Re: git: 43741377b143 - main - security/openssl: Security update to 1.1.1n
- In reply to: Mark Johnston : "Re: git: 43741377b143 - main - security/openssl: Security update to 1.1.1n"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 19 Mar 2022 20:13:19 UTC
Dear Mark, Am 19.03.2022 um 17:42 schrieb Mark Johnston: > I've had zero luck reproducing this locally. I built several hundred > ports, including textproc/py-pystemmer mentioned elsewhere in the > thread, without any failures or instances of zero-filled files. Another > member of secteam also hasn't been able to trigger any build failures on > -p8. Any hints on a reproducer would be useful. > > We can simply push a -p9 which reverts EN-22:10 and :11, but of course > it would be preferable to precisely identify the problem. I attached you my poudriere.conf and the pkglist I used, which triggered the problem. Before you start your build, make sure that you delete all poudriere packages. They are located in my setup in folder: /usr/local/poudriere/data/packages/130amd64-default Also make sure you kill the ccache in folder /var/cache/ccache Place the poudriere.conf in /usr/local/etc I created a folder /usr/local/etc/poudriere.d/ where I placed the pkglist. I created the jail with (make sure your host system runs the -p8 kernel): poudriere jail -c -v 13.0-RELEASE -a amd64 -j 130amd64 I build my packages on a: CPU: AMD Ryzen 7 2700X Eight-Core Processor (3693.17-MHz K8-class CPU) Origin="AuthenticAMD" Id=0x800f82 Family=0x17 Model=0x8 Stepping=2 Building the packages with: cd /usr/local/etc/poudriere.d/ && poudriere bulk -t -j 130amd64 -f pkglist The load can go up to 60-90 so yes, this is a very nice stress test. I have not directly seen the problem. The first run was fine but produced then packages that where broken and I think this is, why it is very tricky to detect it. I think for me the problem was then caused by the php update (8.0.17) which used the broken packages to build it, where the problem then started to get visible. There all builds were failing reproducibly. But the first build of the packages were successful (even if some files, it seems it loves to break .h files), so you maybe have to build first a older port version and then on a second try the newest one. I hope that helps you to trigger the problem. Gruß Matthias Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook