Re: openssl in base should install c_rehash

2018-02-08 Thread Jung-uk Kim 
On 02/08/2018 19:43, Ian Lepore wrote:
> It's not clear if openssl 1.1.0 installs a link or wrapper for c_rehash
> or not.  That manpage seems to imply that "openssl rehash" and
> "c_rehash" are equivelent.

"openssl rehash" is not a wrapper for "c_rehash".  This command is
available for all Unix-like platforms.

https://github.com/openssl/openssl/blob/master/apps/rehash.c

"c_rehash" is not a wrapper for "openssl rehash", either.  For Unix-like
platforms, it is only provided as a backup.

https://github.com/openssl/openssl/blob/master/tools/c_rehash.in

I guess they just forgot to add "functionally" in front of "equivalent". ;-)

Jung-uk Kim



signature.asc
Description: OpenPGP digital signature

Re: openssl in base should install c_rehash

2018-02-08 Thread Ian Lepore 
On Thu, 2018-02-08 at 19:35 -0500, Jung-uk Kim wrote:
> On 02/08/2018 18:51, Ian Lepore wrote:
> > 
> > On Thu, 2018-02-08 at 17:47 -0500, Jung-uk Kim wrote:
> > > 
> > > On 02/08/2018 17:31, Chris H wrote:
> > > > 
> > > > 
> > > > [...]
> > > > Couldn't this be in $base? I'd like to vote yes. :-)
> > > From OpenSSL 1.1.0, openssl(1) added "rehash" command.
> > > 
> > > https://www.openssl.org/docs/man1.1.0/apps/rehash.html
> > > 
> > > I don't think we need yet another implementation in the base.
> > But on a machine I just set up last weekend using -current I get:
> > 
> > ian@th > openssl rehash
> > openssl:Error: 'rehash' is an invalid command.
> > ian@th > openssl version
> > OpenSSL 1.0.2n-freebsd  7 Dec 2017
> > 
> > Are we going to update to 1.1.0 soon?
> When I find some free time.  I don't know how "soon", however.
> 
> > 
> > If not, how does it help that a version we don't use has rehash
> > built in?
> We will have the feature when we import OpenSSL 1.1.0.  Knowing that it
> is obsoleted by the upstream, I don't want to add an equivalent script
> in the base.
> 
> If it is really necessary, you can always install the c_rehash script
> (security/openssl), openssl with rehash command
> (security/openssl-devel), openssl with certhash command
> (security/libressl), etc. from the ports tree.
> 
> BTW, we never had it in the base and it was removed from head src tree
> more than 5 years ago.  Why is it so important now? :-(

When looking for info (because of this thread) I noticed that lots of
how-to writeups on the web tell you to use the c_rehash command, so if
we don't supply one that's bad (or if we supply an alternate-named
thing we should document that somehow).

If we're just a bit behind but we're going to catch up eventually, then
that's good enough I think. 

It's not clear if openssl 1.1.0 installs a link or wrapper for c_rehash
or not.  That manpage seems to imply that "openssl rehash" and
"c_rehash" are equivelent.

-- Ian

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: openssl in base should install c_rehash

2018-02-08 Thread Jung-uk Kim 
On 02/08/2018 18:51, Ian Lepore wrote:
> On Thu, 2018-02-08 at 17:47 -0500, Jung-uk Kim wrote:
>> On 02/08/2018 17:31, Chris H wrote:
>>>
>>> [...]
>>> Couldn't this be in $base? I'd like to vote yes. :-)
>> From OpenSSL 1.1.0, openssl(1) added "rehash" command.
>>
>> https://www.openssl.org/docs/man1.1.0/apps/rehash.html
>>
>> I don't think we need yet another implementation in the base.
> 
> But on a machine I just set up last weekend using -current I get:
> 
> ian@th > openssl rehash
> openssl:Error: 'rehash' is an invalid command.
> ian@th > openssl version
> OpenSSL 1.0.2n-freebsd  7 Dec 2017
> 
> Are we going to update to 1.1.0 soon?

When I find some free time.  I don't know how "soon", however.

> If not, how does it help that a version we don't use has rehash
> built in?

