Re: Build breakage with WITH_BEARSSL=1
Hello Mina, thanks for the PR, I can confirm that this bugfix is working. @Warner, could you commit it? I think creating a differential for the small change isn't neccessary. --Gordon On Thu, Feb 23, 2023 at 10:05:25AM +, Mina Galić wrote: > taking Simon off the list, cuz his auto - reply indicates he's very busy. > > Either way, t should do it: https://github.com/freebsd/freebsd-src/pull/657 > > Mina Galić > > Try PkgBase: https://alpha.pkgbase.live/ > > Original Message > On 23 Feb 2023, 09:57, Mina Galić wrote: > > > given that this isn't contrib code, we can just fix it in our tree: > > > > https://github.com/freebsd/freebsd-src/blob/main/sbin/veriexec/veriexec.c#L52 > > > > Mina Galić > > > > Try PkgBase: https://alpha.pkgbase.live/ > > > > Original Message > > On 23 Feb 2023, 09:27, Gordon Bergling wrote: > > > >> Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty > >> wrote: > This has been fixed upstream, I'll look at importing an update. > >> Thanks for merging the upstream fix. BearSSL is now compiling, but I get a > >> different error now while building veriexec. > >> /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function > >> declaration without a prototype is deprecated in all versio ns of C > >> [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, > >> that the Makefile of veriexec should be updated as well. --Gordon --
Re: Build breakage with WITH_BEARSSL=1
taking Simon off the list, cuz his auto - reply indicates he's very busy. Either way, t should do it: https://github.com/freebsd/freebsd-src/pull/657 Mina Galić Try PkgBase: https://alpha.pkgbase.live/ Original Message On 23 Feb 2023, 09:57, Mina Galić wrote: > given that this isn't contrib code, we can just fix it in our tree: > > https://github.com/freebsd/freebsd-src/blob/main/sbin/veriexec/veriexec.c#L52 > > Mina Galić > > Try PkgBase: https://alpha.pkgbase.live/ > > Original Message > On 23 Feb 2023, 09:27, Gordon Bergling wrote: > >> Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty wrote: >> > This has been fixed upstream, I'll look at importing an update. Thanks for >> merging the upstream fix. BearSSL is now compiling, but I get a different >> error now while building veriexec. >> /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function >> declaration without a prototype is deprecated in all versio ns of C >> [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, that >> the Makefile of veriexec should be updated as well. --Gordon
Re: Build breakage with WITH_BEARSSL=1
given that this isn't contrib code, we can just fix it in our tree: https://github.com/freebsd/freebsd-src/blob/main/sbin/veriexec/veriexec.c#L52 Mina Galić Try PkgBase: https://alpha.pkgbase.live/ Original Message On 23 Feb 2023, 09:27, Gordon Bergling wrote: > Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty wrote: > > This has been fixed upstream, I'll look at importing an update. Thanks for > merging the upstream fix. BearSSL is now compiling, but I get a different > error now while building veriexec. > /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function declaration > without a prototype is deprecated in all versio ns of C > [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, that > the Makefile of veriexec should be updated as well. --Gordon
Re: Build breakage with WITH_BEARSSL=1
Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty wrote: > This has been fixed upstream, I'll look at importing an update. Thanks for merging the upstream fix. BearSSL is now compiling, but I get a different error now while building veriexec. /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function declaration without a prototype is deprecated in all versio ns of C [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, that the Makefile of veriexec should be updated as well. --Gordon signature.asc Description: PGP signature
Re: Build breakage with WITH_BEARSSL=1
This has been fixed upstream, I'll look at importing an update.
Re: Build breakage with WITH_BEARSSL=1
On Thu, Feb 16, 2023 at 12:57 AM Gordon Bergling wrote:
> Hi Warner,
>
> On Wed, Feb 15, 2023 at 10:07:08AM -0700, Warner Losh wrote:
> > On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote:
> > > On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling
> wrote:
> > >
> > >> Hi,
> > >>
> > >> I am currently seeing a build breakage when building -CURRENT with
> > >> WITH_BEARSSL=1.
