From owner-freebsd-current@FreeBSD.ORG Wed Jul 25 16:37:29 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0CBC106566B for ; Wed, 25 Jul 2012 16:37:29 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.freebsd.org (Postfix) with ESMTP id 8C8D08FC0A for ; Wed, 25 Jul 2012 16:37:29 +0000 (UTC) Received: from ncsc.bris.ac.uk ([137.222.10.41]) by dirg.bris.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1Su4aW-00012z-Mg; Wed, 25 Jul 2012 17:37:28 +0100 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by ncsc.bris.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1Su4aW-0004K4-2k; Wed, 25 Jul 2012 17:37:28 +0100 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5) with ESMTP id q6PGbR4w048070; Wed, 25 Jul 2012 17:37:27 +0100 (BST) (envelope-from mexas@mech-cluster241.men.bris.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.5/8.14.5/Submit) id q6PGbRVT048069; Wed, 25 Jul 2012 17:37:27 +0100 (BST) (envelope-from mexas) Date: Wed, 25 Jul 2012 17:37:27 +0100 (BST) From: Anton Shterenlikht Message-Id: <201207251637.q6PGbRVT048069@mech-cluster241.men.bris.ac.uk> To: mexas@bristol.ac.uk, yanegomi@gmail.com In-Reply-To: Cc: freebsd-current@freebsd.org Subject: Re: openssl upgrade, libcrypto, libssl confusion X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2012 16:37:30 -0000 On Wed, Jul 25, 2012 at 5:06 AM, Anton Shterenlikht wrote: > On Wed, Jul 25, 2012 at 12:30:29PM +0100, Anton Shterenlikht wrote: >> In /usr/src/UPDATING I see >> >> 20120712: >> The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring >> libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are >> configuration changes. Make sure to merge /etc/ssl/openssl.cnf. > > oops.. wait a minute, I'm still on > > # uname -a > FreeBSD mech-cluster241.men.bris.ac.uk 10.0-CURRENT FreeBSD 10.0-CURRENT #6 r237134: Mon Jun 18 09:02:17 BST 2012 root@mech-cluster241.men.bris.ac.uk:/usr/obj/usr/src/sys/TZAV ia64 > # > > So this change shouldn't apply to me yet. > > Still there are *lots* of binaries, and libs > linked with /lib/libcrypto.so.6: > > Binaries that are linked with: /lib/libcrypto.so.6 ... > and so on, > > so is it really right that I can safely delete it? Some ldd/objdump and grep magic will give you the answer you need. check-old-libs only points out candidates for removal based on existence. Cheers, -Garrett That's scary. /usr/src/Makefile calles these "obsolete", which means these can be safely deleted: # check-old-libs - List obsolete libraries. # delete-old-libs - Delete obsolete libraries. >From what you are saying, and from what I observe, the algorithm used to determine whether the libs are obsolete cannot be trusted. For example, on another ia64 box, r238540, I get: # make -C /usr/src/ check-old-libs >>> Checking for old libraries /usr/lib/libftpio.so.8 /lib/libz.so.5 /lib/libutil.so.8 # None of these are obsolete. First, the base OS programs (not ports) depend on these libs: (I usually use sysutils/libchk to check this) Binaries that are linked with: /usr/lib/libftpio.so.8 /usr/sbin/sysinstall Binaries that are linked with: /lib/libz.so.5 /usr/sbin/dtrace /usr/sbin/lockstat Binaries that are linked with: /lib/libutil.so.8 /usr/sbin/sysinstall Second, at least for libftpio.so.8, there is no newer version. Finally, how come I have base OS binaries linked against old libs, if I always do the orthodox make buildworld, make buildkernel, make installkernel, make installworld? This just shouldn't happen, right? # ls -al /lib/libz.so.* -r--r--r-- 1 root wheel 151200 Jul 18 2010 /lib/libz.so.5 -r--r--r-- 1 root wheel 155264 Jul 18 11:25 /lib/libz.so.6 # ldd /usr/sbin/dtrace /usr/sbin/dtrace: libdtrace.so.2 => /lib/libdtrace.so.2 (0x20000000400b2000) libproc.so.2 => /usr/lib/libproc.so.2 (0x20000000401b2000) libctf.so.2 => /lib/libctf.so.2 (0x20000000401c6000) libelf.so.1 => /usr/lib/libelf.so.1 (0x20000000401ee000) libz.so.5 => /lib/libz.so.5 (0x200000004022e000) libthr.so.3 => /lib/libthr.so.3 (0x2000000040264000) libc.so.7 => /lib/libc.so.7 (0x20000000402b2000) # ls -al /usr/sbin/dtrace -r-xr-xr-x 1 root wheel 58976 Jul 18 2010 /usr/sbin/dtrace Any why is dtrace so old? Something is not right here...