We will have the feature when we import OpenSSL 1.1.0.  Knowing that it
is obsoleted by the upstream, I don't want to add an equivalent script
in the base.

If it is really necessary, you can always install the c_rehash script
(security/openssl), openssl with rehash command
(security/openssl-devel), openssl with certhash command
(security/libressl), etc. from the ports tree.

BTW, we never had it in the base and it was removed from head src tree
more than 5 years ago.  Why is it so important now? :-(

Jung-uk Kim



signature.asc
Description: OpenPGP digital signature

Re: openssl in base should install c_rehash

2018-02-08 Thread Ian Lepore 
On Thu, 2018-02-08 at 17:47 -0500, Jung-uk Kim wrote:
> On 02/08/2018 17:31, Chris H wrote:
> > 
> > [...]
> > Couldn't this be in $base? I'd like to vote yes. :-)
> From OpenSSL 1.1.0, openssl(1) added "rehash" command.
> 
> https://www.openssl.org/docs/man1.1.0/apps/rehash.html
> 
> I don't think we need yet another implementation in the base.
> 
> Jung-uk Kim
> 

But on a machine I just set up last weekend using -current I get:

ian@th > openssl rehash
openssl:Error: 'rehash' is an invalid command.
ian@th > openssl version
OpenSSL 1.0.2n-freebsd  7 Dec 2017

Are we going to update to 1.1.0 soon?  If not, how does it help that a
version we don't use has rehash built in?

-- Ian

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: openssl in base should install c_rehash

2018-02-08 Thread Jung-uk Kim 
On 02/08/2018 17:31, Chris H wrote:
> On Thu, 08 Feb 2018 13:25:13 -0700 "Ian Lepore"  said
>> On Thu, 2018-02-08 at 21:15 +0100, Ulrich Spörlein wrote:
>> > 2018-02-08 21:00 GMT+01:00 Jung-uk Kim :
>> > > > > > On 02/08/2018 08:52, Jan Bramkamp wrote:
>> > > > > > > On 08.02.18 14:24, Ulrich Spörlein wrote:
>> > > > > > > > > Hey,
>> > > > > > > > > c_rehash has somehow disappeared from the base system.
>> We still
>> > > > > install the
>> > > > > manpage it seems, but the tool itself is missing. Can we have
>> > > > > that back?
>> > > > > > > > > > > > > root@acme:/etc/ssl# locate c_rehash
>> > > > > ...
>> > > > > /usr/share/openssl/man/man1/c_rehash.1.gz
>> > > > > /usr/src/crypto/openssl/doc/apps/c_rehash.pod
>> > > > > /usr/src/secure/usr.bin/openssl/man/c_rehash.1
>> > > > > > > > > > > > > The port seems to install it just fine:
>> > > > > > > > > root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
>> > > > > /usr/ports/security/openssl/pkg-plist:bin/c_rehash
>> > > > > /usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
>> > > > > > > > > It looks like the merge of OpenSSL 1.0.1c got rid of
>> it (if I'm
>> > > > > reading the
>> > > > > history with git pickaxe right).
>> > > > The LibreSSL port lacks a c_rehash script as well. Putting
>> > > > c_rehash back
>> > > > into base wouldn't solve the problem because it requires Perl 5.
>> > > Correct.  I just removed the manual page to not confuse users.
>> > > > > https://svnweb.freebsd.org/changeset/base/329024
>> > > > > Thanks for letting me know!
>> > > > > Jung-uk Kim
>> > > > > > I would rather that c_rehash is brought back. I can install
>> perl just
>> > fine
>> > (or have it anyway installed), that's not the case with openssl from
>> > ports,
>> > as that will mess up many things.
>> > > Guess I'll download my own version ... :(
>> > > Uli
>>
>>
>> Maybe we should just replace ours in base with a non-perl version,
>> something like this one?
>>
>> https://opensource.apple.com/source/OpenSSL/OpenSSL-5/openssl/tools/c_rehash.in.auto.html
>>
>>
>> -- Ian
> Excellent link, Ian. Thanks!
> Couldn't this be in $base? I'd like to vote yes. :-)

From OpenSSL 1.1.0, openssl(1) added "rehash" command.

https://www.openssl.org/docs/man1.1.0/apps/rehash.html

I don't think we need yet another implementation in the base.

