Re: git: b077aed33b7b - main - Merge OpenSSL 3.0.9

In reply to: FreeBSD User : "Re: git: b077aed33b7b - main - Merge OpenSSL 3.0.9"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Herbert J. Skuhra <herbert_at_gojira.at>
Date: Sat, 24 Jun 2023 11:32:10 UTC
On Sat, 24 Jun 2023 12:58:03 +0200, FreeBSD User  wrote:
> 
> On Fri, 23 Jun 2023 23:19:54 GMT Ed Maste wrote:
> 
> > The branch main has been updated by emaste:
> > 
> > URL: https://cgit.FreeBSD.org/src/commit/?id=b077aed33b7b6aefca7b17ddb250cf521f938613
> > 
> > commit b077aed33b7b6aefca7b17ddb250cf521f938613
> > Merge: b08ee10c0646 b84c4564effd
> > Author:     Pierre Pronchery <pierre@freebsdfoundation.org>
> > AuthorDate: 2023-06-23 22:53:35 +0000
> > Commit:     Ed Maste <emaste@FreeBSD.org>
> > CommitDate: 2023-06-23 22:53:36 +0000
> > 
> 
> The commit has spooky side effects.
> 
> After the merge of llvm16 and after this merge, openssl 3, I did a full 
> 
> make cleanworld
> make buildworld buildkernel
> 
> And after finishing, installkernel/installworld. After two reboots I did als the VERY
> DANGEROUS THING
> 
> make delete-old/-libs
> 
> This harms a working CURRENT seriously in a way I can not grasp the reason why.
> 
> The CURRENT host is running OpenLDAP net/openldap26-server and -client. Also port
> nss-pam-ldap. Rebuilding those ports 
> 
> net/openldap26-client
> net/openldap26-server
> 
> (without libssl.so.111) is all right, running slapd fails.
> 
> net/nss-pam-ldapd-sasl 
> 
> will fail to build with an obscure error described below with ftp/curl.
> 
> 
> went smooth in the first attempt, but havoc followed
> immediately.
> 
> slapd rejected to startup. No error, no reason given, rc.conf switch to debug/verbosity
> doesn't reveal anything. No console message. But this is a side effect of something I
> guess. With a backup of /lib/libssl.so.111 replaced, everything went to normal for slapd.
> 
> ftp/curl fails due to missing libssl.so.111 and so git will fail (/etc/libmap.conf is no
> solution).
> 
> The spooky observation occurs when trying to compile ftp/curl (with no libssl.so.111
> replacemnet installed):
> 
> portmaster ftp/curl
> 
> will fail complaining that openldap26-client is requested, but openldap-client is
> installed. In make.conf I've defined DEFAULT_VERSIONS+=openldap=26/WANT_OPENLDAP_VER=26
                                                                  ^^^^^^^^^^^^^^^^^^^^^^^
What's this? Typo or copy&paste error?

1. You don't need DEFAULT_VERSIONS+=openldap=26. In
Mk/bsd.default-versions.mk we have:

# Possible value: 24, 25, 26
OPENLDAP_DEFAULT?=      26

Openldap26 (2.6.x) is already default version

2. Don't set WANT_OPENLDAP_VER=26 in /etc/make.conf. See the following
comment in Mk/bsd.port.mk:

    327 # Note: the distinction between the USE_* and WANT_* variables, and the
    328 # WITH_* and WITHOUT_* variables, are that the former are restricted to
    329 # usage inside the ports framework, and the latter are reserved for user-
    330 # settable options.  (Setting USE_* in /etc/make.conf is always wrong).

3. Use pkg_libchk from ports-mgmt/bsdadminscripts2 after running 'make
delete-old-libs'. You have to rebuild some ports (using openssl from
base). There is a warning: "Please be sure no application still uses
those libraries, else you can not start such an application".

Why do you actually run CURRENT?

--
Herbert