Ports System not matching upstream build, causes broken builds

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mel Pilgrim <list_freebsd_at_bluerosetech.com>
Date: Sat, 09 Jul 2022 05:24:12 UTC
I'm working on a port of rbsec/sslscan (github), but running into an 
issue where the Ports System is invoking gmake in a way that doesn't 
match what the upstream Makefile does.  The software has two build 
options: build a dynamic-linked version against the system OpenSSL 
library, or build a static-linked version against a bundled copy of 
OpenSSL 1.1.1-stable.  `gmake` gets you the dynamic version, `gmake 
static` gets you the static version.

Simple enough, so I put this in the port Makefile:

OPTIONS_DEFINE= STATIC
STATIC_USES_OFF=ssl
STATIC_ALL_TARGET=static

The port does call the static target as expected, but something is going 
terribly wrong and the result is polluted CFLAGS and LDFLAGS.  An 
example is the cc invocation to build the sslscan binary itself.  Below 
is that call for each of direct/port and static/dynamic build, with 
line-breaks added for ease of comparison:

Direct static build:

# gmake static
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-pie -z relro -z now
-L/tmp/scratch/sslscan/openssl/
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/tmp/scratch/sslscan/openssl/include/ -I/tmp/scratch/sslscan/openssl/
-DVERSION=\"2.0.15-static\" sslscan.c -lssl -lcrypto -lz -lpthread

Port build with STATIC on:

# make
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-fstack-protector-strong
-pie -z relro -z now
-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib 
-L/opt/local/lib
-pie -z relro -z now
-L/poudriere/ports/default/security/sslscan/work/sslscan-2.0.15/openssl/
-O2 -pipe  -fstack-protector-strong -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/usr/local/include -I/usr/local/ssl/include 
-I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include 
-I/opt/local/include -I/opt/local/include/openssl
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/poudriere/ports/default/security/sslscan/work/sslscan-2.0.15/openssl/include/ 
-I/poudriere/ports/default/security/sslscan/work/sslscan-2.0.15/openssl/
-DVERSION=\"2.0.15-static\" sslscan.c -lssl -lcrypto -lz -lpthread

Direct dynamic build:

# gmake
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-pie -z relro -z now
-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib 
-L/opt/local/lib
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/usr/local/include -I/usr/local/ssl/include 
-I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include 
-I/opt/local/include -I/opt/local/include/openssl
-DVERSION=\"2.0.15\" sslscan.c -lssl -lcrypto

Port build with STATIC off:

# make
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-Wl,-rpath,/usr/local/lib -fstack-protector-strong
-pie -z relro -z now
-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib 
-L/opt/local/lib
-O2 -pipe  -fstack-protector-strong -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/usr/local/include -I/usr/local/ssl/include 
-I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include 
-I/opt/local/include -I/opt/local/include/openssl
-DVERSION=\"2.0.15\" sslscan.c -lssl -lcrypto


Why is the port doing this and what bits of Makefile do I need to add to 
the skeleton to make it behave correctly?