Page MenuHomeFreeBSD

sysutils/nfs-over-tls: Fix build with OpenSSL without KTLS patches
ClosedPublic

Authored by rmacklem on Feb 10 2021, 2:22 PM.
Tags
None
Referenced Files
F81969707: D28572.diff
Sat, Dec 14, 9:32 AM
Unknown Object (File)
Feb 22 2024, 4:43 AM
Unknown Object (File)
Feb 22 2024, 4:43 AM
Unknown Object (File)
Feb 22 2024, 4:43 AM
Unknown Object (File)
Feb 22 2024, 4:43 AM
Unknown Object (File)
Feb 21 2024, 12:27 AM
Unknown Object (File)
Jan 29 2024, 9:24 PM
Unknown Object (File)
Jan 18 2024, 4:57 AM
Subscribers

Details

Summary
sysutils/nfs-over-tls: Fix build with OpenSSL without KTLS patches

The NFS over TLS daemons have been updated so that they will build
with versions of OpenSSL not patched for KTLS.
They also check for KTLS being enabled and just errx() if not.

Since this is a new port and the above changes do not change the
daemons when built with a KTLS enabled version of OpenSSL, the
source revision has not changed. However, distinfo does need to
be updated for the modified tarball.

Reviewed_by: lwushu, loader, koobs
Approved by: lwhsu (ports), koobs (ports)
MFH: No (Port does not exist in quarterly)
Differential_Revision: D28572
Test Plan
  • portlint: OK (looks fine.)
  • testport: OK (poudriere: <freebsd <versions>, <archs>, <OPTIONS> tested)
  • maketest: OK (XXX of YYY PASS)

Ran a "make stage" with the tarball in /usr/ports/distfiles deleted.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

Since there is already nfs-over-tls package available on pkg.freebsd.org, I suggest we at least to bump the PORTREVISION in Makefile. And I suggest still bump the version of the distfile for mitigating the mirroring issues.

Bumped the software to version1.1 as suggested.

Please feel free to commit with my approval for ports.

sysutils/nfs-over-tls/Makefile
18–19

BTW, I feel IGNORE might be more suitable.

From ports/Mk/bsd.port.mk:

# IGNORE        - Package build should be skipped entirely (e.g.
#                 because of serious unfixable problems in the build,
#                 because it cannot be manually fetched, etc).  Error
#                 logs will not appear on pointyhat, so this should be
#                 used sparingly.

# BROKEN        - Port is believed to be broken.  Package builds can
#                 still be attempted using TRYBROKEN to test this
#                 assumption.
This revision is now accepted and ready to land.Feb 11 2021, 2:06 PM

Change BROKEN to IGNORE as suggested.

This revision now requires review to proceed.Feb 12 2021, 12:08 AM

poudriere[0] runs as user nobody by default, and
it failed to run install(1) with "-o root -g wheel".

[0]: https://docs.freebsd.org/en/books/porters-handbook/testing-poudriere.html

===========================================================================
=======================<phase: run-depends    >============================
===========================================================================
=======================<phase: stage          >============================
===>  Staging for nfs-over-tls-1.1
===>   Generating temporary packing list
install -s -m 0555 -o root -g wheel rpc.tlsclntd rpc.tlsservd /wrkdirs/usr/ports/sysutils/nfs-over-tls/work/stage/usr/local/sbin
install: /wrkdirs/usr/ports/sysutils/nfs-over-tls/work/stage/usr/local/sbin/rpc.tlsclntd: chown/chgrp: Operation not permitted
*** Error code 71

Stop.
make[1]: stopped in /wrkdirs/usr/ports/sysutils/nfs-over-tls/work/nfs-over-tls-1.1
*** Error code 1

Add check for UID == 0, since this port
can only be installed as root.

Add check for UID == 0, since this port
can only be installed as root.

There's no need to run install(8) with "-o root -g wheel" in the Makefile,
pkg-create(8) sets the default ownership to root:wheel while creating the package,
(even running as a regular user):
https://github.com/freebsd/pkg/blob/release-1.16/libpkg/pkg_ports.c#L1323

1323        p->uname = xstrdup("root");
1324        p->gname = xstrdup("wheel");

File ownership and permission could be set in pkg-plist.
pkg-create(8):

@mode mode
        Set default permission for all subsequently extracted files to
        mode.  Format is the same as that used by the chmod command.  Use
        without an arg to set back to default (mode of the file while
        being packed) permissions.
@owner user
        Set default ownership for all subsequent files to user.  Use
        without an arg to set back to default (root) ownership.
@group group
        Set default group ownership for all subsequent files to group.
        Use without an arg to set back to default (wheel) group
        ownership.

Revert the last change and take setting root/wheel out
of the port's Makefile, as requested by loader.

The port now builds (but does not install, of course)
when done as non-root.
This seems ok to me, since the install obviously
needs to be done by root.

  • testport: OK (poudriere: 1400002, [armv7, aarch64, amd64, i386], tested)
This revision is now accepted and ready to land.Feb 14 2021, 7:06 AM

Apologies, had to reset 2FA creds (lost) before I could login to review.

Change looks good.

Review/Commit improvements:

  • Format reviews as you would a good commit log message:
category/portname: <verb> short summary

Background and rationale for changes (if not self explanatory)

All:
Relevant:
Properties:
MFH: <branch|No> (<reason>)

Since this port isnt in quarterly (yet):

MFH: No (does not existing in 2020Q1)

I'll update this review shortly as an example.

  • For TEST PLAN section:
* portlint: OK (looks fine.)
* testport: OK (poudriere: <freebsd <versions>, <archs>, <OPTIONS> tested)
* maketest: OK (XXX of YYY PASS)

You'll want to install poudriere. It covers the full packaging workflow and will pickup issues that subset manual commands wont

Also when (arc) creating reviews, include full context (I believe this is -C99999)

koobs retitled this revision from nfs-over-tls: update distinfo to sysutils/nfs-over-tls: Fix build with OpenSSL without KTLS patches.
koobs edited the summary of this revision. (Show Details)
koobs edited the test plan for this revision. (Show Details)

@rmacklem Good to commit if it passes QA

You'll want to install poudriere. It covers the full packaging workflow and will pickup issues that subset manual commands wont

This has been done by @loader so I believe just adding this in the log is sufficient:

Tested by: loader

Should be enough.