Re: Build breakage with WITH_BEARSSL=1
Hello Mina, thanks for the PR, I can confirm that this bugfix is working. @Warner, could you commit it? I think creating a differential for the small change isn't neccessary. --Gordon On Thu, Feb 23, 2023 at 10:05:25AM +, Mina Galić wrote: > taking Simon off the list, cuz his auto - reply indicates he's very busy. > > Either way, t should do it: https://github.com/freebsd/freebsd-src/pull/657 > > Mina Galić > > Try PkgBase: https://alpha.pkgbase.live/ > > Original Message > On 23 Feb 2023, 09:57, Mina Galić wrote: > > > given that this isn't contrib code, we can just fix it in our tree: > > > > https://github.com/freebsd/freebsd-src/blob/main/sbin/veriexec/veriexec.c#L52 > > > > Mina Galić > > > > Try PkgBase: https://alpha.pkgbase.live/ > > > > Original Message > > On 23 Feb 2023, 09:27, Gordon Bergling wrote: > > > >> Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty > >> wrote: > This has been fixed upstream, I'll look at importing an update. > >> Thanks for merging the upstream fix. BearSSL is now compiling, but I get a > >> different error now while building veriexec. > >> /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function > >> declaration without a prototype is deprecated in all versio ns of C > >> [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, > >> that the Makefile of veriexec should be updated as well. --Gordon --
Re: Build breakage with WITH_BEARSSL=1
taking Simon off the list, cuz his auto - reply indicates he's very busy. Either way, t should do it: https://github.com/freebsd/freebsd-src/pull/657 Mina Galić Try PkgBase: https://alpha.pkgbase.live/ Original Message On 23 Feb 2023, 09:57, Mina Galić wrote: > given that this isn't contrib code, we can just fix it in our tree: > > https://github.com/freebsd/freebsd-src/blob/main/sbin/veriexec/veriexec.c#L52 > > Mina Galić > > Try PkgBase: https://alpha.pkgbase.live/ > > Original Message > On 23 Feb 2023, 09:27, Gordon Bergling wrote: > >> Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty wrote: >> > This has been fixed upstream, I'll look at importing an update. Thanks for >> merging the upstream fix. BearSSL is now compiling, but I get a different >> error now while building veriexec. >> /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function >> declaration without a prototype is deprecated in all versio ns of C >> [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, that >> the Makefile of veriexec should be updated as well. --Gordon
Re: Build breakage with WITH_BEARSSL=1
given that this isn't contrib code, we can just fix it in our tree: https://github.com/freebsd/freebsd-src/blob/main/sbin/veriexec/veriexec.c#L52 Mina Galić Try PkgBase: https://alpha.pkgbase.live/ Original Message On 23 Feb 2023, 09:27, Gordon Bergling wrote: > Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty wrote: > > This has been fixed upstream, I'll look at importing an update. Thanks for > merging the upstream fix. BearSSL is now compiling, but I get a different > error now while building veriexec. > /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function declaration > without a prototype is deprecated in all versio ns of C > [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, that > the Makefile of veriexec should be updated as well. --Gordon
Re: Build breakage with WITH_BEARSSL=1
Hi Simon, On Mon, Feb 20, 2023 at 09:23:48PM -0800, Simon J. Gerraty wrote: > This has been fixed upstream, I'll look at importing an update. Thanks for merging the upstream fix. BearSSL is now compiling, but I get a different error now while building veriexec. /boiler/nfs/src/sbin/veriexec/veriexec.c:53:15: error: a function declaration without a prototype is deprecated in all versio ns of C [-Werror,-Wstrict-prototypes] veriexec_usage() ^ void This looks to me, that the Makefile of veriexec should be updated as well. --Gordon signature.asc Description: PGP signature
Re: Build breakage with WITH_BEARSSL=1
This has been fixed upstream, I'll look at importing an update.
