papertigers: I've imported the latest 4.18.x release TritonDataCenter/pkgsrc-extra d990392

I'll get that in the next build, it works fine in my testing

if you want it sooner 'pkg_add -U us-central.manta.mnx.io/pkgsrc/public/test-packages/samba-4.18.11.tgz', though you'll need to pkg_delete ldb first as it now conflicts

jperkin, The compilation of some packages produces errors such as 'is not a runtime dependency', for example, postfix.

on 2023Q4

yeh that's a side-effect of improved consistency checks I made, the problem is they don't yet account for the situation where a package is already installed, as that never happens for pristine builds

I need to add that case

jperkin: I do have one smartos zone with a pkgin ug issue. All other zones are fine, only this one fails to update.

The zone has the latest updates. But when I run pkgin up I get the following error:

processing remote summary (pkgsrc.qutic.com/packages/SmartOS/trunk/x86_64/All)...

01000000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:

01000000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:

01000000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:

pkgin: Could not fetch pkgsrc.qutic.com/packages/SmartOS/trunk/x86_64/All/pkg_summary.gz: Not owner

That is so strange. mozilla-rootcerts-1.0 is from 20240214. Any idea what can cause this cert validation issue?

newer pkgin has stricter certificate checks, is your cert correctly chained back to a root?

jperkin: the zone is an old one, always updated. on the nower zone I do not get this errors. The cert is validating elswere, has cert + intermediate.

s/nower/newer/

one thing to note with mozilla-rootcerts is that updating the package doesn't actually update the installed certs, which is why I recently switched to mozilla-rootcerts-openssl, so if the zone was originally installed a long time ago the installed certs might be outdated

jperkin: Ah, that could be the thing!

Any idea how I can update the certs in this zone? Or should I recreate it?

jperkin, same problem on some packages even if they are not installed

Some packages work perfectly on the 2022Q4, for example, Percona 5.7.44.49 / Percona 8.0.34, but are not stable on the 2023Q4. For instance, the MySQL client crashes when connecting to the server. MySQL 5.7.44 works as expected.

jfqd1: installing mozilla-rootcerts-openssl over the top should fix it, if you don't have any of your own certs installed then before the install you could rm /opt/local/etc/openssl/certs/* to ensure there are no leftovers first

xmerlin: there are still some packages that have legit dependency issues, if it's a package that builds fine for me then it'd be interesting to see what's happening

xmerlin: and please raise issues for any crashes so we can look

jperkin: yes, that did it! Thx a lot!

jperkin, ok