Re: openssl 1.1.1 utils mkerr.pl

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Wed, 16 Jan 2019 10:24:33 -0800
On January 16, 2019 9:52:26 AM PST, Enji Cooper <yaneurabeya_at_gmail.com> wrote:
>
>> On Jan 15, 2019, at 5:55 PM, David Cornejo <dave_at_dogwood.com> wrote:
>> 
>> Hi,
>> 
>> I am working on some code that wants to use mkerr.pl from the openssl
>> distribution - but this appears to have been left out of the import
>to
>> base.
>> 
>> Is there an alternative method to create the include files produced
>> from this script in FreeBSD?
>
>
>Hi Dave,
>
>I would go a different route from what was mentioned by others — I
>would actually either grab mkerr.pl from upstream from the release
>package (upstream on GitHub is
>https://github.com/openssl/openssl/releases ) (sidenote: I don’t know
>why, but our vendor-crypto tree lacks this script as well; jkim_at_ CCed).
>Why go this route? You can easily grab the file using a tool like curl,
>fetch, or wget from GitHub, and you can be sure that the version you’re
>grabbing is the upstream release version. The only downside of this
>route is that you might have to apply local patches in order to fix
>bugs with the script itself (which the port would handle), and you’ll
>have to grab all dependencies (in this case/version: configdata.pm,
>which is generated from the release). Example:
>
>fetch -o mkerr.pl
>https://raw.githubusercontent.com/openssl/openssl/d1c28d791a7391a8dc101713cd8646df96491d03/util/mkerr.pl
>
>I think that these files should be committed in the vendor-crypto tree,
>along with crypto/openssl ; although FreeBSD as a project doesn’t have
>much value for these files, other repackagers do have value for these
>files (Isilon had to recompile openssl to deal with some modifications
>to the library for FIPS compliance).
>
>Why am I not recommending the port outright? Depending on which version
>of openssl you’re based on, you might need to maintain a
>Frankensteinian version of the port to deal with the current (or old)
>ports framework, which can be… noisome (speaking from experience having
>dealt with this at Isilon with a 3 year old port system in the past).
>Plus, some of the config might differ (—prefix, etc), causing the
>version you’re configuring to differ from the base system version.
>
>Alternatively, you could just bypass openssl in base and patch a copy
>from ports and be done with it.
>
>Cheers,
>-Enji

The file is likely used in the generation of an error table prior to the upstream packaging the tarball. We as consumers of the software don't need though.

Possible options might be that the OP maintain the file himself or develop a port which installs just this file. I don't recommend the second option.

Why this specific file? There are other apps that perform the same function, like compile_et that is distributed with MIT KRB5 and Heimdal, and installed.



-- 
Pardon the typos and autocorrect, small keyboard in use.
Cheers,
Cy Schubert <Cy.Schubert_at_cschubert.com>
FreeBSD UNIX: <cy_at_FreeBSD.org> Web: http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.
Received on Wed Jan 16 2019 - 17:25:08 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC