# -Rrf security question



## max21 (Oct 14, 2015)

I used this to upgrade OpenSSL and everything went well up until it the build was near finish.



```
WITH_OPENSSL_PORT=yes  # this single line in make file is a must.

portsnap fetch update

portupgrade port-mgmt/pkg  # upgrade pkg first.

portupgrade -N security/openssl  # install /usr/ports/security/openssl or use portupgrade

portupgrade -Rrf security/openssl  # recompile other packages using the latest version OpenSSL
```




> ** Fix the problem and try again.



I tried to fix it but I cannot figure it out what to do and why.  Could someone show me what part I should be fixing?


```
install  -m 0644 /usr/ports/lang/perl5.16/work/perl-man.conf /usr/ports/lang/perl5.16/work/stage/usr/local/etc/man.d/perl5.16.conf


====> Compressing man pages (compress-man)


===>  Installing for perl5-5.16.3_24


===>  Checking if perl5 already installed


===>  Registering installation for perl5-5.16.3_24 as automatic


Installing perl5-5.16.3_24...


pkg-static: perl5-5.16.3_24 conflicts with perl5.16-5.16.3_24 (installs files into the same place).  Problematic file: /usr/local/share/licenses/perl5-5.16.3_24/catalog.mk


*** Error code 70




Stop.


make[3]: stopped in /usr/ports/lang/perl5.16


*** Error code 1




Stop.


make[2]: stopped in /usr/ports/lang/perl5.16


*** Error code 1




Stop.


make[1]: stopped in /usr/ports/security/openssl


*** Error code 1




Stop.


make: stopped in /usr/ports/security/openssl


** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20151014-29333-hl0o9y env UPGRADE_TOOL=portupgrade UPGRADE_PORT=openssl-1.0.2_4 UPGRADE_PORT_VER=1.0.2_4 make


** Fix the problem and try again.


** Listing the failed packages (-:ignored / *:skipped / !:failed)


  ! security/openssl (openssl-1.0.2_4)  (unknown build error)
```


----------



## SirDice (Oct 14, 2015)

What version of FreeBSD is this? Perl 5.16 has been deprecated a long time ago. Current default version of Perl is 5.20.


----------



## max21 (Oct 14, 2015)

SirDice said:


> What version of FreeBSD is this? Perl 5.16 has been deprecated a long time ago. Current default version of Perl is 5.20.



I went back to FreeBSD 10.1 because I cannot live with 10.2 GNOME3.  I tried to install mate 3 or 4 times but the ports don't work for me.  I did not update 10.1 but I did update the ports.  Also from past experence, Perl 5.20 broke GNOME2 or would not install.


----------



## SirDice (Oct 14, 2015)

max21 said:


> I went back to FreeBSD 10.1 because I cannot live with 10.2 GNOME3.


Ports don't really have anything to do with the FreeBSD version. All versions use the same ports tree. Ergo, FreeBSD 10.1 and 10.2 have the same Gnome 3.

Regarding this issue I would recommend updating all ports, but make sure you've read /usr/ports/UPDATING, especially regarding the Perl update.


----------



## max21 (Oct 14, 2015)

SirDice said:


> Ports don't really have anything to do with the FreeBSD version. All versions use the same ports tree. Ergo, FreeBSD 10.1 and 10.2 have the same Gnome 3. ...



I should explain why I deal with the stone-age of FreeBSD ...  come to think of it, I brought over my destfiles and/or more (lost in mix) from 9.0 - 10.0, but it has never worked beyond 10.1p4.  After all of this time I always thought ports were for difference versions of FreeBSD.  .  Now my mind is blown sky-high and I can’t wait to play some more. Problem is, Perl5-16 is locked in forever and will not come out (I have not wasted a single minute not trying all that make since.).  I give up ... What I need to do for now is to bypass Perl when trying to recompile other packages to use the latest version of OpenSSL.  I just learn, this is where security starts.  Is there a switch that I can use to make this happen?  This command works well but Perl is in the way.  If not, I’ll move on the next problem, because I’m just getting into some serious FreeBSD security…  I’m renting two dedicated servers (to force myself to pay attention) and they are where FreeBSD 10.2 + will live, but I plan first to secure the GNOME Team greatest tradition desktop ever.  It now runs faster than XP, or equal with no animation.   Anyway you did it for me again SirDice!   Thanks a trillion.


```
portupgrade -Rrf security/openssl
```


----------



## wblock@ (Oct 14, 2015)

Step 1: switch to ports-mgmt/portmaster instead of portupgrade.
Step 2: do not use options that "force" things.
Step 3: always, yes always, read the new entries in /usr/ports/UPDATING before updating or installing ports.  See Upgrading FreeBSD Ports.


----------



## max21 (Oct 15, 2015)

wblock@ said:


> Step
> Step 3: always, yes always, read the new entries in /usr/ports/UPDATING before updating or installing ports.  See Upgrading FreeBSD Ports.



I will for now on end.

wblock@, I tried ports-mgmt/portmaster before and this time if froze during check time (I let it sit for an hour, and tried again).  I like portmaster(8) for most things but for this kind of problem portupgrade with the help of the UPDATING file seem to have done the job perfectly.


```
WITH_OPENSSL_PORT=yes  # this single line in make file is a must.

portsnap fetch
portsnap extract
portupgrade port-mgmt/pkg  # upgrade pkg first.
portupgrade -N security/openssl  # install /usr/ports/security/openssl or use portupgrade
```


```
pkgdb -Ff    # UPDATING - -F flag don't work yet

portupgrade -o lang/perl5.22 -f lang/perl5.1216  # UPDATING - step 1: -Reinstall new Perl (5.22):
portupgrade -fr lang/perl5.22    # UPDATING - step 2: Reinstall everything that depends on Perl:
DEFAULT_VERSION+-=perl5=5.22    #  put in make.conf just about now!
portupgrade -N lang/ perl5.22    # UPDATING - step 3: Replace old version
```


```
portupgrade -Rrf security/openssl  # now do the -Rrf  thing ...
```
RESULT:

```
#~portupgrade -Rrf /security/openssl
[Reading data from pkg(8) … 779 packages found – done]
[Exclude up-to-date packages  done]
```
… and to think I never had a clue since FreeBSD 8.2 of what the port system IS capable of.


----------



## max21 (Oct 15, 2015)

wblock@ said:


> Step 1: switch to ports-mgmt/portmaster instead of portupgrade.
> Step 2: do not use options that "force" things.


I see what you mean wblock@, especially since my machine done turn into a mutt. With Portupgrade things get deceptive.  The good news is I got it working but from this point I can only install new ports that are not related to the old ones, and I have no time to do anything else by hand. As for an already loaded traditional desktop, it doesn’t need much of anything else anyway. No way would I ever deal with GNOME3 and Windows 8, hogging of the desktop.  I don't use tablets.  I’ll just wait until they fix the ports for MATE to install without a hacking it.  Anyway, you guys replies made a better user out of me.


----------

