lighttpd does not pull OpenSSL dependency

Mathieu Arnold mat at
Thu Oct 27 13:05:09 UTC 2016

Le 27/10/2016 à 14:49, David Demelier a écrit :
> 2016-10-27 11:00 GMT+02:00 Mathieu Arnold <mat at>:
>> Before changing the default, though, I need to change the way GSSAPI is
>> handled, and create a DEFAULT_VERSIONS+=gssapi=<base,mit,heimdal,...>
>> and change all the ports with the USES=gssapi that gives options to the
>> users.
>> But I don't use all of that, so I need help figuring out which should be
>> the default afterwards (it can't be base, because you can't mix base
>> heimdal with non base openssl)
> I've just tested my lighttpd package into a fresh jail, it has not
> installed openssl and the lighttpd binary was using /usr/lib/libssl
> from base instead.
> There is indeed something wrong then, because if I install openssl,
> lighttpd will use one from /usr/local/lib which is terrible as we have
> no guarantee about openssl ABI compatibility.
> I don't know much linker options, but it is possible to make absolute
> shared library dependency ? Like -l/usr/lib/ instead of
> -lssl. Will this force lighttpd to use openssl from base?

Once you install openssl from ports, the ports framework will use it,
always. If you do not want openssl from ports, do not install it.

> That's what I dislike in having some software in base and also in
> ports. We need to figure out that. Or the best is to avoid having too
> much software in base. For example, it's nice to have ssh in base, but
> I have no problem if we need to install it in the next years. This
> will also have the benefits of more recent versions.

Well, openssl should be moved to a private space in base, yes.

> By the way, for what openssl is needed in base?

With a quick run of ldd in base and a grep of libcrypto and libssl, I get:

/bin/ed /bin/red /lib/ /sbin/hastctl /sbin/hastd
/usr/bin/bdes /usr/bin/dc /usr/bin/drill /usr/bin/factor /usr/bin/hxtool
/usr/bin/kadmin /usr/bin/kinit /usr/bin/kpasswd /usr/bin/ksu
/usr/bin/ntpq /usr/bin/openssl /usr/bin/slogin /usr/bin/ssh-agent
/usr/bin/ssh-keygen /usr/bin/ssh /usr/bin/string2key /usr/bin/svnlite
/usr/bin/svnlitebench /usr/bin/svnlitemucc /usr/bin/svnliterdump
/usr/bin/svnlitesync /usr/bin/telnet /usr/lib/
/usr/lib/ /usr/lib/
/usr/lib/ /usr/lib/
/usr/lib/ /usr/lib/ /usr/lib/
/usr/lib/ /usr/lib/
/usr/lib/ /usr/lib/
/usr/lib/ /usr/sbin/auditdistd /usr/sbin/hostapd
/usr/sbin/kstash /usr/sbin/ktutil /usr/sbin/ntp-keygen /usr/sbin/ntpd
/usr/sbin/ntpdate /usr/sbin/ntpdc /usr/sbin/pkg /usr/sbin/ppp
/usr/sbin/sntp /usr/sbin/sshd /usr/sbin/tcpdump /usr/sbin/uefisign
/usr/sbin/unbound-anchor /usr/sbin/unbound-control /usr/sbin/unbound

Mathieu Arnold

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-ports mailing list