From owner-svn-src-head@freebsd.org Mon Mar 2 22:52:53 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1855925D043 for ; Mon, 2 Mar 2020 22:52:53 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Wb5J3ZQMz3xFC; Mon, 2 Mar 2020 22:52:52 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from localhost (unknown [IPv6:2409:11:a740:4700:16:ceff:fe34:2700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: hrs) by smtp.freebsd.org (Postfix) with ESMTPSA id 316482FE6E; Mon, 2 Mar 2020 22:52:51 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Date: Tue, 03 Mar 2020 07:50:47 +0900 (JST) Message-Id: <20200303.075047.1159550404273266246.hrs@FreeBSD.org> To: eugen@grosbein.net, jkim@FreeBSD.org Cc: ume@FreeBSD.org, src-committers@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r358411 - head/contrib/sendmail/src From: Hiroki Sato In-Reply-To: <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org> References: <34373b64-876b-c97c-e805-ffaf3a69dd8b@grosbein.net> <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org> X-Old-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-PGPkey-fingerprint: 6C0D 2353 27CF 80C7 901E FDD2 DBB0 7DC6 6F1F 737F X-Mailer: Mew version 6.8 on Emacs 26.3 Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha512; boundary="--Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)--" Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2020 22:52:53 -0000 ----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Tue_Mar__3_07_50_47_2020_490)--" Content-Transfer-Encoding: 7bit ----Next_Part(Tue_Mar__3_07_50_47_2020_490)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Jung-uk Kim wrote in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>: jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations jk> > with stock sendmail and SSL support that also has many ports installed including jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken. jk> I am also trying to understand your problem. Which port is specifically jk> requiring new OpenSSL API for you? The problem eugen@ is trying to explain is (correct me if this is wrong): 1. One needs to install OpenSSL from ports if she wants to install software which depends on it. deskutils/nextcloudclient, for example. Setting DEFAILT_VERSION+=ssl=openssl is strongly recommended in this case for consistency. 2. Handbook says enabling SMTP AUTH requires the following in make.conf: SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 However, this variables make the buildworld target to pick up OpenSSL from ports if installed, not from base, in the middle of building sendmail. "make buildworld" will always fail. There is no way to avoid OpenSSL from ports if she wants software such as deskutils/nextcloudclient. This build breakage occurs with sendmail + openssl from ports, not related to cyrus-sasl2. A shlib mismatch between sendmail and cyrus-sasl2 in terms of OpenSSL library is another issue. I think there are several workaround, but the primary problem is that people can get confused with instructions in the handbook. I suggest to update the handbook: a) If you do not have security/openssl on your system, set the following in make.conf and rebuilt the world: SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 b) If you have security/openssl, sendmail in the base system does not support SMTP AUTH because of incompatibility with the newer versions of OpenSSL. Use mail/sendmail from ports. I still feel that b) is sub-optimal, but it would be too complex to make them coexist with each other. The attached patch and putting SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_* variables should mitigate the first problem but if security/cyrus-sasl2 was built with OpenSSL from ports, the shlib mismatch still occurs. -- Hiroki ----Next_Part(Tue_Mar__3_07_50_47_2020_490)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="usr.sbin_sendmail_Makefile.20200303-1.diff" Index: usr.sbin/sendmail/Makefile =================================================================== --- usr.sbin/sendmail/Makefile (revision 358301) +++ usr.sbin/sendmail/Makefile (working copy) @@ -72,3 +72,15 @@ ln -sf ${.ALLSRC} ${.TARGET} .include + +# libsasl2 support +.if defined(SASLBASEDIR) && exists(${SASLBASEDIR}) +${OBJS}: libsasl2.so sasl +libsasl2.so: + ln -s -f ${SASLBASEDIR}/lib/libsasl2.so ${.OBJDIR} +sasl: + ln -s -f ${SASLBASEDIR}/include/sasl ${.OBJDIR} +CLEANFILES+=libsasl2.so sasl +LDADD+= -lsasl2 -L. +CFLAGS+= -I. -DSASL +.endif ----Next_Part(Tue_Mar__3_07_50_47_2020_490)---- ----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iMgEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXl2NxxAcaHJzQGZyZWVi c2Qub3JnAAoJENuwfcZvH3N/5uMCCJqncsGovmO6QOBzYZAHzf7LaP5b0x7ZZL0n 4zqvnWr7P4yxvnPIqnVhTr/pb3mlvm8X6gmd/zWa/v8FeLR+qEH/AgjGqNvjP8D9 WQ9ygjfnQNg8nkK8uKCfHyO/Xw/YiMiwUNxyPzPtzonJfTrbtW9mbLo2cyC2zDM/ 4JeUHBpXYBEe9A== =xlZT -----END PGP SIGNATURE----- ----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)----