openssl in base should install c

Post by Ulrich SpÃ¶rlein
Hey,
c_rehash has somehow disappeared from the base system. We still install the
manpage it seems, but the tool itself is missing. Can we have that back?
...
/usr/share/openssl/man/man1/c_rehash.1.gz
/usr/src/crypto/openssl/doc/apps/c_rehash.pod
/usr/src/secure/usr.bin/openssl/man/c_rehash.1
/usr/ports/security/openssl/pkg-plist:bin/c_rehash
/usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm reading the
history with git pickaxe right).

The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Jung-uk Kim

2018-02-08 20:00:10 UTC

The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct. I just removed the manual page to not confuse users.

https://svnweb.freebsd.org/changeset/base/329024

Thanks for letting me know!

Jung-uk Kim

Ulrich Spörlein

2018-02-08 20:15:16 UTC

The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct. I just removed the manual page to not confuse users.
https://svnweb.freebsd.org/changeset/base/329024
Thanks for letting me know!
Jung-uk Kim

I would rather that c_rehash is brought back. I can install perl just fine
(or have it anyway installed), that's not the case with openssl from ports,
as that will mess up many things.

Guess I'll download my own version ... :(

Uli

Justin Hibbits

2018-02-08 20:21:38 UTC

The LibreSSL port lacks a c_rehash script as well. Putting
c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct. I just removed the manual page to not confuse users.
https://svnweb.freebsd.org/changeset/base/329024
Thanks for letting me know!
Jung-uk Kim

Would this be something useful to add to src/tools? Or create an
explicit port for it? Or just keep it handy yourself?

- Justin

Ian Lepore

2018-02-08 20:25:13 UTC

The LibreSSL port lacks a c_rehash script as well. Putting
c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct. I just removed the manual page to not confuse users.
https://svnweb.freebsd.org/changeset/base/329024
Thanks for letting me know!
Jung-uk Kim

Maybe we should just replace ours in base with a non-perl version,
something like this one?

https://opensource.apple.com/source/OpenSSL/OpenSSL-5/openssl/tools/c_rehash.in.auto.html

-- Ian

Jung-uk Kim

2018-02-08 20:37:46 UTC

The LibreSSL port lacks a c_rehash script as well. Putting c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct.Â I just removed the manual page to not confuse users.
https://svnweb.freebsd.org/changeset/base/329024
<https://svnweb.freebsd.org/changeset/base/329024>
Thanks for letting me know!
Jung-uk Kim
I would rather that c_rehash is brought back. I can install perl just
fine (or have it anyway installed), that's not the case with openssl
from ports, as that will mess up many things.

Although c_rehash was available from src/crypto/openssl/tools, we have
never installed it in the base, AFAIK. Actually, it does not use proper
perl binary (i.e., /usr/bin/perl vs. /usr/local/bin/perl) and certs
directory (i.e., /usr/local/ssl/certs vs. /etc/ssl/certs).

https://svnweb.freebsd.org/base/vendor-crypto/openssl/dist-0.9.8/tools/c_rehash?revision=247942&view=co

Jung-uk Kim

Guess I'll download my own version ... :(

Chris H

2018-02-08 22:31:15 UTC

Post by Ian Lepore

Post by Ulrich SpÃ¶rlein
Hey,
c_rehash has somehow disappeared from the base system. We still
install the
manpage it seems, but the tool itself is missing. Can we have
that back?
...
/usr/share/openssl/man/man1/c_rehash.1.gz
/usr/src/crypto/openssl/doc/apps/c_rehash.pod
/usr/src/secure/usr.bin/openssl/man/c_rehash.1
/usr/ports/security/openssl/pkg-plist:bin/c_rehash
/usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz
It looks like the merge of OpenSSL 1.0.1c got rid of it (if I'm
reading the
history with git pickaxe right).

The LibreSSL port lacks a c_rehash script as well. Putting
c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct. I just removed the manual page to not confuse users.
https://svnweb.freebsd.org/changeset/base/329024
Thanks for letting me know!
Jung-uk Kim

I would rather that c_rehash is brought back. I can install perl just
fine
(or have it anyway installed), that's not the case with openssl from
ports,
as that will mess up many things.
Guess I'll download my own version ... :(
Uli

Maybe we should just replace ours in base with a non-perl version,
something like this one?
https://opensource.apple.com/source/OpenSSL/OpenSSL-5/openssl/tools/c_rehash.in.auto.html
-- Ian

Excellent link, Ian. Thanks!
Couldn't this be in $base? I'd like to vote yes. :-)

--Chris

Post by Ian Lepore
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-current

Jung-uk Kim

2018-02-08 22:47:32 UTC

Post by Chris H

Post by Ulrich SpÃ¶rlein
Hey,
c_rehash has somehow disappeared from the base system.

