Date: Tue, 14 Oct 2003 20:54:08 +0300 From: "Toomas Aas" <toomas.aas@raad.tartu.ee> To: Matthew Seaman <matthew@cryptosphere.com> Cc: freebsd-questions@freebsd.org Subject: Re: ignoring openssl port Message-ID: <200310141754.h9EHs1fY025603@lv.raad.tartu.ee> In-Reply-To: <20031014141057.GC47574@happy-idiot-talk.infracaninophile.co.uk> References: <200310141337.h9EDb32p017988@lv.raad.tartu.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Matthew Seaman <matthew at cryptosphere dot com> wrote: > On Tue, Oct 14, 2003 at 04:37:10PM +0300, Toomas Aas wrote: > > > Anyway, I tried commenting out the above passage in > > /usr/ports/Mk/bsd.port.mk and rebuilding another port which depends on > > OpenSSL, namely /usr/ports/ftp/wget. I checked with > > ldd /usr/local/bin/wget > > before and after installing and this showed that now I indeed have wget > > linked against /usr/lib/libssl.so.3, whereas before it was linked > > against /usr/local/lib/libssl.so.3. > > > > Before I try the same with apache13-modssl port, I just wanted to > > verify if commenting out the above passage in /usr/ports/Mk/bsd.port.mk > > can cause any unforeseen damage. > > Actually, if your ports are all linked against libssl.so.3 and you > have /usr/lib/libssl.so.3 from the base system, then many of your > ports could well be using the base system version already. Check > using ldd(1) against any likely candidates -- note that when > investigating apache loadable modules ldd will sometimes fail to find > a shared object in the current working directory unless you type eg. > 'ldd ./libssl.so' Also check, oh, the ssh(1) binary in the base system > to make sure the converse isn't happening, and it's linking against > stuff under /usr/local. > > If everything is running happily using the /usr/lib/libssl.so.3 > library then you should simply be able to move aside the shlib from > the port (ie. /usr/local/lib/libssl.so.3) and everything will carry on > without problems. Or you can move the existing shlib aside > preemptively (Note: not delete it as that will definitely crash any > application linked against it) and restart all the SSL using > applications to force them to pick up /usr/lib/libssl.so.3. You can > then pkg_deinstall the openssl port (not forgetting removing the > renamed /usr/local/lib/libssl.so.3) and nothing should crash... Thanks for the excellent advice! I checked all the ports that were dependent of openssl port, moved /usr/local/lib/libcrypto* and /usr/local/lib/libssl* to safe location and restarted the applications. Everything worked and ldd now shows that everything is linked against /usr/lib/libssl.so.3 and /usr/lib/libcrypto.so.3. I'll restart the server just to make sure I didn't overlook anything, but I strongly doubt I find any problems (knock on wood). -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * How much net work could a network work, if a network could net work?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310141754.h9EHs1fY025603>