Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Oct 2016 15:14:06 -0700 (PDT)
From:      Don Lewis <truckman@FreeBSD.org>
To:        mad@madpilot.net
Cc:        demelier.david@gmail.com, freebsd-ports@freebsd.org
Subject:   Re: lighttpd does not pull OpenSSL dependency
Message-ID:  <201610252214.u9PME6br070248@gw.catspoiler.org>
In-Reply-To: <da9e1a6b-0db1-ff18-08b6-82bbd0ab0101@madpilot.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 24 Oct, Guido Falsi wrote:
> On 10/24/16 16:28, David Demelier wrote:
>> 2016-10-24 14:59 GMT+02:00 Guido Falsi <mad@madpilot.net>:
>>> Are you generating your own packages? What software are you using to do
>>> that?
>> 
>> Yes, I'm using poudriere. However I didn't upgrade poudriere for a
>> while, maybe I should upgrade it too. The bulk build was clean at time
>> I ran it, since it was an upgrade no packages were existing.
> 
> It culd be related. It's at least worth a try.
> 
>> 
>>> Are you using some directive to enable ports provided ssl library?
>> 
>> If you mean some tunables in the make.conf files, no.
>> 
>>> So I'd conclude there's something wrong affecting your builds. What
>>> about a stray installation of a ports provided ssl library somewhere?
>> 
>> I'm not sure to understand your question. The bulk build was clean (no
>> package existing), I'll double check this evening if removing the
>> lighttpd package to force a rebuild will fix that.
>> 
> 
> I see but for some reason the port, while building, picked up a ports
> provided openssl library, it had to be there somehow for the port to
> pick that up.
> 
> I have no idea how it could be there though.

I don't think it is a package problem.  I suspect that the runtime
linker is picking up libssl from ports because it is detected first
in the linker's search path.

Then the question is, if DEFAULT_VERSIONS+=ssl=openssl is not in
make.conf, then why is OpeSSL from ports installed?  Nothing should
be depending on it.

If you do want to use OpenSSL from ports, then setting
DEFAULT_VERSIONS+=ssl=openssl in make.conf and rebuilding all the
packages that use ssl so that everything is consistent is the way to go.
In that case, I think lighttpd will have its dependency on openssl from
ports recorded.  If you go that route, you'll run into problems with any
ports that use GSSAPI and/or Kerberos, since using GSSAPI and/or
Kerberos from base doesn't work when using OpenSSL from ports.  Since I
don't use GSSAPI here, I added this
to make.conf for building packages:
OPTIONS_SET=GSSAPI_NONE KRB_NONE
OPTIONS_UNSET=GSSAPI_BASE KRB_BASE
If you do need GSSAPI, then GSSAPI_HEIMDAL and GSSAPI_MIT are the other
possible options.  Ditto for Kerberos.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610252214.u9PME6br070248>