lighttpd does not pull OpenSSL dependency
Don Lewis
truckman at FreeBSD.org
Tue Oct 25 22:14:18 UTC 2016
On 24 Oct, Guido Falsi wrote:
> On 10/24/16 16:28, David Demelier wrote:
>> 2016-10-24 14:59 GMT+02:00 Guido Falsi <mad at madpilot.net>:
>>> Are you generating your own packages? What software are you using to do
>>> that?
>>
>> Yes, I'm using poudriere. However I didn't upgrade poudriere for a
>> while, maybe I should upgrade it too. The bulk build was clean at time
>> I ran it, since it was an upgrade no packages were existing.
>
> It culd be related. It's at least worth a try.
>
>>
>>> Are you using some directive to enable ports provided ssl library?
>>
>> If you mean some tunables in the make.conf files, no.
>>
>>> So I'd conclude there's something wrong affecting your builds. What
>>> about a stray installation of a ports provided ssl library somewhere?
>>
>> I'm not sure to understand your question. The bulk build was clean (no
>> package existing), I'll double check this evening if removing the
>> lighttpd package to force a rebuild will fix that.
>>
>
> I see but for some reason the port, while building, picked up a ports
> provided openssl library, it had to be there somehow for the port to
> pick that up.
>
> I have no idea how it could be there though.
I don't think it is a package problem. I suspect that the runtime
linker is picking up libssl from ports because it is detected first
in the linker's search path.
Then the question is, if DEFAULT_VERSIONS+=ssl=openssl is not in
make.conf, then why is OpeSSL from ports installed? Nothing should
be depending on it.
If you do want to use OpenSSL from ports, then setting
DEFAULT_VERSIONS+=ssl=openssl in make.conf and rebuilding all the
packages that use ssl so that everything is consistent is the way to go.
In that case, I think lighttpd will have its dependency on openssl from
ports recorded. If you go that route, you'll run into problems with any
ports that use GSSAPI and/or Kerberos, since using GSSAPI and/or
Kerberos from base doesn't work when using OpenSSL from ports. Since I
don't use GSSAPI here, I added this
to make.conf for building packages:
OPTIONS_SET=GSSAPI_NONE KRB_NONE
OPTIONS_UNSET=GSSAPI_BASE KRB_BASE
If you do need GSSAPI, then GSSAPI_HEIMDAL and GSSAPI_MIT are the other
possible options. Ditto for Kerberos.
More information about the freebsd-ports
mailing list