Jung-uk Kim



signature.asc
Description: OpenPGP digital signature

Re: openssl in base should install c_rehash

2018-02-08 Thread Chris H 

On Thu, 08 Feb 2018 13:25:13 -0700 "Ian Lepore"  said


On Thu, 2018-02-08 at 21:15 +0100, Ulrich Spörlein wrote:
> 2018-02-08 21:00 GMT+01:00 Jung-uk Kim :
> 
> > 
> > On 02/08/2018 08:52, Jan Bramkamp wrote:
> > > 
> > > On 08.02.18 14:24, Ulrich Spörlein wrote:
> > > > 
> > > > Hey,
> > > > 
> > > > c_rehash has somehow disappeared from the base system. We still

> > > > install the
> > > > manpage it seems, but the tool itself is missing. Can we have
> > > > that back?
> > > > 
> > > > 
> > > > root@acme:/etc/ssl# locate c_rehash

> > > > ...
> > > > /usr/share/openssl/man/man1/c_rehash.1.gz
> > > > /usr/src/crypto/openssl/doc/apps/c_rehash.pod
> > > > /usr/src/secure/usr.bin/openssl/man/c_rehash.1
> > > > 
> > > > 
> > > > The port seems to install it just fine:
> > > > 
> > > > root@acme:/etc/ssl# grep -r c_rehash /usr/ports/

> > > > /usr/ports/security/openssl/pkg-plist:bin/c_rehash
> > > > /usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
> > > > 
> > > > It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm

> > > > reading the
> > > > history with git pickaxe right).
> > > The LibreSSL port lacks a c_rehash script as well. Putting
> > > c_rehash back
> > > into base wouldn't solve the problem because it requires Perl 5.
> > Correct.  I just removed the manual page to not confuse users.
> > 
> > https://svnweb.freebsd.org/changeset/base/329024
> > 
> > Thanks for letting me know!
> > 
> > Jung-uk Kim
> > 
> > 
> I would rather that c_rehash is brought back. I can install perl just

> fine
> (or have it anyway installed), that's not the case with openssl from
> ports,
> as that will mess up many things.
> 
> Guess I'll download my own version ... :(
> 
> Uli



Maybe we should just replace ours in base with a non-perl version,
something like this one?

https://opensource.apple.com/source/OpenSSL/OpenSSL-5/openssl/tools/c_rehash.in.auto.html

-- Ian

Excellent link, Ian. Thanks!
Couldn't this be in $base? I'd like to vote yes. :-)

--Chris


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"



___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: openssl in base should install c_rehash

2018-02-08 Thread Jung-uk Kim 
On 02/08/2018 15:15, Ulrich Spörlein wrote:
> 
> 2018-02-08 21:00 GMT+01:00 Jung-uk Kim  >:
> 
> On 02/08/2018 08:52, Jan Bramkamp wrote:
> > On 08.02.18 14:24, Ulrich Spörlein wrote:
> >> Hey,
> >>
> >> c_rehash has somehow disappeared from the base system. We still
> >> install the
> >> manpage it seems, but the tool itself is missing. Can we have that 
> back?
> >>
> >>
> >> root@acme:/etc/ssl# locate c_rehash
> >> ...
> >> /usr/share/openssl/man/man1/c_rehash.1.gz
> >> /usr/src/crypto/openssl/doc/apps/c_rehash.pod
> >> /usr/src/secure/usr.bin/openssl/man/c_rehash.1
> >>
> >>
> >> The port seems to install it just fine:
> >>
> >> root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
> >> /usr/ports/security/openssl/pkg-plist:bin/c_rehash
> >> /usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
> >>
> >> It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm
> >> reading the
> >> history with git pickaxe right).
> >
> > The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
> > into base wouldn't solve the problem because it requires Perl 5.
> 
> Correct.  I just removed the manual page to not confuse users.
> 
> https://svnweb.freebsd.org/changeset/base/329024
> 
> 
> Thanks for letting me know!
> 
> Jung-uk Kim
> 
> 
> I would rather that c_rehash is brought back. I can install perl just
> fine (or have it anyway installed), that's not the case with openssl
> from ports, as that will mess up many things.