Re: Build breakage with WITH_BEARSSL=1
On Thu, Feb 16, 2023 at 12:57 AM Gordon Bergling wrote: > Hi Warner, > > On Wed, Feb 15, 2023 at 10:07:08AM -0700, Warner Losh wrote: > > On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote: > > > On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling > wrote: > > > > > >> Hi, > > >> > > >> I am currently seeing a build breakage when building -CURRENT with > > >> WITH_BEARSSL=1. > > >> > > >> The error is the following > > >> > > >> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line > 109: > > >> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem > t*.asc 2> > > >> /dev/null" returned non-zero status > > >> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: > error: > > >> a function declaration without a prototype is deprecat ed in all > versions > > >> of C [-Werror,-Wstrict-prototypes] > > >> br_rsa_i62_keygen_get() > > >>^ > > >> void > > >> 1 error generated. > > >> --- rsa_i62_keygen.pico --- > > >> > > >> > > >> When disabling BEARSSL in the src.conf the build succeeds as usual. > > >> > > >> Has anyone also seen this build error. Sources are very recent and the > > >> src.conf is the following: > > >> > > >> WITH_EXTRA_TCP_STACKS=1 > > >> #WITH_BEARSSL=1 > > >> WITH_PIE=1 > > >> WITH_RETPOLINE=1 > > >> WITH_INIT_ALL_ZERO=1 > > >> WITH_OPENSSL_KTLS=1 > > >> WITHOUT_CLEAN=1 > > >> > > >> Any help is very appreciated. > > >> > > >> > > > What does the following do for you? It's a cut and pasted patch, but it > > > should be clear enough what to do if the mailer mangles it. > > > > > > diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc > > > index dd0e242c8ef0..2af4864d8441 100644 > > > --- a/lib/libbearssl/Makefile.inc > > > +++ b/lib/libbearssl/Makefile.inc > > > @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl > > > BEARSSL_SRC= ${BEARSSL}/src > > > > > > CFLAGS+= -I${BEARSSL}/inc > > > - > > > +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE} > > > > > > > I went ahead and committed this. Please let me know if the problem > persists. > > Sorry for the late reply. I just tried a fresh build and it still fails > with > > [..]/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a function > declaration without a prototype is deprecated in all versions of C > [-Werror,-Wstrict-prototypes] > br_rsa_i62_keygen_get() > > Did you see any other possibilty to fix this? > Oh, maybe add -Wno-strict-prototypes to where I added NO_WDEPRECATED_NON_PROTOTYPES? Warner
Re: Build breakage with WITH_BEARSSL=1
Stephane Rochoy wrote: > It may be worth contacting BearSSL's maintainer directly: Thomas > Pornin . The guy was very responsive and helpful > back in 2020 :) Indeed.
Re: Build breakage with WITH_BEARSSL=1
Warner Losh wrote: > Would be nice if we could get upstream to actually fix this, but i don't even > know how to submit bugs there… > > Agreed. I didn't recall off of the top of my head, so I did the quick bandaid. I can reach out to the author, I don't know that he has a bug tracker. What is the problem? lack of prototype declarations?
