Do You Trust opencsw.org Packages?

[tdine...@gmail.com]

Gentle People:

Do you trust opencsw.org binary packages?

Dose anyone know these people in terms of security?

The want to install some of their software on the target system as a
prerequisite to installing the needed package.

Dose anyone know what this software dose? Dose it create some kind
of security hole?

Thomas Dineen
tdi...@ix.netcom.com

[YTC#1]

On 28/06/2018 17:01, tdine...@gmail.com wrote:
> Gentle People:
>
> Do you trust opencsw.org binary packages?

Yes. They have been around for years.

But not used them much since S11 started having all the correct goodies
installed.

>
> Dose anyone know these people in terms of security?
>
> The want to install some of their software on the target system as a
> prerequisite to installing the needed package.

CSW likes to have its own libs, and an install program (pkgget ??)

>
> Dose anyone know what this software dose? Dose it create some kind
> of security hole?

I am guessing it is the pkgget package.



--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/

[Gary R. Schmidt]

On 29/06/2018 02:01, tdine...@gmail.com wrote:
> Gentle People:
>
> Do you trust opencsw.org binary packages?
>
> Dose anyone know these people in terms of security?
>
> The want to install some of their software on the target system as a
> prerequisite to installing the needed package.
>
> Dose anyone know what this software dose? Dose it create some kind
> of security hole?
>

It's a package installation system, using a perl script "pkgutil" to
manage things.

I've been using it, and its predecessors, since it was created, with no
problems, on various Solaris systems.

It's no more or less a risk than any other software you may install,
whether it comes from Oracle, or IBM, or Hackers'r'us, if you are
worried, use a sand-boxed system to evaluate it.

Cheers,
Gary B-)

--
When men talk to their friends, they insult each other.
They don't really mean it.
When women talk to their friends, they compliment each other.
They don't mean it either.

[John D Groenveld]

In article <o80h0f-...@paranoia.mcleod-schmidt.id.au>,

Gary R. Schmidt <grsc...@acm.org> wrote:
>It's no more or less a risk than any other software you may install,
>whether it comes from Oracle, or IBM, or Hackers'r'us, if you are
>worried, use a sand-boxed system to evaluate it.

Given that Oracle EOLd S10 in January, sand-boxing, with high walls,
is required regardless.

I'm mildly curious what the OP's use-case is for S10.

John
groe...@acm.org

[invalid]

On 2018-06-28, YTC#1 <b...@ytc1-spambin.co.uk> wrote:
> On 28/06/2018 17:01, tdine...@gmail.com wrote:
>> Gentle People:
>>
>> Do you trust opencsw.org binary packages?
>
> Yes. They have been around for years.
>
> But not used them much since S11 started having all the correct goodies
> installed.
>>
>> Dose anyone know these people in terms of security?
>>
>> The want to install some of their software on the target system as a
>> prerequisite to installing the needed package.

This is so lame, so lame. So much work done in such an annoying way...

> CSW likes to have its own libs, and an install program (pkgget ??)

As if Solaris PATH hell wasn't bad enough, CSW comes along and bashes things
beyond recognition...

[YTC#1]

You don't like it, you don't use it.

You want the piece of software they have produced ......

[Richard L. Hamilton]

In article <ph61n8$9qn$1...@dont-email.me>,

YTC#1 <b...@ytc1-spambin.co.uk> writes:
> On 29/06/2018 19:39, invalid wrote:
>> On 2018-06-28, YTC#1 <b...@ytc1-spambin.co.uk> wrote:
>>> On 28/06/2018 17:01, tdine...@gmail.com wrote:
>>>> Gentle People:
>>>>
>>>> Do you trust opencsw.org binary packages?
>>>
>>> Yes. They have been around for years.
>>>
>>> But not used them much since S11 started having all the correct goodies
>>> installed.
>>>>
>>>> Dose anyone know these people in terms of security?
>>>>
>>>> The want to install some of their software on the target system as a
>>>> prerequisite to installing the needed package.
>>
>> This is so lame, so lame. So much work done in such an annoying way...
>>
>>> CSW likes to have its own libs, and an install program (pkgget ??)
>>
>> As if Solaris PATH hell wasn't bad enough, CSW comes along and bashes things
>> beyond recognition...
>>
>
> You don't like it, you don't use it.
>
> You want the piece of software they have produced ......

