(n244517-f17fc5439f5) svn stuck forever in /usr/ports?
Hartmann, O.
ohartmann at walstatt.org
Tue Feb 9 22:16:40 UTC 2021
On Wed, 3 Feb 2021 17:34:24 +0100
Guido Falsi via freebsd-current <freebsd-current at freebsd.org> wrote:
> On 03/02/21 17:02, John Baldwin wrote:
> > On 2/2/21 10:16 PM, Hartmann, O. wrote:
> >> On Mon, 1 Feb 2021 03:24:45 +0000
> >> Rick Macklem <rmacklem at uoguelph.ca> wrote:
> >>
> >>> Rick Macklem wrote:
> >>>> Guido Falsi wrote:
> >>>> [good stuff snipped]
> >>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957,
> >>>>> adding
> >>>>> KTLS support to embedded OpenSSL.
> >>>>>
> >>>>> I filed a bug report about this:
> >>>>>
> >>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
> >>>>>
> >>>>>
> >>>>> Apart from switching to svn:// scheme, another workaround is to build
> >>>>> base using WITHOUT_OPENSSL_KTLS.
> >>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which
> >>>> use ktls),
> >>>> they acted like things were ok (no handshake problems), but the data
> >>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a
> >>>> SSL_write(),
> >>>> so it depends on ktls to do the encryption).
> >>>>
> >>>> Since these daemons work fine with openssl3 in
> >>>> ports/security/openssl-devel,
> >>>> I suspect the ktls backport is not quite right. I've sent jhb@ email.
> >>> I was wrong on the above. I did a full buildworld/installworld and
> >>> the daemons
> >>> now seem to work with the openssl in head/main.
> >>>
> >>> Btw, did anyone try rebuilding svn from sources after doing
> >>> the system upgrade?
> >>> (The openssl library calls and .h files definitely changed.)
> >>
> >> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild
> >> EVERY port (at
> >> least, I did, to avoid further problem). Yesterday, on of our fastes
> >> boxes got ready and
> >> even with a full rebuild of the system AND a full rebuild of the ports
> >> (no poudriere,
> >> traditional way via make), the Apache 2.4 webservice doesn't work, and
> >> so does subversion
> >> not (Firefox reports problems with SSL handshake, subversion is
> >> stuck/frozen forever).
> >> I will run today another full world build today, hopefully finishing
> >> on friday (portmaster
> >> -dfR doesn't get everything in line on some ports, I assume).
> >>
> >> oh
> >
> > I tracked the subversion hang down to a bug in serf (an Apache library
> > used by
> > subversion). It would also affect any other software using serf. The
> > serf in
> > ports will also have to be patched.
> >
>
> I submitted your patch as a bug report to the serf port:
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253214
>
What is the status of this bug?
As PR 253214 might suggest, the patch to www/serf has been commited. We still face a
problem with FreeBSD CURRENT-14 based systems running Apache24:
FreeBSD 14.0-CURRENT #4 main-n244672-866c8b8d5dd: Mon Feb 8 08:38:59 CET 2021 amd64
/usr/ports is at Revision: 564736.
www/apache24, www/serf have been rebuilt using "portmaster -f www/apache24 www/serf".
Restarting Apache 2.4 still fails on any access with SSL enabled, firefox reports:
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
What am I missing here? What is to be rebuilt? FreeBSD 14-CURRENT has been rebuilt from
scratch on the 7th of February, ports have been completely rebuilt after KTLS
introduction and several critical ports as www/serf and www/apache and mod_ ports have
been rebuilt afterwards with ports tree revision 564736. Something is still missing.
Kind regards and thanks in advance,
oh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20210209/c5494929/attachment.sig>
More information about the freebsd-current
mailing list