From nobody Fri Feb 02 10:29:13 2024 X-Original-To: pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TRBpZ0ZG6z58SqT for ; Fri, 2 Feb 2024 10:29:26 +0000 (UTC) (envelope-from dfr@rabson.org) Received: from mail-yw1-x1136.google.com (mail-yw1-x1136.google.com [IPv6:2607:f8b0:4864:20::1136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TRBpY63J5z4rY6 for ; Fri, 2 Feb 2024 10:29:25 +0000 (UTC) (envelope-from dfr@rabson.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-yw1-x1136.google.com with SMTP id 00721157ae682-6041779e75eso20596227b3.3 for ; Fri, 02 Feb 2024 02:29:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rabson-org.20230601.gappssmtp.com; s=20230601; t=1706869764; x=1707474564; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GtDQ+G03LmJpu68oyM2m1L0lpQSaDA36EqvpFjgBy7E=; b=IdWn60mhQWIi5yszDReWGdmNTDzuJDDRgqJfcC7Srjp3SbhOHm5mNqBQQCifIHsZYw hNhQjWHW8L4r1ItDKxVwT68vRUuHFfu0s0NE5jdNmSsnwPPjRMMQ3nCe+M+JLO19viMt c7FEJsFlRbGyrLHf1qCZ3dnv4sZX6evO4xCeU5sKS1sVwEZvLPF/eegmuhXS2HXIC0lw N+x7VelYil//wwMdnh9Fx85eSDvmRLegPLCBY8C+JDgMUE8ie8xmGScSkp+WqXdNnRTa eqGPDZAX9h8OFNBtMl/XLMpE2G2Hc2mTGy+zj5p+cxHoF+ZaQYA1mB+6G1uCfkRmHypp AKIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706869764; x=1707474564; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GtDQ+G03LmJpu68oyM2m1L0lpQSaDA36EqvpFjgBy7E=; b=XgcCKrQplnrOIVXKsPWxePsuTcwxxBdbVueVZbb3XR6Hjgb0YS8myZg3Z9X+m9hlPI BwnKAak9DwsAwOFiPquGd0wpttBOLqQi6dRnD1noC8ODLZqJvTQcvISNF8XEuPflmr1X MEvdAFH27Xk8ReU4D+Tn1x1WnLSFhqH4Hg5/L2rt1C6VkuFmlPCVzO43HkDqqFG8PojW ziyZGppf27/xJ90076dfKpZtZQb5mK5y1tOPfL0dpcqZiu4bB4pJNJR7xsW0BTOTXhSO e1hCsmlmEOA9pMyu1v7xkyqAecHdAvqLq7/Hw2dNmnPwkjeDf8JQmgB/iNTDjiD4WdH2 eNjw== X-Gm-Message-State: AOJu0YwnYjXCJaZ28RN7fLIDn0MeYQEtIyLFUUGWE0MUPvO5vOvgGVnB Pk1Oz6h+IdjWcLXNmOiRT/yfjahtdhi3zoZ6ta665rIctYL8ULZJACixQb85ZcGAxjIaBRFsBzq TcFRE0a4PZvp0Yr3Vpj6k2dzof11UJxcuNhR8Ig== X-Google-Smtp-Source: AGHT+IFGmoxXuhtxiBWRx2mcDVBjnS9ZhKyBdT1fCCHnjwLbwbysdBUz0s7lORATBaKIwtzp80uvcY7ePqQyF8S937A= X-Received: by 2002:a81:488d:0:b0:5ff:b104:cc74 with SMTP id v135-20020a81488d000000b005ffb104cc74mr2000914ywa.2.1706869764258; Fri, 02 Feb 2024 02:29:24 -0800 (PST) List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Doug Rabson Date: Fri, 2 Feb 2024 10:29:13 +0000 Message-ID: Subject: Re: fips.so file package To: "Wall, Stephen" Cc: "pkgbase@FreeBSD.org" Content-Type: multipart/alternative; boundary="000000000000fa0f2806106395bd" X-Rspamd-Queue-Id: 4TRBpY63J5z4rY6 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --000000000000fa0f2806106395bd Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, 1 Feb 2024 at 16:03, Wall, Stephen wrote: > Why does the build place fips.so (the FIPS provider for openssl) in > =E2=80=9CFreeBSD-utilities=E2=80=9D instead of =E2=80=9CFreeBSD-openssl-l= ib=E2=80=9D? Is that an oversight? > > Related =E2=80=93 I=E2=80=99d think openssl.cnf would be better placed in > =E2=80=9CFreeBSD-openssl-lib=E2=80=9D with libcrypto and libssl than in = =E2=80=9CFreeBSD-openssl=E2=80=9D. > > > > (And yes, I know the fips.so built by FreeBSD is not FIPS validated.) > The FreeBSD-utilities package tends to contain anything which is not marked to go in some other package so yes, this is an oversight which could be fixed by adding 'PACKAGE=3D openssl-lib' to secure/lib/libcrypto/modules/fips/Makefile or possibly secure/lib/libcrypto/Makefile.inc. If openssl.cnf is something only used at compile time, that should also go in openssl-lib. > --000000000000fa0f2806106395bd Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Thu, 1 Feb 2024 at 16:03, Wall, St= ephen <stephen.wall@redcom.co= m> wrote:

Why does the build place fips.so (the FIPS provider = for openssl) in =E2=80=9CFreeBSD-utilities=E2=80=9D instead of =E2=80=9CFre= eBSD-openssl-lib=E2=80=9D?=C2=A0 Is that an oversight?

Related =E2=80=93 I=E2=80=99d think openssl.cnf woul= d be better placed in =E2=80=9CFreeBSD-openssl-lib=E2=80=9D with libcrypto = and libssl than in =E2=80=9CFreeBSD-openssl=E2=80=9D.

=C2=A0

(And yes, I know the fips.so built by FreeBSD is not= FIPS validated.)


The= FreeBSD-utilities package tends to contain anything which is not marked to= go in some other package so yes, this is an oversight which could be fixed= by adding 'PACKAGE=3D openssl-lib' to secure/lib/libcrypto/modules= /fips/Makefile or possibly secure/lib/libcrypto/Makefile.inc. If openssl.cn= f is something only used at compile time, that should also go in openssl-li= b.

=C2=A0
--000000000000fa0f2806106395bd--