Re: Experiences with El Capitan
On Nov 9, 2015, at 2:34 AM, Artur Szostak wrote: > Let me ask another question: Is there a seamless way to add building and > mirroring services from 3rd parties for the pre-built binaries? No. We want verified binaries built in a clean-room by known servers, not binaries built in unknown conditions by arbitrary contributors. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Monday November 09 2015 15:27:54 Ryan Schmidt wrote: > > Interesting. I think it was FreeBSD that tried to do that (both API and > > ABI) and failed at both, and said rebuild stuff for one or the other. > > Apparently they were the ones who made the mistake, and it actually works > > if done right? > > You are correct, it does not work. This is what I predicted. > > > $ curl https://www.macports.org/ > dyld: Library not loaded: /opt/local/lib/libssl.1.0.0.dylib > Referenced from: /opt/local/bin/curl > Reason: image not found > Trace/BPT trap: 5 Now what if you do %> ln -s libssl.35.dylib libssl.1.0.0.dylib ? (assuming that libressl indeed installs libssl.35.dylib) If that works, it can be handled with a very simple post-destroot addition in both ports . R ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On 2015-11-09 22:40, René J.V. Bertin wrote: > Now what if you do > > %> ln -s libssl.35.dylib libssl.1.0.0.dylib ? > > (assuming that libressl indeed installs libssl.35.dylib) > > If that works, it can be handled with a very simple post-destroot addition in > both ports . You should not do this. It might work for some binaries, but it is not guaranteed to work in all cases. See both the official statement and a blog post from a Gentoo developer explaining the problem: https://github.com/libressl-portable/portable#compatibility-with-openssl https://blog.flameeyes.eu/2014/07/libressl-drop-in-and-abi-leakage Rainer ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Monday November 09 2015 15:05:26 Ryan Schmidt wrote: > In r139229 Jeremy made libressl a drop-in replacement for openssl. If a > rebuild is needed to make things work, then this Yes, but at least on Linux libressl installs libraries with different numbers (libssl.so.35 vs libssl.so.1.0.0). I haven't yet checked on OS X, but if this is the case there too then Jeremy's modification (using path: style dependencies) is not enough. > What happens if you install a port like curl for example that depends on > openssl, and then force-deactivate openssl and install libressl instead? Does > curl still work for accessing secure sites or do you get an error? I haven't tried that yet, I'll see if I have time for it tomorrow. Don't hesitate to beat me to it, though :) R. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Nov 9, 2015, at 3:12 PM, Brandon Allbery wrote: > On Mon, Nov 9, 2015 at 4:05 PM, Ryan Schmidt wrote: >> In r139229 Jeremy made libressl a drop-in replacement for openssl. > > Interesting. I think it was FreeBSD that tried to do that (both API and ABI) > and failed at both, and said rebuild stuff for one or the other. Apparently > they were the ones who made the mistake, and it actually works if done right? You are correct, it does not work. $ curl https://www.macports.org/ dyld: Library not loaded: /opt/local/lib/libssl.1.0.0.dylib Referenced from: /opt/local/bin/curl Reason: image not found Trace/BPT trap: 5 ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
opendkim and Trac error
Pixilla was kind enough to update both the amavisd-new and opendkim ports but I ran into a problem with unbound, a dependency of opendkim. I went to look at the opendkim port on trac to see if I could figure it out or open a ticket but I see "Trac Error" when attempting to view any port. Here's the error when installing opendkim: Error: org.macports.activate for port unbound returned: could not set owner for file "/opt/local/var/run/unbound/root.key": no such file or directory Error: Failed to install unbound Indeed, there is no root.key file in there, only an unbound.pid. $ ls -l /opt/local/var/run/unbound -rw-r--r-- 1 unbound unbound 0 Oct 30 12:08 unbound.pid >From the main.log: ... :debug:activate Executing proc-post-org.macports.activate-activate-0 :error:activate org.macports.activate for port unbound returned: could not set owner for file "/opt/local/var/run/unbound/root.key": no such file or directory :debug:activate Error code: NONE :debug:activate Backtrace: could not set owner for file "/opt/local/var/run/unbound/root.key": no such file or directory while executing "proc-post-org.macports.activate-activate-0 org.macports.activate" ("eval" body line 1) invoked from within "eval $post $targetname" :info:activate Warning: targets not executed for unbound: org.macports.activate :error:activate Failed to install unbound :debug:activate could not read "/opt/local/var/run/unbound/unbound.pid": no such file or directory while executing "::file type $file" -Terry ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Monday November 09 2015 16:11:54 Jeremy Huddleston Sequoia wrote: hi, > > Now what if you do > > > > %> ln -s libssl.35.dylib libssl.1.0.0.dylib ? > > > > (assuming that libressl indeed installs libssl.35.dylib) > > > > If that works, it can be handled with a very simple post-destroot addition > > in both ports . > > Don't do that. There's a 99% chance it won't work for you. You know what happens when you say that kind of thing to a Dutch (former) scientist, eh? ;) First quick tests (downloading a couple of release tarballs from github, with /opt/local/bin/curl) suggests that it works. Which doesn't really surprise me too much: both libraries are written in C. As long as dependent software sticks to public APIs (and those APIs are indeed compatible), the binary libraries should be compatible too, regardless of how different they are "behind the scenes". R. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Mon, Nov 9, 2015 at 8:31 PM, René J.V.wrote: > First quick tests (downloading a couple of release tarballs from github, > with /opt/local/bin/curl) suggests that it works. Which doesn't really > surprise me too much: both libraries are written in C. As long as dependent > software sticks to public APIs (and those APIs are indeed compatible), the > binary libraries should be compatible too, regardless of how different they > are "behind the scenes". And assuming said APIs do not expose internal details in programmer-callable macros, have the caller allocate structures whose size might change, etc. See the Gentoo dev link given previously. (The macros one is a lovely example of how an API may be the same but the ABI quite different. ncurses 6 has a lot of this going on vs. ncurses 5, because the public curses API has quite a few things that are implemented as macros; the ncurses 6 documentation specifically warns that the API is as close as possible to that of ncurses 5, but the ABI quite incompatible.) Very old versions of KDE also used macros this way, and they learned the hard way about this API/ABI compatibility break. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: Experiences with El Capitan
I've been using this [1] procedure for quite a while. It could easily be adapted for widespread use by hosting the binaries and signatures somewhere publicly. And I'm not sure of the specifics, but I know there are build scripts in the repo somewhere for building all ports. A previous message [2] indicates they're here [3], But it looks like trac is still having issues. The real issue is trust. You have to trust the builder not to insert malware and the hoster to have secured the server against file manipulation. So I can see this easily being adapted for small groups, but I'd personally suffer through building everything myself over trusting an anonymous 3rd party. Apple has been very generous in their hosting and support previously, but I'd still love to see build slaves and hosting that wasn't reliant on them to manage. MacPorts can't possibly be a priority for their interests. [1]: https://trac.macports.org/wiki/howto/ShareArchives2 [2]: https://lists.macosforge.org/pipermail/macports-dev/2015-August/031253.html [3]: https://trac.macports.org/browser/contrib/buildbot On Mon, Nov 9, 2015 at 3:34 AM, Artur Szostakwrote: > Hi, > > Let me ask another question: Is there a seamless way to add building and > mirroring services from 3rd parties for the pre-built binaries? > > Kind regards. > > Artur > > > From: macports-users-boun...@lists.macosforge.org > [macports-users-boun...@lists.macosforge.org] on behalf of Daniel J. Luke > [dl...@geeklair.net] > Sent: 06 November 2015 16:08 > To: Rainer Müller > Cc: macports-users > Subject: Re: Experiences with El Capitan > > On Nov 5, 2015, at 3:35 PM, Rainer Müller wrote: >> This is mainly due to the absence of an actual admin at Mac OS Forge, >> our hosting provider at Apple. > > Do we know if there's a position posted? It would be great if someone from > the Macports community held that position. > > -- > Daniel J. Luke > ++ > | * dl...@geeklair.net * | > | *-- http://www.geeklair.net -* | > ++ > | Opinions expressed are mine and do not necessarily | > | reflect the opinions of my employer. | > ++ > > > > > > ___ > macports-users mailing list > macports-users@lists.macosforge.org > https://lists.macosforge.org/mailman/listinfo/macports-users > ___ > macports-users mailing list > macports-users@lists.macosforge.org > https://lists.macosforge.org/mailman/listinfo/macports-users -- arno s hautala/-| a...@alum.wpi.edu pgp b2c9d448 ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Mon, Nov 9, 2015 at 3:39 PM, René J.V.wrote: > I understand that libressl aims to be API-compatible with openssl so that > it can act as a drop-in replacement. How far does that go, far enough that > one can symlink the libssl and libcrypto runtimes from the one port to the > shared libraries of the other, without having to rebuild dependents? My understanding is that the API (i.e. source) compatibility is mostly there but the A*B*I (binary) compatibility was a swing and a miss; assume you have to rebuild stuff. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
openssl vs. libressl
Hi, I understand that libressl aims to be API-compatible with openssl so that it can act as a drop-in replacement. How far does that go, far enough that one can symlink the libssl and libcrypto runtimes from the one port to the shared libraries of the other, without having to rebuild dependents? R. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