> > >>
> > >> The error is the following
> > >>
> > >> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line
> 109:
> > >> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem
> t*.asc 2>
> > >> /dev/null" returned non-zero status
> > >> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22:
> error:
> > >> a function declaration without a prototype is deprecat ed in all
> versions
> > >> of C [-Werror,-Wstrict-prototypes]
> > >> br_rsa_i62_keygen_get()
> > >>^
> > >> void
> > >> 1 error generated.
> > >> --- rsa_i62_keygen.pico ---
> > >>
> > >>
> > >> When disabling BEARSSL in the src.conf the build succeeds as usual.
> > >>
> > >> Has anyone also seen this build error. Sources are very recent and the
> > >> src.conf is the following:
> > >>
> > >> WITH_EXTRA_TCP_STACKS=1
> > >> #WITH_BEARSSL=1
> > >> WITH_PIE=1
> > >> WITH_RETPOLINE=1
> > >> WITH_INIT_ALL_ZERO=1
> > >> WITH_OPENSSL_KTLS=1
> > >> WITHOUT_CLEAN=1
> > >>
> > >> Any help is very appreciated.
> > >>
> > >>
> > > What does the following do for you? It's a cut and pasted patch, but it
> > > should be clear enough what to do if the mailer mangles it.
> > >
> > > diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc
> > > index dd0e242c8ef0..2af4864d8441 100644
> > > --- a/lib/libbearssl/Makefile.inc
> > > +++ b/lib/libbearssl/Makefile.inc
> > > @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl
> > > BEARSSL_SRC= ${BEARSSL}/src
> > >
> > > CFLAGS+= -I${BEARSSL}/inc
> > > -
> > > +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
> > >
> >
> > I went ahead and committed this. Please let me know if the problem
> persists.
>
> Sorry for the late reply. I just tried a fresh build and it still fails
> with
>
> [..]/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a function
> declaration without a prototype is deprecated in all versions of C
> [-Werror,-Wstrict-prototypes]
> br_rsa_i62_keygen_get()
>
> Did you see any other possibilty to fix this?
>
Oh, maybe add -Wno-strict-prototypes to where I added
NO_WDEPRECATED_NON_PROTOTYPES?
Warner
Re: Build breakage with WITH_BEARSSL=1
Stephane Rochoy wrote: > It may be worth contacting BearSSL's maintainer directly: Thomas > Pornin . The guy was very responsive and helpful > back in 2020 :) Indeed.
Re: Build breakage with WITH_BEARSSL=1
Warner Losh wrote: > Would be nice if we could get upstream to actually fix this, but i don't even > know how to submit bugs there… > > Agreed. I didn't recall off of the top of my head, so I did the quick bandaid. I can reach out to the author, I don't know that he has a bug tracker. What is the problem? lack of prototype declarations?
Re: Build breakage with WITH_BEARSSL=1
--- Original Message --- On Thursday, February 16th, 2023 at 08:30, Stephane Rochoy wrote: > Warner Losh i...@bsdimp.com writes: > > > On Wed, Feb 15, 2023, 1:09 PM Mina Galić free...@igalic.co > > wrote: > > > > > Would be nice if we could get upstream to actually fix this, > > > but i don't even know how to submit bugs there… > > > > Agreed. I didn't recall off of the top of my head, so I did the > > quick bandaid. > > > Hi, > > It may be worth contacting BearSSL's maintainer directly: Thomas > Pornin por...@bolet.org. The guy was very responsive and helpful > > back in 2020 :) > > Regards, > -- > Stéphane Rochoy > O: Stormshield after re-reading https://bearssl.org/contrib.html that's exactly what it says to do: "Suggestions, comments, patches and other contributions are welcome. They should simply be sent to me (por...@bolet.org) by email." (reading is hard)
Re: Build breakage with WITH_BEARSSL=1
Warner Losh writes: On Wed, Feb 15, 2023, 1:09 PM Mina Galić wrote: Would be nice if we could get upstream to actually fix this, but i don't even know how to submit bugs there… Agreed. I didn't recall off of the top of my head, so I did the quick bandaid. Hi, It may be worth contacting BearSSL's maintainer directly: Thomas Pornin . The guy was very responsive and helpful back in 2020 :) Regards, -- Stéphane Rochoy O: Stormshield
Re: Build breakage with WITH_BEARSSL=1
Hi Warner,
On Wed, Feb 15, 2023 at 10:07:08AM -0700, Warner Losh wrote:
> On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote:
> > On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote:
> >
> >> Hi,
> >>
> >> I am currently seeing a build breakage when building -CURRENT with
> >> WITH_BEARSSL=1.
