Pourdriere produces faulty build results due to bsd.openssl.mk bug

Spil Oss spil.oss at gmail.com
Sun Apr 5 17:15:36 UTC 2015

Linking OpenSSL in ports and also requiring something from base that
links OpenSSL seems to be pretty rare indeed. A notable example being
ftp/curl that requires GSSAPI from base kerberos by default (this is
now "fixed" in ports) and thus relying on both ports and base ssl via
libkrb5.so. This is likely to be the most common case, something
relying on kerberos from base. I'm not quite sure how hard the
reliance on kerberos in base is but I'd like to see it made private
for base, we have multiple alternatives in ports.

This thread misses a reference for the starter to
https://bugs.freebsd.org/195796 which lists ports linking base
libssl/libcrypto whilst WITH_OPENSSL_PORT=yes is set. I'm trying to
collect work done to get these ports to link to ports OpenSSL in
https://wiki.freebsd.org/OpenSSL/PortsLinkingBase (that is just a
placeholder for now, trying to finish the LibreSSL fallout first)

Thanks, Bernard

On Thu, Apr 2, 2015 at 4:08 PM, Mark Felder <feld at freebsd.org> wrote:
> On Wed, Apr 1, 2015, at 16:21, Bryan Drewery wrote:
>> On 4/1/2015 3:59 PM, Yuri wrote:
>> > I found that packages produced by poudriere likely link with base
>> > openssl, while port make likely links with the port openssl.
>> > This is because of the lines in bsd.openssl.mk which check for the
>> > presence of openssl shared library and headers under PREFIX, and set
>> > WITH_OPENSSL_BASE when they aren't present. In case of port make files
>> > are likely present, and in case of poudriere build files are likely not
>> > present.
>> >
>> > Example is ftp/curl (with GSSAPI=NONE,  OPENSSL=yes options). *Poudriere
>> > produces curl library, that causes VirtualBox to break* due to the
>> > openssl base vs. port conflicts. See recent emulation@ ML threads. Port
>> > make produces curl library that works fine with VirtualBox.
>> >
>> > I think both WITH_OPENSSL_BASE and WITH_OPENSSL_PORT should be retired,
>> > and code checking file presence also should be removed, and all ports
>> > should be made to build with an openssl port instead. Ports should never
>> > use base OpenSSL.
>> >
>> > Only <100 ports touch WITH_OPENSSL_... variables. Somebody who is able
>> > to make such decisions and has the commit bit should bit should look
>> > into this. Otherwise, massively faulty package repositories are produces.
>> >
>> > Yuri
>> I've wanted this for a long time. I think we should just do it.
> What are the risks of something linking to OpenSSL in ports also
> requiring something from base which in turn... links in OpenSSL from
> base?
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"

More information about the freebsd-ports mailing list