If they want to update an open source package that depends on other updated
open source packages, they have to supply both, so they're not tied to
the version that comes with the OS.

Mostly seems to work ok (some of the netatalk stuff for doing AFP
(Apple) file sharing never really worked for me). The opencsw stuff
runs on Solaris 11 too, although it still uses the older SVR4 style
packages (for which the basic tools still exist on Solaris 11).

If your situation is such that you need to know who did the work, who is
accountable, what their citizenship is, etc, you may need to think twice;
and it looks to me like whether update frequency keeps up will depend on
the individual package - it's not consistent; so there's no particular
assurance all CVEs with fixes will have updated packages. Likely they're
short on volunteer package maintainers.

[invalid]

On 2018-06-29, YTC#1 <b...@ytc1-spambin.co.uk> wrote:
> On 29/06/2018 19:39, invalid wrote:
>> On 2018-06-28, YTC#1 <b...@ytc1-spambin.co.uk> wrote:
>>> On 28/06/2018 17:01, tdine...@gmail.com wrote:
>>>> Gentle People:
>>>>
>>>> Do you trust opencsw.org binary packages?
>>>
>>> Yes. They have been around for years.
>>>
>>> But not used them much since S11 started having all the correct goodies
>>> installed.
>>>>
>>>> Dose anyone know these people in terms of security?
>>>>
>>>> The want to install some of their software on the target system as a
>>>> prerequisite to installing the needed package.
>>
>> This is so lame, so lame. So much work done in such an annoying way...
>>
>>> CSW likes to have its own libs, and an install program (pkgget ??)
>>
>> As if Solaris PATH hell wasn't bad enough, CSW comes along and bashes things
>> beyond recognition...
>>
>
> You don't like it, you don't use it.

Correct, I don't use it.

>
> You want the piece of software they have produced ......

No, I don't.

[Lucifer]

I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
update it. What is the process?

[Gary R. Schmidt]

On 19/01/2019 12:37, Lucifer wrote:
[SNIP]

>
> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
> update it. What is the process?
>

Update from OpenCSW, or update what's on OpenCSW?

The first is just "sudo /opt/csw/bin/pkgutil -U -u".

The second, look at the website for information on how to become a
maintainer.

[Lucifer]

On Sat, 19 Jan 2019 14:39:06 +1100, "Gary R. Schmidt"
<grsc...@acm.org> wrote:

>On 19/01/2019 12:37, Lucifer wrote:
>[SNIP]
>>
>> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
>> update it. What is the process?
>>
>Update from OpenCSW, or update what's on OpenCSW?
>
>The first is just "sudo /opt/csw/bin/pkgutil -U -u".

I tried that. It says nothing to do.

When try to download "Neighbours" from catchup TV I get;

https protocol not found, recompile FFmpeg with openssl,
gnutls, or securetransport enabled.


ERROR: ffmpeg exited with code 1

The download works under Windows.

>The second, look at the website for information on how to become a
>maintainer.

Thanks

> Cheers,
> Gary B-)

[Chris Elvidge]

On 19/01/2019 10:05, Lucifer wrote:
> On Sat, 19 Jan 2019 14:39:06 +1100, "Gary R. Schmidt"
> <grsc...@acm.org> wrote:
>
>> On 19/01/2019 12:37, Lucifer wrote:
>> [SNIP]
>>>
>>> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
>>> update it. What is the process?
>>>
>> Update from OpenCSW, or update what's on OpenCSW?
>>
>> The first is just "sudo /opt/csw/bin/pkgutil -U -u".
>
> I tried that. It says nothing to do.
>
> When try to download "Neighbours" from catchup TV I get;
>
> https protocol not found, recompile FFmpeg with openssl,
> gnutls, or securetransport enabled.
>

When this happened to me (not Neighbours, I hasten to add, on Linux
though) I downloaded the source (git clone
https://git.ffmpeg.org/ffmpeg.git ffmpeg) and running ./configure told
me what other libraries were needed (openssl-dev, as I remember, for
this case). Then make and make-install, installed to /usr/local/bin.

ffmpeg (with no parameters) should show you what configuration was used
to compile the version you have. (--enable-libssh needed perhaps).