> >>
> >> The error is the following
> >>
> >> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109:
> >> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2>
> >> /dev/null" returned non-zero status
> >> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error:
> >> a function declaration without a prototype is deprecat ed in all versions
> >> of C [-Werror,-Wstrict-prototypes]
> >> br_rsa_i62_keygen_get()
> >>^
> >> void
> >> 1 error generated.
> >> --- rsa_i62_keygen.pico ---
> >>
> >>
> >> When disabling BEARSSL in the src.conf the build succeeds as usual.
> >>
> >> Has anyone also seen this build error. Sources are very recent and the
> >> src.conf is the following:
> >>
> >> WITH_EXTRA_TCP_STACKS=1
> >> #WITH_BEARSSL=1
> >> WITH_PIE=1
> >> WITH_RETPOLINE=1
> >> WITH_INIT_ALL_ZERO=1
> >> WITH_OPENSSL_KTLS=1
> >> WITHOUT_CLEAN=1
> >>
> >> Any help is very appreciated.
> >>
> >>
> > What does the following do for you? It's a cut and pasted patch, but it
> > should be clear enough what to do if the mailer mangles it.
> >
> > diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc
> > index dd0e242c8ef0..2af4864d8441 100644
> > --- a/lib/libbearssl/Makefile.inc
> > +++ b/lib/libbearssl/Makefile.inc
> > @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl
> > BEARSSL_SRC= ${BEARSSL}/src
> >
> > CFLAGS+= -I${BEARSSL}/inc
> > -
> > +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
> >
>
> I went ahead and committed this. Please let me know if the problem persists.
Sorry for the late reply. I just tried a fresh build and it still fails with
[..]/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a function
declaration without a prototype is deprecated in all versions of C
[-Werror,-Wstrict-prototypes]
br_rsa_i62_keygen_get()
Did you see any other possibilty to fix this?
--Gordon
signature.asc
Description: PGP signature
Re: Build breakage with WITH_BEARSSL=1
On Wed, Feb 15, 2023, 1:09 PM Mina Galić wrote:
> Would be nice if we could get upstream to actually fix this, but i don't
> even know how to submit bugs there…
>
Agreed. I didn't recall off of the top of my head, so I did the quick
bandaid.
Warner
Mina Galić
>
> Try PkgBase: https://alpha.pkgbase.live/
>
>
>
>
>
>
> Original Message
> On 15 Feb 2023, 17:07, Warner Losh < i...@bsdimp.com> wrote:
>
>
>
>
> On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote:
>
>>
>>
>> On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote:
>>
>>> Hi,
>>>
>>> I am currently seeing a build breakage when building -CURRENT with
>>> WITH_BEARSSL=1.
>>>
>>> The error is the following
>>>
>>> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109:
>>> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2>
>>> /dev/null" returned non-zero status
>>> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error:
>>> a function declaration without a prototype is deprecat ed in all versions
>>> of C [-Werror,-Wstrict-prototypes]
>>> br_rsa_i62_keygen_get()
>>>^
>>> void
>>> 1 error generated.
