Closed wjf1993 closed 3 months ago
wjf1993
commented
6 months ago
After I did some studies, I could let SSLSplit support ERR_get_func, but this error was still when I executed Make Ports again. What should I do?
The directory of the modified code is at /usr/ports/security/sslsplit/work/sslsplit-0.5.5.
mimugmail
commented
6 months ago Sslsplit was removed from ports due to missing openssl3 support
mimugmail
commented
6 months ago wjf1993
commented
6 months ago 9a435c2 Thank you ! I have tried the patch you provided. I have not encountered the error of SSLSplit. But I got another mistake like:
[20240205015404] ===> Installing for libmodbus-3.1.7_2 [20240205015404] ===> Checking if libmodbus is already installed [20240205015404] ===> Registering installation for libmodbus-3.1.7_2 as automatic Installing libmodbus-3.1.7_2... ===> nut-2.8.1_2 depends on shared library: libmodbus.so - found (/usr/local/lib/libmodbus.so) ===> Returning to build of nut-2.8.1_2 ===> nut-2.8.1_2 depends on shared library: libneon.so - not found [20240205015404] ===> License GPLv2 accepted by the user ===> neon-0.32.5_1 depends on file: /usr/local/sbin/pkg - found [20240205015404] => neon-0.32.5.tar.gz doesn't seem to exist in /usr/ports/distfiles/. [20240205015404] => Attempting to fetch https://notroj.github.io/neon/neon-0.32.5.tar.gz neon-0.32.5.tar.gz 875 kB 595 kBps 02s [20240205015407] ===> Fetching all distfiles required by neon-0.32.5_1 for building [20240205015407] ===> Extracting for neon-0.32.5_1 [20240205015407] => SHA256 Checksum OK for neon-0.32.5.tar.gz. [20240205015407] ===> Patching for neon-0.32.5_1 [20240205015407] ===> Applying extra patch /usr/ports/www/neon/files/extrapatch-docs [20240205015407] ===> Applying FreeBSD patches for neon-0.32.5_1 from /usr/ports/www/neon/files /usr/bin/sed -i.bak -e 's|-@NEON_VERSION@$||' /usr/obj/usr/ports/www/neon/work/neon-0.32.5/Makefile.in ===> neon-0.32.5_1 depends on package: pkgconf>=1.3.0_1 - found ===> neon-0.32.5_1 depends on file: /usr/local/lib/libcrypto.so.12 - found ===> neon-0.32.5_1 depends on shared library: libexpat.so - found (/usr/local/lib/libexpat.so) [20240205015407] ===> Configuring for neon-0.32.5_1 configure: loading site script /usr/ports/Templates/config.site checking for a BSD-compatible install... /usr/bin/install -c checking for gcc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking how to run the C preprocessor... cpp checking for grep that handles long lines and -e... (cached) /usr/bin/grep checking for egrep... (cached) /usr/bin/egrep checking for ANSI C header files... (cached) yes checking for sys/types.h... (cached) yes checking for sys/stat.h... (cached) yes checking for stdlib.h... (cached) yes checking for string.h... (cached) yes checking for memory.h... (cached) yes checking for strings.h... (cached) yes checking for inttypes.h... (cached) yes checking for stdint.h... (cached) yes checking for unistd.h... (cached) yes checking for minix/config.h... (cached) no checking whether it is safe to define EXTENSIONS... yes checking for inline... inline checking for an ANSI C-conforming const... yes checking for size_t... (cached) yes checking for off_t... (cached) yes checking for uname... FreeBSD checking whether make sets $(MAKE)... yes checking size of int... 4 checking size of long... 8 checking size of long long... 8 checking for gcc -Wformat -Werror sanity... yes checking for errno.h... (cached) yes checking for stdarg.h... (cached) yes checking for string.h... (cached) yes checking for stdlib.h... (cached) yes checking for sys/uio.h... (cached) yes checking size of size_t... 8 checking how to print size_t... lu checking size of off_t... 8 checking how to print off_t... ld checking size of ssize_t... 8 checking how to print ssize_t... ld checking whether byte ordering is bigendian... no checking whether strerror_r is declared... (cached) yes checking for strerror_r... (cached) yes checking whether strerror_r returns char *... no checking for snprintf... (cached) yes checking for vsnprintf... (cached) yes checking for sys/time.h... (cached) yes checking for limits.h... (cached) yes checking for sys/select.h... (cached) yes checking for arpa/inet.h... (cached) yes checking for libintl.h... yes checking for signal.h... (cached) yes checking for sys/socket.h... (cached) yes checking for netinet/in.h... (cached) yes checking for netinet/tcp.h... yes checking for netdb.h... (cached) yes checking for sys/poll.h... (cached) yes checking for sys/limits.h... yes checking for fcntl.h... (cached) yes checking for iconv.h... yes checking for timezone global... no configure: LFS support unnecessary, off_t is not 32-bit checking for strtoll... (cached) yes checking for strcasecmp... (cached) yes checking for signal... yes checking for setvbuf... (cached) yes checking for setsockopt... (cached) yes checking for stpcpy... (cached) yes checking for poll... (cached) yes checking for fcntl... (cached) yes checking for getsockopt... yes checking for explicit_bzero... yes checking for sendmsg... (cached) yes checking for gettimeofday... (cached) yes checking whether stpcpy is declared... (cached) yes checking for library containing socket... none needed checking wspiapi.h usability... no checking wspiapi.h presence... no checking for wspiapi.h... no checking for library containing getaddrinfo... none needed checking for wspiapi.h... (cached) no checking for gai_strerror... (cached) yes checking for getnameinfo... (cached) yes checking for inet_ntop... (cached) yes checking for inet_pton... yes configure: IPv6 support is enabled checking for working AI_ADDRCONFIG... yes checking for socklen_t... (cached) yes checking for struct tm.tm_gmtoff... yes checking for struct tm.