Date: Tue, 28 Jul 2009 12:38:16 -0500 From: Peggy Wilkins <enlil65@gmail.com> To: freebsd-ports@freebsd.org Subject: Re: Using WITH_OPENSSL_PORT Message-ID: <1789c2360907281038y29f05e94h782ad90ca4337acd@mail.gmail.com> In-Reply-To: <d873d5be0907260013t662bb1bbr6425455037ddaca5@mail.gmail.com> References: <d873d5be0907260013t662bb1bbr6425455037ddaca5@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 26, 2009 at 2:13 AM, b. f.<bf1783@googlemail.com> wrote: >> As the PR advises, switching back to base openssl fixes my problem. > > Well, apparently only part of it. =A0Unfortunately the openssl framework > in ports doesn't accommodate mixing and matching of base and port > openssl, so while this may allow you to use pam_ldap, it's at the > expense of other ports. =A0You should probably follow-up on the PR, and > explain to the committer who closed it why a real solution to the > problem would be desirable. =A0Also, ask the krb5 maintainer if it would > be possible to relax the openssl requirements on his port. =A0Sometimes > these restrictions are relics of times when an earlier version of > openssl in base was causing problems, and they may no longer be > relevant. It turns out there are a number of open PR's for related issues. For insta= nce: ports/120101: security/krb5 utilities link against wrong libcom_err http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/120101 ports/121573: security/krb5 (MIT Kerberos) generates non-working ksu http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/121573 ports/128972: Port security/krb5 has a linking problem when compiled against base openssl http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/128972 I get a working security/krb5 compiled against base openssl, if I preface all the client commands with LD_LIBRARY_PATH=3D/usr/local/lib. I'm not sure what a good resolution for all those PR's would be... how is this sort of conflict of shlibs normally resolved for ports? >> Since I am already using pam_ldap on this system in production, I >> don't see any easy way to get security/krb5 installed and working via >> ports on the same system since openssl requirements for these things >> conflict. =A0I think my easiest solution is to use a different system >> for security/krb5. > > At least in the short term, if you don't have the time to patch these > ports yourself, you may be right. =A0Another thing you may want to > consider: will the kerberos implementation already in the base system, > or another kerberos port, meet your needs, so that you can dispense > with the krb5 port? Another thing that occurred to me (I may have seen it online somewhere) is that if I replace the base kerberos with ports/krb5 compiled against the base openssl, my problem with multiple conflicting shared libraries would go away. It looks like I can build my system with WITHOUT_KERBEROS setting in /etc/src.conf, though I am still unsure how to remove the already-installed kerberos on my production system -- do I hunt down and delete the already-installed files, or is there an easier way to do that? BTW even though I've been running FreeBSD for over 6 years now, I hadn't heard of /etc/src.conf before this weekend. How do people find out about that? I'm surprised to have missed it before now. plw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1789c2360907281038y29f05e94h782ad90ca4337acd>