenBSD$
> +
> +LibreSSL has no support for @SECLEVEL
> +
> +Index: src/tcp.c
> +--- src/tcp.c.orig
> ++++ src/tcp.c
> +@@ -1183,14 +1183,8 @@ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
> + /* Compute priority string (in simple cases where the user does not
> care...) */
> + if(pThis->pristring == NULL) {
> + if (pThis->authmode == eRelpAuthMode_None) {
> +- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
> +- /* NOTE: do never use: +eNULL, it DISABLES encryption!
> */
> +- strncpy(pristringBuf,
> "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
> +- sizeof(pristringBuf));
> +- #else
> + strncpy(pristringBuf,
> "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
> + sizeof(pristringBuf));
> +- #endif
> + } else {
> + strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
> + }
>
--
Antoine
