ignoring openssl port
Toomas Aas
toomas.aas at raad.tartu.ee
Tue Oct 14 10:54:45 PDT 2003
Hi!
Matthew Seaman <matthew at cryptosphere dot com> wrote:
> On Tue, Oct 14, 2003 at 04:37:10PM +0300, Toomas Aas wrote:
>
> > Anyway, I tried commenting out the above passage in
> > /usr/ports/Mk/bsd.port.mk and rebuilding another port which depends on
> > OpenSSL, namely /usr/ports/ftp/wget. I checked with
> > ldd /usr/local/bin/wget
> > before and after installing and this showed that now I indeed have wget
> > linked against /usr/lib/libssl.so.3, whereas before it was linked
> > against /usr/local/lib/libssl.so.3.
> >
> > Before I try the same with apache13-modssl port, I just wanted to
> > verify if commenting out the above passage in /usr/ports/Mk/bsd.port.mk
> > can cause any unforeseen damage.
>
> Actually, if your ports are all linked against libssl.so.3 and you
> have /usr/lib/libssl.so.3 from the base system, then many of your
> ports could well be using the base system version already. Check
> using ldd(1) against any likely candidates -- note that when
> investigating apache loadable modules ldd will sometimes fail to find
> a shared object in the current working directory unless you type eg.
> 'ldd ./libssl.so' Also check, oh, the ssh(1) binary in the base system
> to make sure the converse isn't happening, and it's linking against
> stuff under /usr/local.
>
> If everything is running happily using the /usr/lib/libssl.so.3
> library then you should simply be able to move aside the shlib from
> the port (ie. /usr/local/lib/libssl.so.3) and everything will carry on
> without problems. Or you can move the existing shlib aside
> preemptively (Note: not delete it as that will definitely crash any
> application linked against it) and restart all the SSL using
> applications to force them to pick up /usr/lib/libssl.so.3. You can
> then pkg_deinstall the openssl port (not forgetting removing the
> renamed /usr/local/lib/libssl.so.3) and nothing should crash...
Thanks for the excellent advice! I checked all the ports that were
dependent of openssl port, moved /usr/local/lib/libcrypto* and
/usr/local/lib/libssl* to safe location and restarted the applications.
Everything worked and ldd now shows that everything is linked against
/usr/lib/libssl.so.3 and /usr/lib/libcrypto.so.3. I'll restart the
server just to make sure I didn't overlook anything, but I strongly
doubt I find any problems (knock on wood).
--
Toomas Aas | toomas.aas at raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* How much net work could a network work, if a network could net work?
More information about the freebsd-questions
mailing list