Date: Thu, 27 Oct 2016 15:05:03 +0200 From: Mathieu Arnold <mat@FreeBSD.org> To: David Demelier <demelier.david@gmail.com> Cc: Don Lewis <truckman@freebsd.org>, mad@madpilot.net, freebsd-ports@freebsd.org Subject: Re: lighttpd does not pull OpenSSL dependency Message-ID: <bd8cf64a-7c04-d58b-b9ab-1abbb4cc062b@FreeBSD.org> In-Reply-To: <CAO%2BPfDdJ7wv-rzrX7bTRhfY1W_qcL3%2BgZthqy-aq0sqYhDVcgg@mail.gmail.com> References: <201610252214.u9PME6br070248@gw.catspoiler.org> <ded708c9-f2bf-6b2f-84cf-f97f91c39888@FreeBSD.org> <CAO%2BPfDdXbbgVMZnxiJig%2B_drLNYRftD4ruqXxHpybztiR1eBAA@mail.gmail.com> <7fb24c94-1efa-d1b5-9028-8dec8330e543@FreeBSD.org> <CAO%2BPfDdJ7wv-rzrX7bTRhfY1W_qcL3%2BgZthqy-aq0sqYhDVcgg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4 Content-Type: multipart/mixed; boundary="NNr7xb9vP6LpsHpk8pXkGxM3BnP5Ffd34"; protected-headers="v1" From: Mathieu Arnold <mat@FreeBSD.org> To: David Demelier <demelier.david@gmail.com> Cc: Don Lewis <truckman@freebsd.org>, mad@madpilot.net, freebsd-ports@freebsd.org Message-ID: <bd8cf64a-7c04-d58b-b9ab-1abbb4cc062b@FreeBSD.org> Subject: Re: lighttpd does not pull OpenSSL dependency References: <201610252214.u9PME6br070248@gw.catspoiler.org> <ded708c9-f2bf-6b2f-84cf-f97f91c39888@FreeBSD.org> <CAO+PfDdXbbgVMZnxiJig+_drLNYRftD4ruqXxHpybztiR1eBAA@mail.gmail.com> <7fb24c94-1efa-d1b5-9028-8dec8330e543@FreeBSD.org> <CAO+PfDdJ7wv-rzrX7bTRhfY1W_qcL3+gZthqy-aq0sqYhDVcgg@mail.gmail.com> In-Reply-To: <CAO+PfDdJ7wv-rzrX7bTRhfY1W_qcL3+gZthqy-aq0sqYhDVcgg@mail.gmail.com> --NNr7xb9vP6LpsHpk8pXkGxM3BnP5Ffd34 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Le 27/10/2016 =C3=A0 14:49, David Demelier a =C3=A9crit : > 2016-10-27 11:00 GMT+02:00 Mathieu Arnold <mat@freebsd.org>: >> Before changing the default, though, I need to change the way GSSAPI i= s >> handled, and create a DEFAULT_VERSIONS+=3Dgssapi=3D<base,mit,heimdal,.= =2E.> >> and change all the ports with the USES=3Dgssapi that gives options to = the >> users. >> But I don't use all of that, so I need help figuring out which should = be >> the default afterwards (it can't be base, because you can't mix base >> heimdal with non base openssl) > I've just tested my lighttpd package into a fresh jail, it has not > installed openssl and the lighttpd binary was using /usr/lib/libssl > from base instead. > > There is indeed something wrong then, because if I install openssl, > lighttpd will use one from /usr/local/lib which is terrible as we have > no guarantee about openssl ABI compatibility. > > I don't know much linker options, but it is possible to make absolute > shared library dependency ? Like -l/usr/lib/libssl.so instead of > -lssl. Will this force lighttpd to use openssl from base? Once you install openssl