We still

Post by Ulrich SpÃ¶rlein
install the
manpage it seems, but the tool itself is missing. Can we have
that back?
...
/usr/share/openssl/man/man1/c_rehash.1.gz
/usr/src/crypto/openssl/doc/apps/c_rehash.pod
/usr/src/secure/usr.bin/openssl/man/c_rehash.1
/usr/ports/security/openssl/pkg-plist:bin/c_rehash
/usr/ports/security/openssl/pkg-plist:man/man1/c_rehash.1.gz

Post by Ulrich SpÃ¶rlein
It looks like the merge of OpenSSL 1.0.1c got rid of

it (if I'm

Post by Ulrich SpÃ¶rlein
reading the
history with git pickaxe right).

The LibreSSL port lacks a c_rehash script as well. Putting
c_rehash back
into base wouldn't solve the problem because it requires Perl 5.

Correct.Â Â I just removed the manual page to not confuse users.

Post by Ulrich SpÃ¶rlein
https://svnweb.freebsd.org/changeset/base/329024
Thanks for letting me know!
Jung-uk Kim

Post by Ulrich SpÃ¶rlein
I would rather that c_rehash is brought back. I can install

perl just

Post by Ulrich SpÃ¶rlein
fine
(or have it anyway installed), that's not the case with openssl from
ports,
as that will mess up many things.

Guess I'll download my own version ... :(
Uli

Maybe we should just replace ours in base with a non-perl version,
something like this one?
https://opensource.apple.com/source/OpenSSL/OpenSSL-5/openssl/tools/c_rehash.in.auto.html
-- Ian

Excellent link, Ian. Thanks!
Couldn't this be in $base? I'd like to vote yes. :-)

From OpenSSL 1.1.0, openssl(1) added "rehash" command.

https://www.openssl.org/docs/man1.1.0/apps/rehash.html

I don't think we need yet another implementation in the base.

Jung-uk Kim

Ian Lepore

2018-02-08 23:51:27 UTC

Post by Chris H
[...]
Couldn't this be in $base? I'd like to vote yes. :-)

From OpenSSL 1.1.0, openssl(1) added "rehash" command.
https://www.openssl.org/docs/man1.1.0/apps/rehash.html
I don't think we need yet another implementation in the base.
Jung-uk Kim

But on a machine I just set up last weekend using -current I get:

***@th > openssl rehash
openssl:Error: 'rehash' is an invalid command.
***@th > openssl version
OpenSSL 1.0.2n-freebsd 7 Dec 2017

Are we going to update to 1.1.0 soon? If not, how does it help that a
version we don't use has rehash built in?

-- Ian

Jung-uk Kim

2018-02-09 00:35:55 UTC

Post by Ian Lepore

Post by Chris H
[...]
Couldn't this be in $base? I'd like to vote yes. :-)

From OpenSSL 1.1.0, openssl(1) added "rehash" command.
https://www.openssl.org/docs/man1.1.0/apps/rehash.html
I don't think we need yet another implementation in the base.

openssl:Error: 'rehash' is an invalid command.
OpenSSL 1.0.2n-freebsdÂ Â 7 Dec 2017
Are we going to update to 1.1.0 soon?

When I find some free time. I don't know how "soon", however.

Post by Ian Lepore
If not, how does it help that a version we don't use has rehash
built in?

We will have the feature when we import OpenSSL 1.1.0. Knowing that it
is obsoleted by the upstream, I don't want to add an equivalent script
in the base.

If it is really necessary, you can always install the c_rehash script
(security/openssl), openssl with rehash command
(security/openssl-devel), openssl with certhash command
(security/libressl), etc. from the ports tree.

BTW, we never had it in the base and it was removed from head src tree
more than 5 years ago. Why is it so important now? :-(

Jung-uk Kim

Ian Lepore

2018-02-09 00:43:30 UTC

Post by Chris H
[...]
Couldn't this be in $base? I'd like to vote yes. :-)

From OpenSSL 1.1.0, openssl(1) added "rehash" command.
https://www.openssl.org/docs/man1.1.0/apps/rehash.html
I don't think we need yet another implementation in the base.

openssl:Error: 'rehash' is an invalid command.
OpenSSL 1.0.2n-freebsd 7 Dec 2017
Are we going to update to 1.1.0 soon?

When I find some free time. I don't know how "soon", however.

If not, how does it help that a version we don't use has rehash
built in?

We will have the feature when we import OpenSSL 1.1.0. Knowing that it
is obsoleted by the upstream, I don't want to add an equivalent script
in the base.
If it is really necessary, you can always install the c_rehash script
(security/openssl), openssl with rehash command
(security/openssl-devel), openssl with certhash command
(security/libressl), etc. from the ports tree.
BTW, we never had it in the base and it was removed from head src tree
more than 5 years ago. Why is it so important now? :-(

When looking for info (because of this thread) I noticed that lots of
how-to writeups on the web tell you to use the c_rehash command, so if
we don't supply one that's bad (or if we supply an alternate-named
thing we should document that somehow).

If we're just a bit behind but we're going to catch up eventually, then
that's good enough I think.

It's not clear if openssl 1.1.0 installs a link or wrapper for c_rehash
or not. That manpage seems to imply that "openssl rehash" and
"c_rehash" are equivelent.

-- Ian

Jung-uk Kim

2018-02-09 01:01:56 UTC