Re: Build breakage with WITH_BEARSSL=1
--- Original Message --- On Thursday, February 16th, 2023 at 08:30, Stephane Rochoy wrote: > Warner Losh i...@bsdimp.com writes: > > > On Wed, Feb 15, 2023, 1:09 PM Mina Galić free...@igalic.co > > wrote: > > > > > Would be nice if we could get upstream to actually fix this, > > > but i don't even know how to submit bugs there… > > > > Agreed. I didn't recall off of the top of my head, so I did the > > quick bandaid. > > > Hi, > > It may be worth contacting BearSSL's maintainer directly: Thomas > Pornin por...@bolet.org. The guy was very responsive and helpful > > back in 2020 :) > > Regards, > -- > Stéphane Rochoy > O: Stormshield after re-reading https://bearssl.org/contrib.html that's exactly what it says to do: "Suggestions, comments, patches and other contributions are welcome. They should simply be sent to me (por...@bolet.org) by email." (reading is hard)
Re: Build breakage with WITH_BEARSSL=1
Warner Losh writes: On Wed, Feb 15, 2023, 1:09 PM Mina Galić wrote: Would be nice if we could get upstream to actually fix this, but i don't even know how to submit bugs there… Agreed. I didn't recall off of the top of my head, so I did the quick bandaid. Hi, It may be worth contacting BearSSL's maintainer directly: Thomas Pornin . The guy was very responsive and helpful back in 2020 :) Regards, -- Stéphane Rochoy O: Stormshield
Re: Build breakage with WITH_BEARSSL=1
Hi Warner, On Wed, Feb 15, 2023 at 10:07:08AM -0700, Warner Losh wrote: > On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote: > > On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote: > > > >> Hi, > >> > >> I am currently seeing a build breakage when building -CURRENT with > >> WITH_BEARSSL=1. > >> > >> The error is the following > >> > >> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: > >> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> > >> /dev/null" returned non-zero status > >> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: > >> a function declaration without a prototype is deprecat ed in all versions > >> of C [-Werror,-Wstrict-prototypes] > >> br_rsa_i62_keygen_get() > >>^ > >> void > >> 1 error generated. > >> --- rsa_i62_keygen.pico --- > >> > >> > >> When disabling BEARSSL in the src.conf the build succeeds as usual. > >> > >> Has anyone also seen this build error. Sources are very recent and the > >> src.conf is the following: > >> > >> WITH_EXTRA_TCP_STACKS=1 > >> #WITH_BEARSSL=1 > >> WITH_PIE=1 > >> WITH_RETPOLINE=1 > >> WITH_INIT_ALL_ZERO=1 > >> WITH_OPENSSL_KTLS=1 > >> WITHOUT_CLEAN=1 > >> > >> Any help is very appreciated. > >> > >> > > What does the following do for you? It's a cut and pasted patch, but it > > should be clear enough what to do if the mailer mangles it. > > > > diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc > > index dd0e242c8ef0..2af4864d8441 100644 > > --- a/lib/libbearssl/Makefile.inc > > +++ b/lib/libbearssl/Makefile.inc > > @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl > > BEARSSL_SRC= ${BEARSSL}/src > > > > CFLAGS+= -I${BEARSSL}/inc > > - > > +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE} > > > > I went ahead and committed this. Please let me know if the problem persists. Sorry for the late reply. I just tried a fresh build and it still fails with [..]/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes] br_rsa_i62_keygen_get() Did you see any other possibilty to fix this? --Gordon signature.asc Description: PGP signature
Re: Build breakage with WITH_BEARSSL=1