>
> ERROR: ffmpeg exited with code 1
>
> The download works under Windows.
>
>
>> The second, look at the website for information on how to become a
>> maintainer.
>
> Thanks
>
>> Cheers,
>> Gary B-)

--

Chris Elvidge, England

[Gary R. Schmidt]

On 19/01/2019 21:05, Lucifer wrote:
> On Sat, 19 Jan 2019 14:39:06 +1100, "Gary R. Schmidt"
> <grsc...@acm.org> wrote:
>
>> On 19/01/2019 12:37, Lucifer wrote:
>> [SNIP]
>>>
>>> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
>>> update it. What is the process?
>>>
>> Update from OpenCSW, or update what's on OpenCSW?
>>
>> The first is just "sudo /opt/csw/bin/pkgutil -U -u".
>
> I tried that. It says nothing to do.
>
> When try to download "Neighbours" from catchup TV I get;
>
> https protocol not found, recompile FFmpeg with openssl,
> gnutls, or securetransport enabled.
>
>
> ERROR: ffmpeg exited with code 1
>

That means that the ffmpeg on OpenCSW hasn't been built with SSL support.

You can either pull down the disgustingly horrid program you choose to
pollute your mind with[1] using another mechanism, or build ffmpeg from
scratch as another poster has suggested.

Cheers,
Gary B-)

1 - Every time I drive up Princess Street and see the Pommy backpackers
lining up to get on the Ramsay Street tour bus I die a little, and
remember how close I came to buying a house near Pin Oak Court back in
the late 1980's, until we realised what was around the corner...

[Chris Ridd]

On 19/01/2019 11:08, Chris Elvidge wrote:
> On 19/01/2019 10:05, Lucifer wrote:
>> On Sat, 19 Jan 2019 14:39:06 +1100, "Gary R. Schmidt"
>> <grsc...@acm.org> wrote:
>>
>>> On 19/01/2019 12:37, Lucifer wrote:
>>> [SNIP]
>>>>
>>>> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
>>>> update it. What is the process?
>>>>
>>> Update from OpenCSW, or update what's on OpenCSW?
>>>
>>> The first is just "sudo /opt/csw/bin/pkgutil -U -u".
>>
>> I tried that. It says nothing to do.
>>
>> When try to download "Neighbours" from catchup TV I get;
>>
>> https protocol not found, recompile FFmpeg with openssl,
>> gnutls, or securetransport enabled.
>>
>
> When this happened to me (not Neighbours, I hasten to add, on Linux
> though) I downloaded the source (git clone
> https://git.ffmpeg.org/ffmpeg.git ffmpeg) and running ./configure told
> me what other libraries were needed (openssl-dev, as I remember, for
> this case). Then make and make-install, installed to /usr/local/bin.
>
> ffmpeg (with no parameters) should show you what configuration was used
> to compile the version you have. (--enable-libssh needed perhaps).

ffmpeg (and similar video tools) are often very difficult to compile on
anything that isn't exactly the same flavour of Linux with exactly the
same patched compiler that the authors used. IME anyway.

Using a packaging project like OpenCSW is a good idea. Another active
project is pkgsrc, so that might be worth a look; it can coexist with
OpenCSW.

--
Chris

[Chris Ridd]

On 19/01/2019 14:02, Gary R. Schmidt wrote:
> 1 - Every time I drive up Princess Street and see the Pommy backpackers
> lining up to get on the Ramsay Street tour bus I die a little, and
> remember how close I came to buying a house near Pin Oak Court back in
> the late 1980's, until we realised what was around the corner...

I remember a very early (Kylie & Jason era?) TV review noting that the
opening titles started with a shot of a dog's arse, and that it all went
downhill from there ;-)

--
Chris

[danix]

Em 01/19/19 01:37 AM, Lucifer escreveu:

Well https://github.com/FFmpeg/FFmpeg

on command line use:

git clone https://github.com/FFmpeg/FFmpeg

the change dir to FFmpeg and build it :P:D

I trust opensource, cause i can see the code, i dont trust private
source like microsoft apple or samsung, cause they migth hide stuff you
dont wanna know :P:D




--
*da...@post.com 2k19 *

[Lucifer]

On Sat, 19 Jan 2019 11:08:28 +0000, Chris Elvidge <ch...@mshome.net>
wrote:

>On 19/01/2019 10:05, Lucifer wrote:
>> On Sat, 19 Jan 2019 14:39:06 +1100, "Gary R. Schmidt"
>> <grsc...@acm.org> wrote:
>>
>>> On 19/01/2019 12:37, Lucifer wrote:
>>> [SNIP]
>>>>
>>>> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
>>>> update it. What is the process?
>>>>
>>> Update from OpenCSW, or update what's on OpenCSW?
>>>
>>> The first is just "sudo /opt/csw/bin/pkgutil -U -u".
>>
>> I tried that. It says nothing to do.
>>
>> When try to download "Neighbours" from catchup TV I get;
>>
>> https protocol not found, recompile FFmpeg with openssl,
>> gnutls, or securetransport enabled.
>>
>
>When this happened to me (not Neighbours, I hasten to add, on Linux
>though) I downloaded the source (git clone
>https://git.ffmpeg.org/ffmpeg.git ffmpeg) and running ./configure told
>me what other libraries were needed (openssl-dev, as I remember, for
>this case). Then make and make-install, installed to /usr/local/bin.
>
>ffmpeg (with no parameters) should show you what configuration was used
>to compile the version you have. (--enable-libssh needed perhaps).

# ffmpeg
ffmpeg version 3.0.1 Copyright (c) 2000-2016 the FFmpeg developers
built with gcc 5.2.0 (GCC)
configuration: --prefix=/opt/csw --bindir=/opt/csw/bin
--datadir=/opt/csw/share --libdir=/opt/csw/lib --shlibdir=/opt/
csw/lib --incdir=/opt/csw/include --mandir=/opt/csw/share/man
--disable-debug --enable-gpl --enable-version3 --enable-ru
ntime-cpudetect --disable-vdpau --extra-cflags='-mfpmath=sse -msse'
--extra-cxxflags='-mfpmath=sse -msse' --enable-share
d --enable-libfreetype --enable-libmp3lame --enable-libspeex
--enable-libtheora --enable-libvorbis --enable-libx264 --en
able-libx265 --strip=/usr/ccs/bin/strip
libavutil 55. 17.103 / 55. 17.103
libavcodec 57. 24.102 / 57. 24.102
libavformat 57. 25.100 / 57. 25.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 31.100 / 6. 31.100
libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile
options] outfile}...

Use -h to get full help or, even better, run 'man ffmpeg'
#

Thanks

[Lucifer]

On Sun, 20 Jan 2019 01:02:12 +1100, "Gary R. Schmidt"

<grsc...@acm.org> wrote:

>On 19/01/2019 21:05, Lucifer wrote:
>> On Sat, 19 Jan 2019 14:39:06 +1100, "Gary R. Schmidt"
>> <grsc...@acm.org> wrote:
>>
>>> On 19/01/2019 12:37, Lucifer wrote:
>>> [SNIP]
>>>>
>>>> I got ffmpeg for Solaris 11.4 from opencsw.org and now want to
>>>> update it. What is the process?
>>>>
>>> Update from OpenCSW, or update what's on OpenCSW?
>>>
>>> The first is just "sudo /opt/csw/bin/pkgutil -U -u".
>>
>> I tried that. It says nothing to do.
>>
>> When try to download "Neighbours" from catchup TV I get;
>>
>> https protocol not found, recompile FFmpeg with openssl,
>> gnutls, or securetransport enabled.
>>
>>
>> ERROR: ffmpeg exited with code 1
>>
>That means that the ffmpeg on OpenCSW hasn't been built with SSL support.
>
>You can either pull down the disgustingly horrid program you choose to
>pollute your mind with[1] using another mechanism,

I can use Windows.

>or build ffmpeg from
>scratch as another poster has suggested.
>
> Cheers,
> Gary B-)
>
>1 - Every time I drive up Princess Street and see the Pommy backpackers
>lining up to get on the Ramsay Street tour bus I die a little, and
>remember how close I came to buying a house near Pin Oak Court back in
>the late 1980's, until we realised what was around the corner...

I thought Neighbours was reality TV.

