From owner-freebsd-questions@FreeBSD.ORG Tue Oct 14 07:11:39 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3FF916A4B3 for ; Tue, 14 Oct 2003 07:11:39 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60ADA43F93 for ; Tue, 14 Oct 2003 07:11:38 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h9EEB1QK048454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Oct 2003 15:11:31 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id h9EEAvE3048449; Tue, 14 Oct 2003 15:10:57 +0100 (BST) (envelope-from matthew) Date: Tue, 14 Oct 2003 15:10:57 +0100 From: Matthew Seaman To: Toomas Aas Message-ID: <20031014141057.GC47574@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Toomas Aas , freebsd-questions@freebsd.org References: <200310141337.h9EDb32p017988@lv.raad.tartu.ee> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4jXrM3lyYWu4nBt5" Content-Disposition: inline In-Reply-To: <200310141337.h9EDb32p017988@lv.raad.tartu.ee> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.60 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: ignoring openssl port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 14:11:40 -0000 --4jXrM3lyYWu4nBt5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 14, 2003 at 04:37:10PM +0300, Toomas Aas wrote: > Anyway, I tried commenting out the above passage in=20 > /usr/ports/Mk/bsd.port.mk and rebuilding another port which depends on=20 > OpenSSL, namely /usr/ports/ftp/wget. I checked with=20 > ldd /usr/local/bin/wget=20 > before and after installing and this showed that now I indeed have wget= =20 > linked against /usr/lib/libssl.so.3, whereas before it was linked=20 > against /usr/local/lib/libssl.so.3. >=20 > Before I try the same with apache13-modssl port, I just wanted to=20 > verify if commenting out the above passage in /usr/ports/Mk/bsd.port.mk= =20 > can cause any unforeseen damage. Actually, if your ports are all linked against libssl.so.3 and you have /usr/lib/libssl.so.3 from the base system, then many of your ports could well be using the base system version already. Check using ldd(1) against any likely candidates -- note that when investigating apache loadable modules ldd will sometimes fail to find a shared object in the current working directory unless you type eg. 'ldd ./libssl.so' Also check, oh, the ssh(1) binary in the base system to make sure the converse isn't happening, and it's linking against stuff under /usr/local. If you can confirm that all your ports will try and link against the system libssl.so.3, make sure to test by stopping and restarting everything as a check that they still do actually run OK using that shlib. In theory they should just work, but in practice they will fail to do so unless you assume the worst and test everything rigourously (Murphy's Law...). If everything is running happily using the /usr/lib/libssl.so.3 library then you should simply be able to move aside the shlib from the port (ie. /usr/local/lib/libssl.so.3) and everything will carry on without problems. Or you can move the existing shlib aside preemptively (Note: not delete it as that will definitely crash any application linked against it) and restart all the SSL using applications to force them to pick up /usr/lib/libssl.so.3. You can then pkg_deinstall the openssl port (not forgetting removing the renamed /usr/local/lib/libssl.so.3) and nothing should crash... Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --4jXrM3lyYWu4nBt5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jAPxdtESqEQa7a0RAmwbAJ4im1pGl7zpqYJSbuv5aHH6vnK6lwCeN9E+ MnhxcNFZmwwp2T9SNmDXbvY= =f/k6 -----END PGP SIGNATURE----- --4jXrM3lyYWu4nBt5--