From owner-freebsd-stable@FreeBSD.ORG Sat Jan 15 10:11:51 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A08810658C6 for ; Sat, 15 Jan 2011 10:11:51 +0000 (UTC) (envelope-from jyavenard@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id C7F9E8FC17 for ; Sat, 15 Jan 2011 10:11:50 +0000 (UTC) Received: by iyb26 with SMTP id 26so3335740iyb.13 for ; Sat, 15 Jan 2011 02:11:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Hn+sNM9XMEt6z9UwsTDUGucP5X/B0QGKHWDyjqV3U+k=; b=FpCHFZjjZ5c6B+2MIn7S7T+NDHd/toQ9H3zzYrCHHDC4ynsFTsOM7blzm7T+1nncCW rRBrrTgz3BBvWqJr+LWXjlh0Xtwr7Ta/YZUfgTy3sIRZGghWIFWBeTYB3f93YrO0AyjV ShpiruDcmV+WqpIOJxSciFf82XAzfKrr09Jbg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=TzEMDkIxb4ea+H5m3smpT3HnFoIIwrTVQxCAm1u8T8I52dRiL+s5+9BJMaT36aG3fX gX+rri2PyEMPqU5ctpebaI+9xy/PSq92+UPCP6vGM03zrNzcMDxrCSRnQq3Fa6J/4G0r RT8ZVom2nqiXZM9/U6Fcp1DLTOl/qDCq5KuLw= MIME-Version: 1.0 Received: by 10.42.169.9 with SMTP id z9mr1962474icy.89.1295086310245; Sat, 15 Jan 2011 02:11:50 -0800 (PST) Received: by 10.42.172.69 with HTTP; Sat, 15 Jan 2011 02:11:50 -0800 (PST) In-Reply-To: References: Date: Sat, 15 Jan 2011 21:11:50 +1100 Message-ID: From: Jean-Yves Avenard To: Pete French Content-Type: text/plain; charset=ISO-8859-1 Cc: "freebsd-stable@freebsd.org" Subject: Re: Policy on static linking ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jan 2011 10:11:51 -0000 On Friday, 14 January 2011, Pete French wrote: > I build code using static linking for deployment across a set of > machines. For me this has a lot of advantages - I know that the > code will run, no matter what the state of the ports is on the > machine, and if there is a need to upgrade a library then I do it > once on the build machine, rebuild the executable, and rsync it out > to the leaf nodes. Only one place to track security updates, only > one place where I need to have all the porst the code depends on > installed. I actually tried to compile a port against another and have it link statically, but I couldn't find a way to do so without hacking the configure script. I was wondering if there was another (and easier) way to do so... I use ldap for authentication purposes, along with pam_ldap and nss_ldap If I compile openldap-client against openssl from ports, then it creates massive problems elsewhere. For example, base ssh server will now crash due to using different libcrypto. compiling ports will also become impossible as bsd tar itself crash (removing ldap call from nsswitch.conf is required to work again) I was then advised in the freebsd forums to uninstall openssl port, compile openldap against openssl base, install it, then re-install openssl port. (I have to use openssl from ports with apache/subversion to fix a bug with TLSv1 making svn commit crash under some circumstances) I dislike this method, because should openldap gets upgraded again and be linked against openssl port, I will lock myself out of the machine again due to sshd crashing. Just like what happened today :( So how can I configure openldap-client to link against libssl and libcrypto statically? Thanks