>>> --- rsa_i62_keygen.pico ---
>>>
>>>
>>> When disabling BEARSSL in the src.conf the build succeeds as usual.
>>>
>>> Has anyone also seen this build error. Sources are very recent and the
>>> src.conf is the following:
>>>
>>> WITH_EXTRA_TCP_STACKS=1
>>> #WITH_BEARSSL=1
>>> WITH_PIE=1
>>> WITH_RETPOLINE=1
>>> WITH_INIT_ALL_ZERO=1
>>> WITH_OPENSSL_KTLS=1
>>> WITHOUT_CLEAN=1
>>>
>>> Any help is very appreciated.
>>>
>>>
>> What does the following do for you? It's a cut and pasted patch, but it
>> should be clear enough what to do if the mailer mangles it.
>>
>> diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc
>> index dd0e242c8ef0..2af4864d8441 100644
>> --- a/lib/libbearssl/Makefile.inc
>> +++ b/lib/libbearssl/Makefile.inc
>> @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl
>> BEARSSL_SRC= ${BEARSSL}/src
>>
>> CFLAGS+= -I${BEARSSL}/inc
>> -
>> +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
>>
>
> I went ahead and committed this. Please let me know if the problem
> persists.
>
> Warner
>
>>
Re: Build breakage with WITH_BEARSSL=1
Would be nice if we could get upstream to actually fix this, but i don't even
know how to submit bugs there…
Mina Galić
Try PkgBase: https://alpha.pkgbase.live/
Original Message
On 15 Feb 2023, 17:07, Warner Losh wrote:
> On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote:
>
>> On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote:
>>
>>> Hi,
>>>
>>> I am currently seeing a build breakage when building -CURRENT with
>>> WITH_BEARSSL=1.
>>>
>>> The error is the following
>>>
>>> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109:
>>> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2>
>>> /dev/null" returned non-zero status
>>> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a
>>> function declaration without a prototype is deprecat ed in all versions of
>>> C [-Werror,-Wstrict-prototypes]
>>> br_rsa_i62_keygen_get()
>>> ^
>>> void
>>> 1 error generated.
>>> --- rsa_i62_keygen.pico ---
>>>
>>> When disabling BEARSSL in the src.conf the build succeeds as usual.
>>>
>>> Has anyone also seen this build error. Sources are very recent and the
>>> src.conf is the following:
>>>
>>> WITH_EXTRA_TCP_STACKS=1
>>> #WITH_BEARSSL=1
>>> WITH_PIE=1
>>> WITH_RETPOLINE=1
>>> WITH_INIT_ALL_ZERO=1
>>> WITH_OPENSSL_KTLS=1
>>> WITHOUT_CLEAN=1
>>>
>>> Any help is very appreciated.
>>
>> What does the following do for you? It's a cut and pasted patch, but it
>> should be clear enough what to do if the mailer mangles it.
>>
>> diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc
>> index dd0e242c8ef0..2af4864d8441 100644
>> --- a/lib/libbearssl/Makefile.inc
>> +++ b/lib/libbearssl/Makefile.inc
>> @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl
>> BEARSSL_SRC= ${BEARSSL}/src
>>
>> CFLAGS+= -I${BEARSSL}/inc
>> -
>> +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
>
> I went ahead and committed this. Please let me know if the problem persists.
>
> Warner
>
>>
Re: Build breakage with WITH_BEARSSL=1
On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote:
>
>
> On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote:
>
>> Hi,
>>
>> I am currently seeing a build breakage when building -CURRENT with
>> WITH_BEARSSL=1.
>>
>> The error is the following
>>
>> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109:
>> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2>
>> /dev/null" returned non-zero status
>> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error:
>> a function declaration without a prototype is deprecat ed in all versions
>> of C [-Werror,-Wstrict-prototypes]
>> br_rsa_i62_keygen_get()
>>^
>> void
>> 1 error generated.
>> --- rsa_i62_keygen.pico ---
>>
>>
>> When disabling BEARSSL in the src.conf the build succeeds as usual.