Although c_rehash was available from src/crypto/openssl/tools, we have
never installed it in the base, AFAIK.  Actually, it does not use proper
perl binary (i.e., /usr/bin/perl vs. /usr/local/bin/perl) and certs
directory (i.e., /usr/local/ssl/certs vs. /etc/ssl/certs).

https://svnweb.freebsd.org/base/vendor-crypto/openssl/dist-0.9.8/tools/c_rehash?revision=247942=co

Jung-uk Kim

> Guess I'll download my own version ... :(



signature.asc
Description: OpenPGP digital signature

Re: openssl in base should install c_rehash

2018-02-08 Thread Ian Lepore 
On Thu, 2018-02-08 at 21:15 +0100, Ulrich Spörlein wrote:
> 2018-02-08 21:00 GMT+01:00 Jung-uk Kim :
> 
> > 
> > On 02/08/2018 08:52, Jan Bramkamp wrote:
> > > 
> > > On 08.02.18 14:24, Ulrich Spörlein wrote:
> > > > 
> > > > Hey,
> > > > 
> > > > c_rehash has somehow disappeared from the base system. We still
> > > > install the
> > > > manpage it seems, but the tool itself is missing. Can we have
> > > > that back?
> > > > 
> > > > 
> > > > root@acme:/etc/ssl# locate c_rehash
> > > > ...
> > > > /usr/share/openssl/man/man1/c_rehash.1.gz
> > > > /usr/src/crypto/openssl/doc/apps/c_rehash.pod
> > > > /usr/src/secure/usr.bin/openssl/man/c_rehash.1
> > > > 
> > > > 
> > > > The port seems to install it just fine:
> > > > 
> > > > root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
> > > > /usr/ports/security/openssl/pkg-plist:bin/c_rehash
> > > > /usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
> > > > 
> > > > It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm
> > > > reading the
> > > > history with git pickaxe right).
> > > The LibreSSL port lacks a c_rehash script as well. Putting
> > > c_rehash back
> > > into base wouldn't solve the problem because it requires Perl 5.
> > Correct.  I just removed the manual page to not confuse users.
> > 
> > https://svnweb.freebsd.org/changeset/base/329024
> > 
> > Thanks for letting me know!
> > 
> > Jung-uk Kim
> > 
> > 
> I would rather that c_rehash is brought back. I can install perl just
> fine
> (or have it anyway installed), that's not the case with openssl from
> ports,
> as that will mess up many things.
> 
> Guess I'll download my own version ... :(
> 
> Uli


Maybe we should just replace ours in base with a non-perl version,
something like this one?

https://opensource.apple.com/source/OpenSSL/OpenSSL-5/openssl/tools/c_rehash.in.auto.html

-- Ian

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: openssl in base should install c_rehash

2018-02-08 Thread Justin Hibbits 

On Feb 8, 2018, at 2:15 PM, Ulrich Spörlein wrote:


2018-02-08 21:00 GMT+01:00 Jung-uk Kim :


On 02/08/2018 08:52, Jan Bramkamp wrote:

On 08.02.18 14:24, Ulrich Spörlein wrote:

Hey,

c_rehash has somehow disappeared from the base system. We still
install the
manpage it seems, but the tool itself is missing. Can we have  
that back?



root@acme:/etc/ssl# locate c_rehash
...
/usr/share/openssl/man/man1/c_rehash.1.gz
/usr/src/crypto/openssl/doc/apps/c_rehash.pod
/usr/src/secure/usr.bin/openssl/man/c_rehash.1


The port seems to install it just fine:

root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
/usr/ports/security/openssl/pkg-plist:bin/c_rehash
/usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz

It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm
reading the
history with git pickaxe right).


The LibreSSL port lacks a c_rehash script as well. Putting  
c_rehash back

into base wouldn't solve the problem because it requires Perl 5.