> On Nov 9, 2015, at 17:31, René J.V. Bertinwrote: > > On Monday November 09 2015 16:11:54 Jeremy Huddleston Sequoia wrote: > > hi, > >>> Now what if you do >>> >>> %> ln -s libssl.35.dylib libssl.1.0.0.dylib ? >>> >>> (assuming that libressl indeed installs libssl.35.dylib) >>> >>> If that works, it can be handled with a very simple post-destroot addition >>> in both ports . >> >> Don't do that. There's a 99% chance it won't work for you. > > You know what happens when you say that kind of thing to a Dutch (former) > scientist, eh? ;) > First quick tests (downloading a couple of release tarballs from github, with > /opt/local/bin/curl) suggests that it works. Which doesn't really surprise me > too much: both libraries are written in C. As long as dependent software > sticks to public APIs (and those APIs are indeed compatible), the binary > libraries should be compatible too, regardless of how different they are > "behind the scenes". The problem is that while the API is compatible, the ABI might not be. Portions of OpenSSL / Libressl are implemented using macros, so the macros might be different in ways that don't appear immediately obvious. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Nov 9, 2015, at 2:43 PM, Brandon Allbery wrote: > On Mon, Nov 9, 2015 at 3:39 PM, René J.V. wrote: >> I understand that libressl aims to be API-compatible with openssl so that it >> can act as a drop-in replacement. How far does that go, far enough that one >> can symlink the libssl and libcrypto runtimes from the one port to the >> shared libraries of the other, without having to rebuild dependents? > > My understanding is that the API (i.e. source) compatibility is mostly there > but the A*B*I (binary) compatibility was a swing and a miss; assume you have > to rebuild stuff. In r139229 Jeremy made libressl a drop-in replacement for openssl. If a rebuild is needed to make things work, then this was the wrong solution, and openssl and libressl variants should have been added to all the ports touched by r139229. That would obviously be a pain so let's verify whether that is really needed. What happens if you install a port like curl for example that depends on openssl, and then force-deactivate openssl and install libressl instead? Does curl still work for accessing secure sites or do you get an error? ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
On Mon, Nov 9, 2015 at 4:05 PM, Ryan Schmidtwrote: > In r139229 Jeremy made libressl a drop-in replacement for openssl. Interesting. I think it was FreeBSD that tried to do that (both API and ABI) and failed at both, and said rebuild stuff for one or the other. Apparently they were the ones who made the mistake, and it actually works if done right? -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
RE: Experiences with El Capitan
Hi, Let me ask another question: Is there a seamless way to add building and mirroring services from 3rd parties for the pre-built binaries? Kind regards. Artur From: macports-users-boun...@lists.macosforge.org [macports-users-boun...@lists.macosforge.org] on behalf of Daniel J. Luke [dl...@geeklair.net] Sent: 06 November 2015 16:08 To: Rainer Müller Cc: macports-users Subject: Re: Experiences with El Capitan On Nov 5, 2015, at 3:35 PM, Rainer Müllerwrote: > This is mainly due to the absence of an actual admin at Mac OS Forge, > our hosting provider at Apple. Do we know if there's a position posted? It would be great if someone from the Macports community held that position. -- Daniel J. Luke ++ | * dl...@geeklair.net * | | *-- http://www.geeklair.net -* | ++ | Opinions expressed are mine and do not necessarily | | reflect the opinions of my employer. | ++ ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
> On Nov 9, 2015, at 13:40, René J.V. Bertinwrote: > > On Monday November 09 2015 15:27:54 Ryan Schmidt wrote: > >>> Interesting. I think it was FreeBSD that tried to do that (both API and >>> ABI) and failed at both, and said rebuild stuff for one or the other. >>> Apparently they were the ones who made the mistake, and it actually works >>> if done right? >> >> You are correct, it does not work. > > This is what I predicted. > >> >> >> $ curl https://www.macports.org/ >> dyld: Library not loaded: /opt/local/lib/libssl.1.0.0.dylib >> Referenced from: /opt/local/bin/curl >> Reason: image not found >> Trace/BPT trap: 5 > > Now what if you do > > %> ln -s libssl.35.dylib libssl.1.0.0.dylib ? > > (assuming that libressl indeed installs libssl.35.dylib) > > If that works, it can be handled with a very simple post-destroot addition in > both ports . Don't do that. There's a 99% chance it won't work for you. --Jeremy ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: openssl vs. libressl
> On Nov 9, 2015, at 13:10, René J.V. Bertinwrote: > > On Monday November 09 2015 15:05:26 Ryan Schmidt wrote: > >> In r139229 Jeremy made libressl a drop-in replacement for openssl. If a >> rebuild is needed to make things work, then this > > Yes, but at least on Linux libressl installs libraries with different numbers > (libssl.so.35 vs libssl.so.1.0.0). I haven't yet checked on OS X, but if this > is the case there too then Jeremy's modification (using path: style > dependencies) is not enough. Yes, the dylib identifiers (and filenames) are different. This is the same solution we've used elsewhere in MacPorts (eg: ffmpeg-devel). >> What happens if you install a port like curl for example that depends on >> openssl, and then force-deactivate openssl and install libressl instead? >> Does curl still work for accessing secure sites or do you get an error? > > I haven't tried that yet, I'll see if I have time for it tomorrow. Don't > hesitate to beat me to it, though :) You'd need to revupgrade rebuild after switching. --Jeremy ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users