>>
>> Has anyone also seen this build error. Sources are very recent and the
>> src.conf is the following:
>>
>> WITH_EXTRA_TCP_STACKS=1
>> #WITH_BEARSSL=1
>> WITH_PIE=1
>> WITH_RETPOLINE=1
>> WITH_INIT_ALL_ZERO=1
>> WITH_OPENSSL_KTLS=1
>> WITHOUT_CLEAN=1
>>
>> Any help is very appreciated.
>>
>>
> What does the following do for you? It's a cut and pasted patch, but it
> should be clear enough what to do if the mailer mangles it.
>
> diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc
> index dd0e242c8ef0..2af4864d8441 100644
> --- a/lib/libbearssl/Makefile.inc
> +++ b/lib/libbearssl/Makefile.inc
> @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl
> BEARSSL_SRC= ${BEARSSL}/src
>
> CFLAGS+= -I${BEARSSL}/inc
> -
> +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
>
I went ahead and committed this. Please let me know if the problem persists.
Warner
>
Re: Build breakage with WITH_BEARSSL=1
On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote:
> Hi,
>
> I am currently seeing a build breakage when building -CURRENT with
> WITH_BEARSSL=1.
>
> The error is the following
>
> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109:
> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2>
> /dev/null" returned non-zero status
> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a
> function declaration without a prototype is deprecat ed in all versions of
> C [-Werror,-Wstrict-prototypes]
> br_rsa_i62_keygen_get()
>^
> void
> 1 error generated.
> --- rsa_i62_keygen.pico ---
>
>
> When disabling BEARSSL in the src.conf the build succeeds as usual.
>
> Has anyone also seen this build error. Sources are very recent and the
> src.conf is the following:
>
> WITH_EXTRA_TCP_STACKS=1
> #WITH_BEARSSL=1
> WITH_PIE=1
> WITH_RETPOLINE=1
> WITH_INIT_ALL_ZERO=1
> WITH_OPENSSL_KTLS=1
> WITHOUT_CLEAN=1
>
> Any help is very appreciated.
>
>
What does the following do for you? It's a cut and pasted patch, but it
should be clear enough what to do if the mailer mangles it.
diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc
index dd0e242c8ef0..2af4864d8441 100644
--- a/lib/libbearssl/Makefile.inc
+++ b/lib/libbearssl/Makefile.inc
@@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl
BEARSSL_SRC= ${BEARSSL}/src
CFLAGS+= -I${BEARSSL}/inc
-
+CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
Warner
Re: Build breakage with WITH_BEARSSL=1
On Sun, 12 Feb 2023 11:54:47 +0100 Gordon Bergling wrote: > Hi, > > I am currently seeing a build breakage when building -CURRENT with > WITH_BEARSSL=1. > > The error is the following > > make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: > warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> > /dev/null" returned non-zero status > /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a > function declaration without a prototype is deprecat ed in all versions of C > [-Werror,-Wstrict-prototypes] > br_rsa_i62_keygen_get() >^ > void > 1 error generated. > --- rsa_i62_keygen.pico --- > > > When disabling BEARSSL in the src.conf the build succeeds as usual. > > Has anyone also seen this build error. Sources are very recent and the > src.conf is the following: > > WITH_EXTRA_TCP_STACKS=1 > #WITH_BEARSSL=1 > WITH_PIE=1 > WITH_RETPOLINE=1 > WITH_INIT_ALL_ZERO=1 > WITH_OPENSSL_KTLS=1 > WITHOUT_CLEAN=1 > > Any help is very appreciated. > The current clang wants to see br_rsa_i62_keygen_get(void), that's why void was emitted. The other routine in this file has the same error. Could be that this code has this problem in many places. There might a flag which one could pass to clang so that it would not choke on such an error, but I don't know clang well enough to figure that out. Maybe someone in the know could supply that info. -- Gary Jennejohn
