From owner-svn-src-head@freebsd.org  Mon Mar  2 23:24:15 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4841525DA28
 for <svn-src-head@mailman.nyi.freebsd.org>;
 Mon,  2 Mar 2020 23:24:15 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48WbnW014Qz4dfK;
 Mon,  2 Mar 2020 23:24:15 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Received: from freefall.freebsd.org
 (static-71-168-218-4.cmdnnj.fios.verizon.net [71.168.218.4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 (Authenticated sender: jkim/mail)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 170D8447;
 Mon,  2 Mar 2020 23:24:14 +0000 (UTC)
 (envelope-from jkim@FreeBSD.org)
Subject: Re: svn commit: r358411 - head/contrib/sendmail/src
To: Hiroki Sato <hrs@FreeBSD.org>, eugen@grosbein.net
Cc: ume@FreeBSD.org, src-committers@freebsd.org, svn-src-head@freebsd.org
References: <fdbf3930-c17e-ba4a-4819-e201590b6c9d@FreeBSD.org>
 <34373b64-876b-c97c-e805-ffaf3a69dd8b@grosbein.net>
 <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>
 <20200303.075047.1159550404273266246.hrs@FreeBSD.org>
From: Jung-uk Kim <jkim@FreeBSD.org>
Autocrypt: addr=jkim@FreeBSD.org; prefer-encrypt=mutual; keydata=
 mQENBFJBztUBCAChqNyGqmFuNo0U7MBzsD+q/G6Cv0l7LGVrOAsgh34M8wIWhD+tztDWMVfn
 AhxNDd0ceCj2bYOe67sTQxAScEcbt2FfvPOLp9MEXb9qohZj172Gwkk7dnhOhZZKhVGVZKM4
 NcsuBDUzgf4f3Vdzj4wg6WlqplnTZo8lPE4hZWvZHoFIyunPTJWenybeV1xnxK7JkUdSvQR0
 fA59RfTTECMwTrSEfYGUnxIDBraxJ7Ecs/0hGQ7sljIj8WBvlRDU5fU1xfF35aw56T8POQRq
 F4E6RVJW3YGuTpSwgtGZOTfygcLRhAiq3dFC3JNLaTVTpM8PjOinJyt9AU6RoITGOKwDABEB
 AAG0Hkp1bmctdWsgS2ltIDxqa2ltQEZyZWVCU0Qub3JnPokBPQQTAQoAJwUCUkHO1QIbAwUJ
 E0/POwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB8n5Ym/NvxRqyzB/wL7QtsIpeGfGIA
 ZPMtgXMucM3NWzomyQMln2j2efUkDKthzh9jBxgF53TjOr7imwIt0PT2k1bqctPrq5IRqnu9
 mGroqaCLE3LG2/E3jEaao4k9PO6efwlioyivUo5NrqIQOQ4k3EAXw7d2y0Dk1VpTgdMrnUAB
 hj7lGlLqS4ydcrf24DdbCRGdEQwqd9DBeBgbWynxAJMgbZBhYVEyIHuQKkJ8qY0ibIPXXuF0
 KYDeH0qUHtWV2K3srNyPtymUkBQD84Pl1GWRYx05XdUHDmnX0JV3lg0BfYJZgZv0ehPQrMfY
 Fd9abTkf9FHQYz1JtsC8wUuRgqElRd6+YAGf8Tt9uQENBFJBztUBCADLtSrP44El2VoJmH14
 OFrlOgxzZnbn+Y/Gf1k12mJBiR+A+pBeRLD50p7AiTrjHRxO3cHcl9Dh0uf1VSbXgp8Or0ye
 iP/86fZPd4k5HXNmDTLL0HecPE08SCqGZ0W8vllQrokB1QxxRUB+fFMPJyMCjDAZ7P9fFTOS
 dTw1bJSTtOD8Sx8MpZUa9ti06bXFlVYDlaqSdgk181SSx+ZbSKkQR8CIMARlHwiLsa3Z9q9O
 EJr20HPyxe0AlTvwvFndH61hg7ds63eRvglwRnNON28VXO/lvKXq7Br/CiiyhFdKfINIx2Z5
 htYq22tgGTW7mBURbIKoECFBTX9Lv6BXz6w9ABEBAAGJASUEGAEKAA8FAlJBztUCGwwFCRNP
 zzsACgkQfJ+WJvzb8UZcJQf+IsTCxUEqY7W/pT84sMg5/QD3s6ufTRncvq14fEOxCNq1Rf4Q
 9P+tOFa8GZfKDGB2BFGIrW7uT5mlmKdK1vO6ZIA930y5kUsnCmBUEBJkE2ciSQk01aB/1o62
 Q3Gk/F6BwtNY9OXiqF7AcAo+K/BMIaqb26QKeh+IIgK1NN9dQiq3ByTbl4zpGZa6MmsnnRTu
 mzGKt2nkz7vBzH6+hZp1OzGZikgjjhYWVFoJo1dvf/rv4obs0ZJEqFPQs/1Qa1dbkKBv6odB
 XJpPH0ssOluTY24d1XxTiKTwmWvHeQkOKRAIfD7VTtF4TesoZYkf7hsh3e3VwXhptSLFnEOi
 WwYofg==
Message-ID: <031ad6fe-5483-939a-29f5-2ccfe62890ab@FreeBSD.org>
Date: Mon, 2 Mar 2020 18:24:07 -0500
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <20200303.075047.1159550404273266246.hrs@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 23:24:15 -0000

