security/tor and WITH_OPENSSL_PORT=yes
in [Ports]
|
From: Ruslan Mahmatkhanov on 7 Jun 2010 13:24 Good day! Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor? It builds fine on 8-stable with base system openssl. Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in base system. May be it should be removed from port's Makefile? -- Regards, Ruslan _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: "b. f." on 7 Jun 2010 15:24 >Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor? >It builds fine on 8-stable with base system openssl. > >Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in >base system. May be it should be removed from port's Makefile? You are right that it no longer should be unconditional, but not that it should be removed altogether. Remember, although you may be running a recent version of 8-stable, with openssl 0.9.8n, others may still be using older, but still supported, versions of the FreeBSD, with older base system openssl. And, as far as I know, openssl 1.0 is _not_ in the base system, even in -CURRENT. We are still at 0.9.8n. Anyway, I think Martin planned to fix this, now that __FreeBSD_version has been bumped after some recent changes. Regards, b. _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: Scott Bennett on 8 Jun 2010 13:10 On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783(a)googlemail.com> wrote: >>Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor? >>It builds fine on 8-stable with base system openssl. >> >>Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in >>base system. May be it should be removed from port's Makefile? > >You are right that it no longer should be unconditional, but not that >it should be removed altogether. Remember, although you may be >running a recent version of 8-stable, with openssl 0.9.8n, others may >still be using older, but still supported, versions of the FreeBSD, >with older base system openssl. > >And, as far as I know, openssl 1.0 is _not_ in the base system, even >in -CURRENT. We are still at 0.9.8n. > >Anyway, I think Martin planned to fix this, now that __FreeBSD_version >has been bumped after some recent changes. > Before anyone decides to "fix" this, they should keep in mind that the port needs not only to build correctly, but to *run* correctly. tor built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely does not work in relay mode. Clients and other relays attempt to connect to it, but no data packets ever get through, and the connections are soon closed. Because of this, tor's self-reachability testing fails, so it never publishes a descriptor. After the update from openssl 0.9.8n, a version that had worked just fine, came through, I had to install portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n in order to get tor to work properly again. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * ********************************************************************** _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: "b. f." on 8 Jun 2010 13:31 On 6/8/10, Scott Bennett <bennett(a)cs.niu.edu> wrote: > On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783(a)googlemail.com> > wrote: >>>Why we need uncoditional WITH_OPENSSL_PORT=yes in security/tor? >>>It builds fine on 8-stable with base system openssl. >>> >>>Moreover this setting isn't needed on -CURRENT because openssl 1.0 is in >>>base system. May be it should be removed from port's Makefile? >> >>You are right that it no longer should be unconditional, but not that >>it should be removed altogether. Remember, although you may be >>running a recent version of 8-stable, with openssl 0.9.8n, others may >>still be using older, but still supported, versions of the FreeBSD, >>with older base system openssl. >> >>And, as far as I know, openssl 1.0 is _not_ in the base system, even >>in -CURRENT. We are still at 0.9.8n. >> >>Anyway, I think Martin planned to fix this, now that __FreeBSD_version >>has been bumped after some recent changes. >> > Before anyone decides to "fix" this, they should keep in mind that > the port needs not only to build correctly, but to *run* correctly. tor > built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely > does not work in relay mode. Clients and other relays attempt to connect > to it, but no data packets ever get through, and the connections are soon > closed. Because of this, tor's self-reachability testing fails, so it > never publishes a descriptor. After the update from openssl 0.9.8n, a > version that had worked just fine, came through, I had to install > portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n > in order to get tor to work properly again. > Then a change to allow the use of base system openssl on some versions of the OS should make your life a little bit easier. Information about run-time failures is just the kind of feedback that you should be providing to Martin, because I don't think his testing includes the full range of conditions under which tor is used. Speaking for myself, when I submit an update, I am content if tor builds and installs cleanly, passes the bundled regression tests (with one known exception), and works as a client. We need more information from people like you to fix problems. b. _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: "b. f." on 8 Jun 2010 13:50 On 6/8/10, b. f. <bf1783(a)googlemail.com> wrote: > On 6/8/10, Scott Bennett <bennett(a)cs.niu.edu> wrote: >> On Mon, 7 Jun 2010 19:24:36 +0000 "b. f." <bf1783(a)googlemail.com> >> wrote: >> Before anyone decides to "fix" this, they should keep in mind that >> the port needs not only to build correctly, but to *run* correctly. tor >> built with openssl 1.0.0 builds just fine on 7.3-STABLE, but definitely >> does not work in relay mode. Clients and other relays attempt to connect >> to it, but no data packets ever get through, and the connections are soon >> closed. Because of this, tor's self-reachability testing fails, so it >> never publishes a descriptor. After the update from openssl 0.9.8n, a >> version that had worked just fine, came through, I had to install >> portdowngrade and use it to get back from openssl 1.0.0 to openssl 0.9.8n >> in order to get tor to work properly again. I should also point out, in Martin's defense, that the change to use the openssl port with tor came about well _before_ the update of the openssl port to 1.0.x, and was needed to fix the use of tor with earlier versions of openssl. When Dirk updated openssl to 1.0.x, he could of course only verify that the update didn't break the build for the many dependent ports, and test the run-time behavior of only a few. b. _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
|
Pages: 1 Prev: Fwd: Re: Torrentflux and Zabbix Apache Include files?? Next: installing java in freebsd 8 |