HTTPS on, git, reproducible builds

Dag-Erling Smørgrav des at
Sat Sep 19 00:35:44 UTC 2015

Roger Marquis <marquis at> writes:
> This issue is one of the reasons secure sites do not use binary packages
> or freebsd-update.  It also illustrates problems admins have when
> required to buildworld/installworld when all they should need to do is
> "cd /usr/src/crypro/openssh&&make install" (for example).  Does anyone
> have a link to the archived discussion detailing why this functionality
> was deprecated?

It has not been deprecated.  If you're referring upgrading instructions
in security advisories etc., they generally just say "build and install
world" because providing precise instructions for an incremental rebuild
would require much more work on secteam's part, and there would be a
significant risk of error both on secteam's and the user's part.  Here's
the correct sequence for OpenSSH:

# cd /usr/src/secure
# for d in lib/libssh */s* ; do (cd $d && make cleandir && make obj && make depend all install) ; done
# service sshd restart

Dag-Erling Smørgrav - des at

More information about the freebsd-questions mailing list