On 20. 3. 2., Hiroki Sato wrote:
> Jung-uk Kim <jkim@FreeBSD.org> wrote
>   in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>:
> 
> jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations
> jk> > with stock sendmail and SSL support that also has many ports installed including
> jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken.
> jk> I am also trying to understand your problem.  Which port is specifically
> jk> requiring new OpenSSL API for you?
> 
>  The problem eugen@ is trying to explain is (correct me if this is
>  wrong):
> 
>  1. One needs to install OpenSSL from ports if she wants to install
>     software which depends on it.  deskutils/nextcloudclient, for
>     example.  Setting DEFAILT_VERSION+=ssl=openssl is strongly
>     recommended in this case for consistency.
> 
>  2. Handbook says enabling SMTP AUTH requires the following in make.conf:
> 
>      SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
>      SENDMAIL_LDFLAGS=-L/usr/local/lib
>      SENDMAIL_LDADD=-lsasl2
> 
>     However, this variables make the buildworld target to pick up
>     OpenSSL from ports if installed, not from base, in the middle of
>     building sendmail.  "make buildworld" will always fail.  There is
>     no way to avoid OpenSSL from ports if she wants software such as
>     deskutils/nextcloudclient.
> 
>  This build breakage occurs with sendmail + openssl from ports, not
>  related to cyrus-sasl2.  A shlib mismatch between sendmail and
>  cyrus-sasl2 in terms of OpenSSL library is another issue.
> 
>  I think there are several workaround, but the primary problem is that
>  people can get confused with instructions in the handbook.  I suggest
>  to update the handbook:
> 
>  a) If you do not have security/openssl on your system, set the
>     following in make.conf and rebuilt the world:
> 
>      SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
>      SENDMAIL_LDFLAGS=-L/usr/local/lib
>      SENDMAIL_LDADD=-lsasl2
> 
>  b) If you have security/openssl, sendmail in the base system does not
>     support SMTP AUTH because of incompatibility with the newer
>     versions of OpenSSL.  Use mail/sendmail from ports.
> 
>  I still feel that b) is sub-optimal, but it would be too complex to
>  make them coexist with each other.  The attached patch and putting
>  SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_*
>  variables should mitigate the first problem but if
>  security/cyrus-sasl2 was built with OpenSSL from ports, the shlib
>  mismatch still occurs.

Ah, now I see the whole picture.

Yes, the Handbook needs some improvement.  Yes, b) is sub-optimal but I
guess it is the only clean solution for now.

Thanks for the explanation!

Jung-uk Kim