From owner-freebsd-questions@FreeBSD.ORG Tue Oct 14 10:54:45 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0C8B16A4B3 for ; Tue, 14 Oct 2003 10:54:45 -0700 (PDT) Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77AFB43FAF for ; Tue, 14 Oct 2003 10:54:44 -0700 (PDT) (envelope-from toomas.aas@raad.tartu.ee) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id h9EHs1fY025603; Tue, 14 Oct 2003 20:54:01 +0300 Message-Id: <200310141754.h9EHs1fY025603@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 14 Oct 03 20:54:18 +0300 Received: from SpoolDir by INFO (Mercury 1.48); 14 Oct 03 20:54:09 +0300 From: "Toomas Aas" Organization: Tartu City Government To: Matthew Seaman Date: Tue, 14 Oct 2003 20:54:08 +0300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Priority: normal In-reply-to: <20031014141057.GC47574@happy-idiot-talk.infracaninophile.co.uk> References: <200310141337.h9EDb32p017988@lv.raad.tartu.ee> cc: freebsd-questions@freebsd.org Subject: Re: ignoring openssl port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 17:54:45 -0000 Hi! Matthew Seaman wrote: > On Tue, Oct 14, 2003 at 04:37:10PM +0300, Toomas Aas wrote: > > > Anyway, I tried commenting out the above passage in > > /usr/ports/Mk/bsd.port.mk and rebuilding another port which depends on > > OpenSSL, namely /usr/ports/ftp/wget. I checked with > > ldd /usr/local/bin/wget > > before and after installing and this showed that now I indeed have wget > > linked against /usr/lib/libssl.so.3, whereas before it was linked > > against /usr/local/lib/libssl.so.3. > > > > Before I try the same with apache13-modssl port, I just wanted to > > verify if commenting out the above passage in /usr/ports/Mk/bsd.port.mk > > can cause any unforeseen damage. > > Actually, if your ports are all linked against libssl.so.3 and you > have /usr/lib/libssl.so.3 from the base system, then many of your > ports could well be using the base system version already. Check > using ldd(1) against any likely candidates -- note that when > investigating apache loadable modules ldd will sometimes fail to find > a shared object in the current working directory unless you type eg. > 'ldd ./libssl.so' Also check, oh, the ssh(1) binary in the base system > to make sure the converse isn't happening, and it's linking against > stuff under /usr/local. > > If everything is running happily using the /usr/lib/libssl.so.3 > library then you should simply be able to move aside the shlib from > the port (ie. /usr/local/lib/libssl.so.3) and everything will carry on > without problems. Or you can move the existing shlib aside > preemptively (Note: not delete it as that will definitely crash any > application linked against it) and restart all the SSL using > applications to force them to pick up /usr/lib/libssl.so.3. You can > then pkg_deinstall the openssl port (not forgetting removing the > renamed /usr/local/lib/libssl.so.3) and nothing should crash... Thanks for the excellent advice! I checked all the ports that were dependent of openssl port, moved /usr/local/lib/libcrypto* and /usr/local/lib/libssl* to safe location and restarted the applications. Everything worked and ldd now shows that everything is linked against /usr/lib/libssl.so.3 and /usr/lib/libcrypto.so.3. I'll restart the server just to make sure I didn't overlook anything, but I strongly doubt I find any problems (knock on wood). -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * How much net work could a network work, if a network could net work?