SAT resolver problem - [CFT] SSP Package Repository available

Michael Jung mikej at mikej.com
Tue Aug 26 19:02:18 UTC 2014 

On 2014-08-22 16:17, Bryan Drewery wrote:
> On 8/22/2014 1:16 PM, mikej wrote:
>> On , Bryan Drewery wrote:
>>> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>>>> i386 and amd64, and older releases on amd64 only currently.
>>>> 
>>>> Support may be added for earlier i386 releases once all ports 
>>>> properly
>>>> respect LDFLAGS.
>>>> 
>>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all
>>>> ports.
>>>> 
>>>> The default SSP_CLFAGS is -fstack-protector, but 
>>>> -fstack-protector-all
>>>> may optionally be set instead.
>>>> 
>>>> Please help test this on your system. We would like to eventually 
>>>> enable
>>>> this by default, but need to identify any major ports that have 
>>>> run-time
>>>> issues due to it.
>>>> 
>>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>>>> 
>>> 
>>> We have not had any feedback on this yet and want to get it enabled 
>>> by
>>> default for ports and packages.
>>> 
>>> We now have a repository that you can use rather than the default to
>>> help test. We need your help to identify any issues before switching 
>>> the
>>> default.
>>> 
>>> This repository is available for:
>>> 
>>> head
>>> 10.0
>>> 9.1,9.2,9.3
>>> 
>>> It is not available for 8.4. If someone is willing to test on 8.4 I 
>>> will
>>> build a repository for it.
>>> 
>>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
>>> 
>>> FreeBSD: { enabled: no }
>>> FreeBSD_ssp: {
>>>   url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp",
>>>   mirror_type: "srv",
>>>   signature_type: "fingerprints",
>>>   fingerprints: "/usr/share/keys/pkg",
>>>   enabled: yes
>>> }
>>> 
>>> Once that is done you should force reinstall packages from this
>>> repository:
>>> 
>>>   pkg update
>>>   pkg upgrade -f
>>> 
>>> Thanks for your help!
>>> Bryan Drewery
>>> On behalf of portmgr.
>> 
>> I have been using this without issue on several machines until today.
>> 
>> root at firewall:/usr/ports # pkg -v
>> 1.3.6
>> root at firewall:/usr/ports #
>> 
>> 
>> Repositories:
>>   FreeBSD_ssp: {
>>     url             : 
>> "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp",
>>     enabled         : yes,
>>     mirror_type     : "SRV",
>>     signature_type  : "FINGERPRINTS",
>>     fingerprints    : "/usr/share/keys/pkg"
>>   }
>> 
>> 
>> root at firewall:/usr/ports # pkg update -f
>> Updating repository catalogue
>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found
>> pkg: repository FreeBSD_ssp has no meta file, using default settings
>> Fetching digests.txz: 100% of 1 MB
>> Fetching packagesite.txz: 100% of 5 MB
>> 
>> Adding new entries: 100%
>> Incremental update completed, 23305 packages processed:
>> 0 packages updated, 0 removed and 23305 added.
>> root at firewall:/usr/ports # pkg install mdnsresponder
>> Updating repository catalogue
>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found
>> pkg: repository FreeBSD_ssp has no meta file, using default settings
>> FreeBSD_ssp repository is up-to-date
>> All repositories are up-to-date
>> Checking integrity... done (1 conflicting)
>> pkg: Cannot solve problem using SAT solver:
>> cannot install package mDNSResponder~net/mDNSResponder, remove it from
>> request [Y/n]: y
>> Checking integrity... done (0 conflicting)
>> The most recent version of packages are already installed
>> root at firewall:/usr/ports # uname -a
>> FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug  
>> 1
>> 00:35:49 EDT 2014     mikej at firewall:/usr/obj/usr/src/sys/GENERIC  
>> amd64
>> root at firewall:/usr/ports # date
>> Fri Aug 22 14:12:30 EDT 2014
>> root at firewall:/usr/ports #
>> 
>> root at firewall:/usr/ports # pkg info | grep mdns
>> root at firewall:/usr/ports #
>> 
>> Regards,
>> 
>> --mikej
> 
> It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32 
> repositories
> are stale from a month ago. Looking into why.
> 
> Sadly this was not noticed and the instructions effectively will
> downgrade packages. These 2 repositories have pkg-1.2 still as well.



Bryan,

Any update?  As you probably expect if I build the port locally with 
poudriere and install there is no issue.  I'm building with

WITH_SSP_PORTS=YES

in /etc/make.conf

Regards,

--mikej

More information about the freebsd-pkg mailing list