Correct.  I just removed the manual page to not confuse users.

https://svnweb.freebsd.org/changeset/base/329024

Thanks for letting me know!

Jung-uk Kim


I would rather that c_rehash is brought back. I can install perl  
just fine
(or have it anyway installed), that's not the case with openssl from  
ports,

as that will mess up many things.

Guess I'll download my own version ... :(

Uli


Would this be something useful to add to src/tools?  Or create an  
explicit port for it?  Or just keep it handy yourself?


- Justin

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: openssl in base should install c_rehash

2018-02-08 Thread Ulrich Spörlein 
2018-02-08 21:00 GMT+01:00 Jung-uk Kim :

> On 02/08/2018 08:52, Jan Bramkamp wrote:
> > On 08.02.18 14:24, Ulrich Spörlein wrote:
> >> Hey,
> >>
> >> c_rehash has somehow disappeared from the base system. We still
> >> install the
> >> manpage it seems, but the tool itself is missing. Can we have that back?
> >>
> >>
> >> root@acme:/etc/ssl# locate c_rehash
> >> ...
> >> /usr/share/openssl/man/man1/c_rehash.1.gz
> >> /usr/src/crypto/openssl/doc/apps/c_rehash.pod
> >> /usr/src/secure/usr.bin/openssl/man/c_rehash.1
> >>
> >>
> >> The port seems to install it just fine:
> >>
> >> root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
> >> /usr/ports/security/openssl/pkg-plist:bin/c_rehash
> >> /usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
> >>
> >> It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm
> >> reading the
> >> history with git pickaxe right).
> >
> > The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
> > into base wouldn't solve the problem because it requires Perl 5.
>
> Correct.  I just removed the manual page to not confuse users.
>
> https://svnweb.freebsd.org/changeset/base/329024
>
> Thanks for letting me know!
>
> Jung-uk Kim
>
>
I would rather that c_rehash is brought back. I can install perl just fine
(or have it anyway installed), that's not the case with openssl from ports,
as that will mess up many things.

Guess I'll download my own version ... :(

Uli
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: openssl in base should install c_rehash

2018-02-08 Thread Jung-uk Kim 
On 02/08/2018 08:52, Jan Bramkamp wrote:
> On 08.02.18 14:24, Ulrich Spörlein wrote:
>> Hey,
>>
>> c_rehash has somehow disappeared from the base system. We still
>> install the
>> manpage it seems, but the tool itself is missing. Can we have that back?
>>
>>
>> root@acme:/etc/ssl# locate c_rehash
>> ...
>> /usr/share/openssl/man/man1/c_rehash.1.gz
>> /usr/src/crypto/openssl/doc/apps/c_rehash.pod
>> /usr/src/secure/usr.bin/openssl/man/c_rehash.1
>>
>>
>> The port seems to install it just fine:
>>
>> root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
>> /usr/ports/security/openssl/pkg-plist:bin/c_rehash
>> /usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
>>
>> It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm
>> reading the
>> history with git pickaxe right).
> 
> The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
> into base wouldn't solve the problem because it requires Perl 5.

Correct.  I just removed the manual page to not confuse users.

https://svnweb.freebsd.org/changeset/base/329024

Thanks for letting me know!

Jung-uk Kim



signature.asc
Description: OpenPGP digital signature

Re: openssl in base should install c_rehash

2018-02-08 Thread Jan Bramkamp 

On 08.02.18 14:24, Ulrich Spörlein wrote:

Hey,

c_rehash has somehow disappeared from the base system. We still install the
manpage it seems, but the tool itself is missing. Can we have that back?


root@acme:/etc/ssl# locate c_rehash
...
/usr/share/openssl/man/man1/c_rehash.1.gz
/usr/src/crypto/openssl/doc/apps/c_rehash.pod
/usr/src/secure/usr.bin/openssl/man/c_rehash.1


The port seems to install it just fine:

root@acme:/etc/ssl# grep -r c_rehash /usr/ports/
/usr/ports/security/openssl/pkg-plist:bin/c_rehash
/usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz

It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm reading the
history with git pickaxe right).


The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back 
into base wouldn't solve the problem because it requires Perl 5.

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"