On Wed, Feb 15, 2023, 1:09 PM Mina Galić wrote: > Would be nice if we could get upstream to actually fix this, but i don't > even know how to submit bugs there… > Agreed. I didn't recall off of the top of my head, so I did the quick bandaid. Warner Mina Galić > > Try PkgBase: https://alpha.pkgbase.live/ > > > > > > > Original Message > On 15 Feb 2023, 17:07, Warner Losh < i...@bsdimp.com> wrote: > > > > > On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote: > >> >> >> On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote: >> >>> Hi, >>> >>> I am currently seeing a build breakage when building -CURRENT with >>> WITH_BEARSSL=1. >>> >>> The error is the following >>> >>> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: >>> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> >>> /dev/null" returned non-zero status >>> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: >>> a function declaration without a prototype is deprecat ed in all versions >>> of C [-Werror,-Wstrict-prototypes] >>> br_rsa_i62_keygen_get() >>>^ >>> void >>> 1 error generated. >>> --- rsa_i62_keygen.pico --- >>> >>> >>> When disabling BEARSSL in the src.conf the build succeeds as usual. >>> >>> Has anyone also seen this build error. Sources are very recent and the >>> src.conf is the following: >>> >>> WITH_EXTRA_TCP_STACKS=1 >>> #WITH_BEARSSL=1 >>> WITH_PIE=1 >>> WITH_RETPOLINE=1 >>> WITH_INIT_ALL_ZERO=1 >>> WITH_OPENSSL_KTLS=1 >>> WITHOUT_CLEAN=1 >>> >>> Any help is very appreciated. >>> >>> >> What does the following do for you? It's a cut and pasted patch, but it >> should be clear enough what to do if the mailer mangles it. >> >> diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc >> index dd0e242c8ef0..2af4864d8441 100644 >> --- a/lib/libbearssl/Makefile.inc >> +++ b/lib/libbearssl/Makefile.inc >> @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl >> BEARSSL_SRC= ${BEARSSL}/src >> >> CFLAGS+= -I${BEARSSL}/inc >> - >> +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE} >> > > I went ahead and committed this. Please let me know if the problem > persists. > > Warner > >>
Re: Build breakage with WITH_BEARSSL=1
Would be nice if we could get upstream to actually fix this, but i don't even know how to submit bugs there… Mina Galić Try PkgBase: https://alpha.pkgbase.live/ Original Message On 15 Feb 2023, 17:07, Warner Losh wrote: > On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote: > >> On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote: >> >>> Hi, >>> >>> I am currently seeing a build breakage when building -CURRENT with >>> WITH_BEARSSL=1. >>> >>> The error is the following >>> >>> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: >>> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> >>> /dev/null" returned non-zero status >>> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a >>> function declaration without a prototype is deprecat ed in all versions of >>> C [-Werror,-Wstrict-prototypes] >>> br_rsa_i62_keygen_get() >>> ^ >>> void >>> 1 error generated. >>> --- rsa_i62_keygen.pico --- >>> >>> When disabling BEARSSL in the src.conf the build succeeds as usual. >>> >>> Has anyone also seen this build error. Sources are very recent and the >>> src.conf is the following: >>> >>> WITH_EXTRA_TCP_STACKS=1 >>> #WITH_BEARSSL=1 >>> WITH_PIE=1 >>> WITH_RETPOLINE=1 >>> WITH_INIT_ALL_ZERO=1 >>> WITH_OPENSSL_KTLS=1 >>> WITHOUT_CLEAN=1 >>> >>> Any help is very appreciated. >> >> What does the following do for you? It's a cut and pasted patch, but it >> should be clear enough what to do if the mailer mangles it. >> >> diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc >> index dd0e242c8ef0..2af4864d8441 100644 >> --- a/lib/libbearssl/Makefile.inc >> +++ b/lib/libbearssl/Makefile.inc >> @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl >> BEARSSL_SRC= ${BEARSSL}/src >> >> CFLAGS+= -I${BEARSSL}/inc >> - >> +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE} > > I went ahead and committed this. Please let me know if the problem persists. > > Warner > >>
Re: Build breakage with WITH_BEARSSL=1