from ports, the ports framework will use it, always. If you do not want openssl from ports, do not install it. > That's what I dislike in having some software in base and also in > ports. We need to figure out that. Or the best is to avoid having too > much software in base. For example, it's nice to have ssh in base, but > I have no problem if we need to install it in the next years. This > will also have the benefits of more recent versions. Well, openssl should be moved to a private space in base, yes. > By the way, for what openssl is needed in base? With a quick run of ldd in base and a grep of libcrypto and libssl, I get= : /bin/ed /bin/red /lib/libcrypto.so.8 /sbin/hastctl /sbin/hastd /usr/bin/bdes /usr/bin/dc /usr/bin/drill /usr/bin/factor /usr/bin/hxtool /usr/bin/kadmin /usr/bin/kinit /usr/bin/kpasswd /usr/bin/ksu /usr/bin/ntpq /usr/bin/openssl /usr/bin/slogin /usr/bin/ssh-agent /usr/bin/ssh-keygen /usr/bin/ssh /usr/bin/string2key /usr/bin/svnlite /usr/bin/svnlitebench /usr/bin/svnlitemucc /usr/bin/svnliterdump /usr/bin/svnlitesync /usr/bin/telnet /usr/lib/libarchive.so.6 /usr/lib/libbsnmp.so.6 /usr/lib/libfetch.so.6 /usr/lib/libgssapi_krb5.so.10 /usr/lib/libheimntlm.so.11 /usr/lib/libhx509.so.11 /usr/lib/libkrb5.so.11 /usr/lib/libmp.so.7 /usr/lib/libprivateldns.so.5 /usr/lib/libprivatessh.so.5 /usr/lib/libprivateunbound.so.5 /usr/lib/libradius.so.4 /usr/lib/libssl.so.8 /usr/sbin/auditdistd /usr/sbin/hostapd /usr/sbin/kstash /usr/sbin/ktutil /usr/sbin/ntp-keygen /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc /usr/sbin/pkg /usr/sbin/ppp /usr/sbin/sntp /usr/sbin/sshd /usr/sbin/tcpdump /usr/sbin/uefisign /usr/sbin/unbound-anchor /usr/sbin/unbound-control /usr/sbin/unbound /usr/sbin/wpa_supplicant --=20 Mathieu Arnold --NNr7xb9vP6LpsHpk8pXkGxM3BnP5Ffd34-- --V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYEfuBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85I+vgP/RV+qGrCW1mt0FF1cINQOo/k EjXTAIpoSceKn+712NI2Y5gz5xbQHoqTYygVeWQ4NgF8ogd9MEzmfP/gcjseTviV i2+8ZseR1t6yhEBfUMyPFOeXSaJ1WH8OPH8mR/ecTKNt6m6LF3p1+K7sEz+ooM4l jds4ZbuaCX686EBCYk0rJ3W/qL+VgtHGAEthzR+76FJpkRJWgTi/dDwJLhJA7lOl cYZc64AcSSbIdu8K4q2wtpAjS6IAuqCFmVhuihA0WEC6twEISogTybgpe/f59/XP gi6DjD1c5fjDCksPwXt6Emhw83lZEHO4gqdJAMuWYknx6uIhu/v0uza5zK3BK6Fl aURV7pBRX/OR17df/0eXAJHsZS1I6I8bLB6VVS52lk8VwVQOGSUEb+6C9gnZCHC7 El459g/MHy2GLEFoi2Yh8LUCu6nbW7mtpKgtO1OrTn9CuyfFXkDIsCzEA3ufQ3Qy 6aJD8hf5taXMb1WkuYJQlVRHefotgX35Rb2uFnLUFbKWVJtEf95l7bXWrDB3DTzX uWFLtjWERGC7yUP7gvcKUMtrfBJbrjkqi8QRdQQcxSB7Sk3GRB4WXlqaw7gXb2nz 6D5YdAOsH4hLq7j1PaiyQ227GUH/QtZB8En3YCd7TRBaDigI2NiaGtVh2ctuLnsp wzUK1VAVcc4kAjCA85wu =pbj1 -----END PGP SIGNATURE----- --V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bd8cf64a-7c04-d58b-b9ab-1abbb4cc062b>