From owner-freebsd-questions@FreeBSD.ORG Wed Feb 3 12:57:34 2010 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1C45106568F for ; Wed, 3 Feb 2010 12:57:34 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ew0-f211.google.com (mail-ew0-f211.google.com [209.85.219.211]) by mx1.freebsd.org (Postfix) with ESMTP id 4BB2A8FC13 for ; Wed, 3 Feb 2010 12:57:33 +0000 (UTC) Received: by ewy3 with SMTP id 3so1259378ewy.13 for ; Wed, 03 Feb 2010 04:57:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:cc:content-type; bh=+1KI8ed7cMO5nPtMcEYQdZcwhs8rCm9T/ySAtm0JbnI=; b=hFs89cMZS1ElXConfNqdwjA6fa7ZZb+05x3oy3BkgThIl6Vo4Aat3FxLw+CgPpwa8p hHnq2qYPjNfCcrsHlv3+T4R5Wixmfl2O0gldjDOCkG/TvlyawFU1ZN6nX0cPhwsC8/F3 3SsKEq/V6NZw9bN66MJqcSypjSNFdp5L7sSr0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=Zmkc9zxY9ZO2mmwl61WOFk7wZ3oFwDj/TaGR7wUmmcMTWUY8UdHITb7eqcxhRgISEH sdXyXPvdxdTc8V0UGfSQ4b4VVUFZ+3y2ty0IFWLzxJQgV6FQlTFy9BmrZni2SgdlGFdQ FXxr+TuZez+j1dH8bQ1qQJ0Uaz+XyqhvT8zTM= MIME-Version: 1.0 Received: by 10.216.87.210 with SMTP id y60mr840805wee.210.1265201852387; Wed, 03 Feb 2010 04:57:32 -0800 (PST) Date: Wed, 3 Feb 2010 07:57:32 -0500 Message-ID: From: "b. f." To: freebsd-questions@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Olivier Nicole Subject: Re: Disabling openssl from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 12:57:34 -0000 >OK, this /should/ work. Add the following to /etc/make.conf: > >WITH_OPENSSL_BASE= yes > >.if ${.CURDIR:M*/www/pound} >WITH_OPENSSL_PORT= yes >.endif No, it won't -- at least, if you leave it in make.conf after building www/pound, it wil break all subsequent rebuilds of all other ports that depend upon the base system openssl. Matthew, you ought to know better ... >From bsd.openssl.mk: .if defined(WITH_OPENSSL_BASE) ... .if exists(${LOCALBASE}/lib/libcrypto.so) check-depends:: @${ECHO_CMD} "Dependency error: this port wants the OpenSSL library from the FreeBSD" @${ECHO_CMD} "base system. You can't build against it, while a newer" @${ECHO_CMD} "version is installed by a port." @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." @${FALSE} .endif Mixing and matching the different openssl versions can lead to problems (for one thing, there are too many sloppy LDFLAGS=-L${LOCALBASE}/lib floating around in different ports), and you'll have to hack port Makefiles and use ldd(1) or other tools to verify that your changes work. You're probably better off just using one or the other. If you still want to try it, then I suggest installing security/openssl in non-default PREFIX, then patching the www/pound Makefile so that it doesn't use USE_OPENSSL, and then adding whatever variables are needed by it's configure script to locate and link with security/openssl to CONFIGURE_ENV and/or MAKE_ENV, as well as the proper LIB_DEPENDS on security/openssl. After doing this and installing www/pound, if rtld(1) is still loading the base system openssl when www/pound binaries are executed, or can't find the security/openssl libraries off in their non-default location, then use libmap.conf(5) to point (only) the www/pound binaries to the security/openssl libraries. You'll have to ensure that your changes to www/pound's Makefile aren't wiped out by subsequent updates to your Ports tree, of course. b.