On Sun, Feb 12, 2023, 3:18 PM Warner Losh wrote: > > > On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote: > >> Hi, >> >> I am currently seeing a build breakage when building -CURRENT with >> WITH_BEARSSL=1. >> >> The error is the following >> >> make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: >> warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> >> /dev/null" returned non-zero status >> /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: >> a function declaration without a prototype is deprecat ed in all versions >> of C [-Werror,-Wstrict-prototypes] >> br_rsa_i62_keygen_get() >>^ >> void >> 1 error generated. >> --- rsa_i62_keygen.pico --- >> >> >> When disabling BEARSSL in the src.conf the build succeeds as usual. >> >> Has anyone also seen this build error. Sources are very recent and the >> src.conf is the following: >> >> WITH_EXTRA_TCP_STACKS=1 >> #WITH_BEARSSL=1 >> WITH_PIE=1 >> WITH_RETPOLINE=1 >> WITH_INIT_ALL_ZERO=1 >> WITH_OPENSSL_KTLS=1 >> WITHOUT_CLEAN=1 >> >> Any help is very appreciated. >> >> > What does the following do for you? It's a cut and pasted patch, but it > should be clear enough what to do if the mailer mangles it. > > diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc > index dd0e242c8ef0..2af4864d8441 100644 > --- a/lib/libbearssl/Makefile.inc > +++ b/lib/libbearssl/Makefile.inc > @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl > BEARSSL_SRC= ${BEARSSL}/src > > CFLAGS+= -I${BEARSSL}/inc > - > +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE} > I went ahead and committed this. Please let me know if the problem persists. Warner >
Re: Build breakage with WITH_BEARSSL=1
On Sun, Feb 12, 2023 at 3:54 AM Gordon Bergling wrote: > Hi, > > I am currently seeing a build breakage when building -CURRENT with > WITH_BEARSSL=1. > > The error is the following > > make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: > warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> > /dev/null" returned non-zero status > /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a > function declaration without a prototype is deprecat ed in all versions of > C [-Werror,-Wstrict-prototypes] > br_rsa_i62_keygen_get() >^ > void > 1 error generated. > --- rsa_i62_keygen.pico --- > > > When disabling BEARSSL in the src.conf the build succeeds as usual. > > Has anyone also seen this build error. Sources are very recent and the > src.conf is the following: > > WITH_EXTRA_TCP_STACKS=1 > #WITH_BEARSSL=1 > WITH_PIE=1 > WITH_RETPOLINE=1 > WITH_INIT_ALL_ZERO=1 > WITH_OPENSSL_KTLS=1 > WITHOUT_CLEAN=1 > > Any help is very appreciated. > > What does the following do for you? It's a cut and pasted patch, but it should be clear enough what to do if the mailer mangles it. diff --git a/lib/libbearssl/Makefile.inc b/lib/libbearssl/Makefile.inc index dd0e242c8ef0..2af4864d8441 100644 --- a/lib/libbearssl/Makefile.inc +++ b/lib/libbearssl/Makefile.inc @@ -4,4 +4,4 @@ BEARSSL?= ${SRCTOP}/contrib/bearssl BEARSSL_SRC= ${BEARSSL}/src CFLAGS+= -I${BEARSSL}/inc - +CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE} Warner
Re: Build breakage with WITH_BEARSSL=1
On Sun, 12 Feb 2023 11:54:47 +0100 Gordon Bergling wrote: > Hi, > > I am currently seeing a build breakage when building -CURRENT with > WITH_BEARSSL=1. > > The error is the following > > make[5]: "/boiler/nfs/src/lib/libsecureboot/local.trust.mk" line 109: > warning: "cd /boiler/nfs/src/lib/libsecureboot && 'ls' -1 *.pem t*.asc 2> > /dev/null" returned non-zero status > /boiler/nfs/src/contrib/bearssl/src/rsa/rsa_i62_keygen.c:43:22: error: a > function declaration without a prototype is deprecat ed in all versions of C > [-Werror,-Wstrict-prototypes] > br_rsa_i62_keygen_get() >^ > void > 1 error generated. > --- rsa_i62_keygen.pico --- > > > When disabling BEARSSL in the src.conf the build succeeds as usual. > > Has anyone also seen this build error. Sources are very recent and the > src.conf is the following: > > WITH_EXTRA_TCP_STACKS=1 > #WITH_BEARSSL=1 > WITH_PIE=1 > WITH_RETPOLINE=1 > WITH_INIT_ALL_ZERO=1 > WITH_OPENSSL_KTLS=1 > WITHOUT_CLEAN=1 > > Any help is very appreciated. > The current clang wants to see br_rsa_i62_keygen_get(void), that's why void was emitted. The other routine in this file has the same error. Could be that this code has this problem in many places. There might a flag which one could pass to clang so that it would not choke on such an error, but I don't know clang well enough to figure that out. Maybe someone in the know could supply that info. -- Gary Jennejohn