[Lucifer]

The windows version of ffmpeg shows;

C:\Downloads\youtube-dl>ffmpeg.exe
ffmpeg version N-77008-g085ab74 Copyright (c) 2000-2015 the FFmpeg

developers
built with gcc 5.2.0 (GCC)

configuration: --enable-gpl --enable-version3 --disable-w32threads
--enable-avisynth --enable-bzlib --enable-fontconfig --enable-frei0r
--enable-gnutls --enable-iconv --enable-libass --enable-libbluray
--enable-libbs2b --enable-libcaca --enable-libdcadec
--enable-libfreetype --enable-libgme --enable-libgsm --enable-libilbc
--enable-libmodplug --enable-libmp3lame --enable-libopencore-amrnb
--enable-libopencore-amrwb --enable-libopenjpeg --enable-libopus
--enable-librtmp --enable-libschroedinger --enable-libsoxr
--enable-libspeex --enable-libtheora --enable-libtwolame
--enable-libvidstab --enable-libvo-aacenc --enable-libvo-amrwbenc
--enable-libvorbis --enable-libvpx --enable-libwavpack
--enable-libwebp --enable-libx264 --enable-libx265 --enable-libxavs
--enable-libxvid --enable-libzimg --enable-lzma --enable-decklink
--enable-zlib
libavutil 55. 9.100 / 55. 9.100
libavcodec 57. 16.101 / 57. 16.101
libavformat 57. 19.100 / 57. 19.100
libavdevice 57. 0.100 / 57. 0.100
libavfilter 6. 19.100 / 6. 19.100

libswscale 4. 0.100 / 4. 0.100
libswresample 2. 0.101 / 2. 0.101
libpostproc 54. 0.100 / 54. 0.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile
options] outfile}...

Use -h to get full help or, even better, run 'man ffmpeg'

C:\Downloads\youtube-dl>



>>>> Cheers,
>>>> Gary B-)

[Chris Elvidge]

If you do:
CONFIG=$(ffmpeg 2>&1 | grep configuration | cut -d' ' -f4-)
you should get _just_ the configuration line in variable CONFIG
Then you can run ./configure $CONFIG
It will tell you which libraries you need to install
OR you can cut some of the --enable-XXX flags if you don't need them or
add others.

Just realised this doesn't work in windows! Try:
ffmpeg > ffmpeg_config 2>&1
and then edit out the lines/fields you don't need. Make sure your flags
are all in one line, then run
set /p CONFIG=<ffmpeg_config
You can use %CONFIG% as usual in Windows

Or try these flags

--enable-gpl --enable-version3 --disable-w32threads --enable-avisynth
--enable-bzlib --enable-fontconfig --enable-frei0r --enable-gnutls
--enable-iconv --enable-libass --enable-libbluray --enable-libbs2b
--enable-libcaca --enable-libdcadec --enable-libfreetype --enable-libgme
--enable-libgsm --enable-libilbc --enable-libmodplug --enable-libmp3lame
--enable-libopencore-amrnb --enable-libopencore-amrwb
--enable-libopenjpeg --enable-libopus --enable-librtmp
--enable-libschroedinger --enable-libsoxr --enable-libspeex
--enable-libtheora --enable-libtwolame --enable-libvidstab
--enable-libvo-aacenc --enable-libvo-amrwbenc --enable-libvorbis
--enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx264

--enable-libx265 --enable-libxavs --enable-libxvid --enable-lzma
--enable-decklink --enable-zlib

Note: this is taken from a cygwin install!


--

Chris Elvidge, England

[Chris Elvidge]

On 20/01/2019 03:34, Lucifer wrote:

From my openindiana installation:

--prefix=/usr --bindir=/usr/bin/pentium_pro+mmx
--libdir=/usr/lib/pentium_pro+mmx --shlibdir=/usr/lib/pentium_pro+mmx
--mandir=/usr/share/man --cc=gcc --cpu=prescott --enable-mmx
--enable-sse --enable-ssse3 --disable-debug --enable-nonfree
--enable-gpl --enable-postproc --enable-avfilter --enable-swscale
--enable-libgsm --enable-libxvid --enable-libx264 --enable-libfaac
--enable-libtheora --enable-libmp3lame --enable-libvorbis
--enable-libvpx --enable-x11grab --enable-libspeex --enable-pthreads
--enable-libopencore-amrnb --enable-libopencore-amrwb
--enable-libschroedinger --enable-librtmp --enable-vdpau --enable-shared
--disable-static --enable-version3 --enable-libass --enable-openssl
--enable-openal --enable-avresample



--

Chris Elvidge, England