SAT resolver problem - [CFT] SSP Package Repository available

Bryan Drewery bdrewery at FreeBSD.org
Tue Aug 26 19:18:19 UTC 2014 

On 8/26/2014 2:02 PM, Michael Jung wrote:
> On 2014-08-22 16:17, Bryan Drewery wrote:
>> On 8/22/2014 1:16 PM, mikej wrote:
>>> On , Bryan Drewery wrote:
>>>> On 9/21/2013 5:49 AM, Bryan Drewery wrote:
>>>>> Ports now support enabling Stack Protector [1] support on FreeBSD 10
>>>>> i386 and amd64, and older releases on amd64 only currently.
>>>>>
>>>>> Support may be added for earlier i386 releases once all ports properly
>>>>> respect LDFLAGS.
>>>>>
>>>>> To enable, just add WITH_SSP=yes to your make.conf and rebuild all
>>>>> ports.
>>>>>
>>>>> The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all
>>>>> may optionally be set instead.
>>>>>
>>>>> Please help test this on your system. We would like to eventually
>>>>> enable
>>>>> this by default, but need to identify any major ports that have
>>>>> run-time
>>>>> issues due to it.
>>>>>
>>>>> [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection
>>>>>
>>>>
>>>> We have not had any feedback on this yet and want to get it enabled by
>>>> default for ports and packages.
>>>>
>>>> We now have a repository that you can use rather than the default to
>>>> help test. We need your help to identify any issues before switching
>>>> the
>>>> default.
>>>>
>>>> This repository is available for:
>>>>
>>>> head
>>>> 10.0
>>>> 9.1,9.2,9.3
>>>>
>>>> It is not available for 8.4. If someone is willing to test on 8.4 I
>>>> will
>>>> build a repository for it.
>>>>
>>>> Place this in /usr/local/etc/pkgs/repos/FreeBSD_ssp.conf:
>>>>
>>>> FreeBSD: { enabled: no }
>>>> FreeBSD_ssp: {
>>>>   url: "pkg+http://pkg.FreeBSD.org/${ABI}/ssp",
>>>>   mirror_type: "srv",
>>>>   signature_type: "fingerprints",
>>>>   fingerprints: "/usr/share/keys/pkg",
>>>>   enabled: yes
>>>> }
>>>>
>>>> Once that is done you should force reinstall packages from this
>>>> repository:
>>>>
>>>>   pkg update
>>>>   pkg upgrade -f
>>>>
>>>> Thanks for your help!
>>>> Bryan Drewery
>>>> On behalf of portmgr.
>>>
>>> I have been using this without issue on several machines until today.
>>>
>>> root at firewall:/usr/ports # pkg -v
>>> 1.3.6
>>> root at firewall:/usr/ports #
>>>
>>>
>>> Repositories:
>>>   FreeBSD_ssp: {
>>>     url             :
>>> "pkg+http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp",
>>>     enabled         : yes,
>>>     mirror_type     : "SRV",
>>>     signature_type  : "FINGERPRINTS",
>>>     fingerprints    : "/usr/share/keys/pkg"
>>>   }
>>>
>>>
>>> root at firewall:/usr/ports # pkg update -f
>>> Updating repository catalogue
>>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found
>>> pkg: repository FreeBSD_ssp has no meta file, using default settings
>>> Fetching digests.txz: 100% of 1 MB
>>> Fetching packagesite.txz: 100% of 5 MB
>>>
>>> Adding new entries: 100%
>>> Incremental update completed, 23305 packages processed:
>>> 0 packages updated, 0 removed and 23305 added.
>>> root at firewall:/usr/ports # pkg install mdnsresponder
>>> Updating repository catalogue
>>> pkg: http://pkg.FreeBSD.org/freebsd:10:x86:64/ssp/meta.txz: Not Found
>>> pkg: repository FreeBSD_ssp has no meta file, using default settings
>>> FreeBSD_ssp repository is up-to-date
>>> All repositories are up-to-date
>>> Checking integrity... done (1 conflicting)
>>> pkg: Cannot solve problem using SAT solver:
>>> cannot install package mDNSResponder~net/mDNSResponder, remove it from
>>> request [Y/n]: y
>>> Checking integrity... done (0 conflicting)
>>> The most recent version of packages are already installed
>>> root at firewall:/usr/ports # uname -a
>>> FreeBSD firewall 10.0-STABLE FreeBSD 10.0-STABLE #0 r269366M: Fri Aug  1
>>> 00:35:49 EDT 2014     mikej at firewall:/usr/obj/usr/src/sys/GENERIC  amd64
>>> root at firewall:/usr/ports # date
>>> Fri Aug 22 14:12:30 EDT 2014
>>> root at firewall:/usr/ports #
>>>
>>> root at firewall:/usr/ports # pkg info | grep mdns
>>> root at firewall:/usr/ports #
>>>
>>> Regards,
>>>
>>> --mikej
>>
>> It looks like the (SSP) freebsd:10:x86:64 freebsd:11:x86:32 repositories
>> are stale from a month ago. Looking into why.
>>
>> Sadly this was not noticed and the instructions effectively will
>> downgrade packages. These 2 repositories have pkg-1.2 still as well.
> 
> 
> 
> Bryan,
> 
> Any update?  As you probably expect if I build the port locally with
> poudriere and install there is no issue.  I'm building with
> 
> WITH_SSP_PORTS=YES
> 
> in /etc/make.conf
> 
> Regards,
> 
> --mikej


The latest package set, along with pkg 1.3.7, should be getting
published later today.

As for the pkg issue with installing mDNSResponder, I am not 100% sure
it is fixed by new package set. We'll have to wait and see. There are
several issues to fix in the new pkg solver still.

-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-pkg/attachments/20140826/20e70dd0/attachment.sig>

More information about the freebsd-pkg mailing list