__tm_gmtoff... no checking for zlib.h... (cached) yes checking for inflate in -lz... yes configure: zlib support enabled, using -lz checking whether to enable ACL support in neon... yes checking for pkg-config... /usr/local/bin/pkg-config checking for openssl pkg-config data... yes configure: using OpenSSL 3.0.12 library configuration from pkg-config checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking openssl/opensslv.h usability... yes checking openssl/opensslv.h presence... yes checking for openssl/opensslv.h... yes checking OpenSSL version is >= 0.9.7... yes checking OpenSSL version is >= 1.1.0... yes configure: SSL support enabled, using OpenSSL 3.0.12 configure: OpenSSL is natively thread-safe checking for pkg-config... (cached) /usr/local/bin/pkg-config checking for pakchois pkg-config data... no configure: pakchois library not found; no PKCS#11 support checking for pkg-config... (cached) /usr/local/bin/pkg-config checking for krb5-gssapi pkg-config data... no checking for krb5-config... none configure: error: could not enable GSSAPI support [20240205015410] ===> Script "configure" failed unexpectedly. Please report the problem to lev@FreeBSD.org [maintainer] and attach the "/usr/obj/usr/ports/www/neon/work/neon-0.32.5/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system (e.g. a /usr/local/sbin/pkg-static info -g -Ea). *** Error code 1
Stop. make[1]: stopped in /usr/ports/www/neon *** Error code 1
Stop. make: stopped in /usr/ports/sysutils/nut Creating repository in /usr/obj/usr/tools/config/23.7/amd64/.pkg-new/: 100% Packing files for repository: 100%
Removing packages set Creating package mirror set for 24.1-amd64... done -rw-r--r-- 1 root wheel 905M Feb 5 09:54 packages-24.1-amd64.tar WARNING: The build provided additional info. Rebuilt version 0.4.8.10 for security/tor (tor) ERROR: The build encountered fatal issues! Aborted version 2.8.1_2 for sysutils/nut (nut) *** Error code 1
Stop. make: stopped in /usr/tools
what should i do?
fichtner
commented
6 months ago It’s not compatible with OpenSSL 3 from ports. You could build with ssl=base but the tools are not meant for this to be a cherry pick option.
mimugmail
commented
6 months ago Just remove sslsplit from ports.conf like opnsense did so too :)
wjf1993
commented
6 months ago It’s not compatible with OpenSSL 3 from ports. You could build with ssl=base but the tools are not meant for this to be a cherry pick option.
@fichtner @mimugmail Thank you for your support.I have two questions that I would like to ask you. (1)If I use https://github.com/opnsense/tools/commit/9a435c2a4ee0828ec32fd1ea2a784c4ed2c01a67 patch to fix the sslsplit error that occurs during compilation, will it cause subsequent firewall exceptions? (2)I got error "could not enable GSSAPI support" in build neon but I found libgssapi in my system(path /usr/lib).Why does it still report an error?
fichtner
commented
6 months ago (1) make sure to use matching tags for tools.git and ports.git, e.g. 23.7.12.
(2) "it's complicated" is the simple answer from my community support time.
wjf1993
commented
6 months ago (1) make sure to use matching tags for tools.git and ports.git, e.g.
23.7.12. (2) "it's complicated" is the simple answer from my community support time.
So can I only modify the ports.conf file to avoid “could not enable GSSAPI support” errors?
Just like:
fichtner
commented
6 months ago GSSAPI should be off everywhere.. Are you using the tools properly and/or at least /etc/make.conf set up if you build manually?
wjf1993
commented
6 months ago GSSAPI should be off everywhere.. Are you using the tools properly and/or at least /etc/make.conf set up if you build manually?
I am compiling OPNsense for the first time, so I haven't made any changes to make.conf. I directly used 'make plugin' to compile the plugin. Could you please tell me how to disable GSSAPI?
The figure above shows all variables related to GSSAPI
fichtner
commented
6 months ago I'm a bit unsure what issues you are having. Like already mentioned make sure you build a consistently tagged release like 23.7.12, which is just:
# make update VERSION=23.7.12
# make <watever>A borked build state in ports can't really be recovered easily. Worst case discard the whole set and start from scratch:
# make clean-packagesCheers, Franco