On 8/26/2014 2:02 PM, Michael Jung wrote: > On 2014-08-22 16:17, Bryan Drewery wrote: >> On 8/22/2014 1:16 PM, mikej wrote: >>> On , Bryan Drewery wrote: >>>> On 9/21/2013 5:49 AM, Bryan Drewery wrote: >>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10 >>>>> i386 and amd64, and older releases on amd64 only currently. >>>>> >>>>> Support may be added for earlier i386 releases once all ports properly >>>>> respect LDFLAGS. >>>>> >>>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all >>>>> ports. >>>>> >>>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all >>>>> may optionally be set instead. >>>>> >>>>> Please help test this on your system. We would like to eventually >>>>> enable >>>>> this by default, but need to identify any major ports that have >>>>> run-time >>>>> issues due to it. >>>>> >>>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection >>>>> >>>> >>>> We have not had any feedback on this yet and want to get it enabled by >>>> default for ports and packages. >>>> >>>> We now have a repository that you can use rather than the default to >>>> help test. We need your help to identify any issues before switching >>>> the >>>> default. >>>> >>>> This repository is available for: >>>> >>>> head >>>> 10.0 >>>> 9.1,9.2,9.3 >>>> >>>> It is not available for 8.4. If someone is willing to test on 8.4 I >>>> will >>>> build a repository for it. >>>> >>>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf: >>>> >>>> FreeBSD: { enabled: no } >>>> FreeBSD_ssp: { >>>> url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp";, >>>> mirror_type: "srv", >>>> signature_type: "fingerprints", >>>> fingerprints: "/usr/share/keys/pkg", >>>> enabled: yes >>>> } >>>> >>>> Once that is done you should force reinstall packages from this >>>> repository: >>>> >>>> pkg update >>>> pkg upgrade -f >>>> >>>> Thanks for your help! >>>> Bryan Drewery >>>> On behalf of portmgr. >>> >>> I have been using this without issue on several machines until today. >>> >>> root@firewall:/usr/ports # pkg -v >>> 1.3.6 >>> root@firewall:/usr/ports # >>> >>> >>> Repositories: >>> FreeBSD_ssp: { >>> url : >>> "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp";, >>> enabled : yes, >>> mirror_type : "SRV", >>> signature_type : "FINGERPRINTS", >>> fingerprints : "/usr/share/keys/pkg" >>> } >>> >>> >>> root@firewall:/usr/ports # pkg update -f >>> Updating repository catalogue >>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found >>> pkg: repository FreeBSD_ssp has no meta file, using default settings >>> Fetching digests.txz: 100% of 1 MB >>> Fetching packagesite.txz: 100% of 5 MB >>> >>> Adding new entries: 100% >>> Incremental update completed, 23305 packages processed: >>> 0 packages updated, 0 removed and 23305 added. >>> root@firewall:/usr/ports # pkg install mdnsresponder >>> Updating repository catalogue >>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found >>> pkg: repository FreeBSD_ssp has no meta file, using default settings >>> FreeBSD_ssp repository is up-to-date >>> All repositories are up-to-date >>> Checking integrity... done (1 conflicting) >>> pkg: Cannot solve problem using SAT solver: >>> cannot install package mDNSResponder~net/mDNSResponder, remove it from >>> request [Y/n]: y >>> Checking integrity... done (0 conflicting) >>> The most recent version of packages are already installed >>> root@firewall:/usr/ports # uname -a >>> FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug 1 >>> 00:35:49 EDT 2014 mikej@firewall:/usr/obj/usr/src/sys/GENERIC amd64 >>> root@firewall:/usr/ports # date >>> Fri Aug 22 14:12:30 EDT 2014 >>> root@firewall:/usr/ports # >>> >>> root@firewall:/usr/ports # pkg info | grep mdns >>> root@firewall:/usr/ports # >>> >>> Regards, >>> >>> --mikej >> >> It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32 repositories >> are stale from a month ago. Looking into why. >> >> Sadly this was not noticed and the instructions effectively will >> downgrade packages. These 2 repositories have pkg-1.2 still as well. > > > > Bryan, > > Any update? As you probably expect if I build the port locally with > poudriere and install there is no issue. I'm building with > > WITH_SSP_PORTS=YES > > in /etc/make.conf > > Regards, > > --mikej
The latest package set, along with pkg 1.3.7, should be getting published later today. As for the pkg issue with installing mDNSResponder, I am not 100% sure it is fixed by new package set. We'll have to wait and see. There are several issues to fix in the new pkg solver still. -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
