Date: Mon, 2 Mar 2020 18:24:07 -0500 From: Jung-uk Kim <jkim@FreeBSD.org> To: Hiroki Sato <hrs@FreeBSD.org>, eugen@grosbein.net Cc: ume@FreeBSD.org, src-committers@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r358411 - head/contrib/sendmail/src Message-ID: <031ad6fe-5483-939a-29f5-2ccfe62890ab@FreeBSD.org> In-Reply-To: <20200303.075047.1159550404273266246.hrs@FreeBSD.org> References: <fdbf3930-c17e-ba4a-4819-e201590b6c9d@FreeBSD.org> <34373b64-876b-c97c-e805-ffaf3a69dd8b@grosbein.net> <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org> <20200303.075047.1159550404273266246.hrs@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20. 3. 2., Hiroki Sato wrote: > Jung-uk Kim <jkim@FreeBSD.org> wrote > in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>: > > jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations > jk> > with stock sendmail and SSL support that also has many ports installed including > jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken. > jk> I am also trying to understand your problem. Which port is specifically > jk> requiring new OpenSSL API for you? > > The problem eugen@ is trying to explain is (correct me if this is > wrong): > > 1. One needs to install OpenSSL from ports if she wants to install > software which depends on it. deskutils/nextcloudclient, for > example. Setting DEFAILT_VERSION+=ssl=openssl is strongly > recommended in this case for consistency. > > 2. Handbook says enabling SMTP AUTH requires the following in make.conf: > > SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL > SENDMAIL_LDFLAGS=-L/usr/local/lib > SENDMAIL_LDADD=-lsasl2 > > However, this variables make the buildworld target to pick up > OpenSSL from ports if installed, not from base, in the middle of > building sendmail. "make buildworld" will always fail. There is > no way to avoid OpenSSL from ports if she wants software such as > deskutils/nextcloudclient. > > This build breakage occurs with sendmail + openssl from ports, not > related to cyrus-sasl2. A shlib mismatch between sendmail and > cyrus-sasl2 in terms of OpenSSL library is another issue. > > I think there are several workaround, but the primary problem is that > people can get confused with instructions in the handbook. I suggest > to update the handbook: > > a) If you do not have security/openssl on your system, set the > following in make.conf and rebuilt the world: > > SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL > SENDMAIL_LDFLAGS=-L/usr/local/lib > SENDMAIL_LDADD=-lsasl2 > > b) If you have security/openssl, sendmail in the base system does not > support SMTP AUTH because of incompatibility with the newer > versions of OpenSSL. Use mail/sendmail from ports. > > I still feel that b) is sub-optimal, but it would be too complex to > make them coexist with each other. The attached patch and putting > SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_* > variables should mitigate the first problem but if > security/cyrus-sasl2 was built with OpenSSL from ports, the shlib > mismatch still occurs. Ah, now I see the whole picture. Yes, the Handbook needs some improvement. Yes, b) is sub-optimal but I guess it is the only clean solution for now. Thanks for the explanation! Jung-uk Kim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?031ad6fe-5483-939a-29f5-2ccfe62890ab>