Date: Tue, 03 Mar 2020 06:48:43 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Hiroki Sato <hrs@FreeBSD.org>,eugen@grosbein.net,jkim@FreeBSD.org Cc: ume@FreeBSD.org,src-committers@freebsd.org,svn-src-head@freebsd.org Subject: Re: svn commit: r358411 - head/contrib/sendmail/src Message-ID: <0B5BF068-6E2E-48D5-BF68-1A007EBFE9D9@cschubert.com> In-Reply-To: <20200303.075047.1159550404273266246.hrs@FreeBSD.org> References: <fdbf3930-c17e-ba4a-4819-e201590b6c9d@FreeBSD.org> <34373b64-876b-c97c-e805-ffaf3a69dd8b@grosbein.net> <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org> <20200303.075047.1159550404273266246.hrs@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On March 2, 2020 2:50:47 PM PST, Hiroki Sato <hrs@FreeBSD.org> wrote: >Jung-uk Kim <jkim@FreeBSD.org> wrote > in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>: > >jk> > I merely try to understand how to unbreak upgrade path for >11.2-STABLE workstations >jk> > with stock sendmail and SSL support that also has many ports >installed including >jk> > ports requiring new openssl API. Because buildworld fails and >upgrade is broken. >jk> I am also trying to understand your problem. Which port is >specifically >jk> requiring new OpenSSL API for you? > > The problem eugen@ is trying to explain is (correct me if this is > wrong): > > 1. One needs to install OpenSSL from ports if she wants to install > software which depends on it. deskutils/nextcloudclient, for > example. Setting DEFAILT_VERSION+=ssl=openssl is strongly > recommended in this case for consistency. > >2. Handbook says enabling SMTP AUTH requires the following in >make.conf: > > SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL > SENDMAIL_LDFLAGS=-L/usr/local/lib > SENDMAIL_LDADD=-lsasl2 > > However, this variables make the buildworld target to pick up > OpenSSL from ports if installed, not from base, in the middle of > building sendmail. "make buildworld" will always fail. There is > no way to avoid OpenSSL from ports if she wants software such as > deskutils/nextcloudclient. > > This build breakage occurs with sendmail + openssl from ports, not > related to cyrus-sasl2. A shlib mismatch between sendmail and > cyrus-sasl2 in terms of OpenSSL library is another issue. > > I think there are several workaround, but the primary problem is that > people can get confused with instructions in the handbook. I suggest > to update the handbook: > > a) If you do not have security/openssl on your system, set the > following in make.conf and rebuilt the world: > > SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL > SENDMAIL_LDFLAGS=-L/usr/local/lib > SENDMAIL_LDADD=-lsasl2 > > b) If you have security/openssl, sendmail in the base system does not > support SMTP AUTH because of incompatibility with the newer > versions of OpenSSL. Use mail/sendmail from ports. > > I still feel that b) is sub-optimal, but it would be too complex to > make them coexist with each other. The attached patch and putting > SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_* > variables should mitigate the first problem but if > security/cyrus-sasl2 was built with OpenSSL from ports, the shlib > mismatch still occurs. > >-- Hiroki Buildworld should only use libraries in /usr/obj. I've found and fixed these in ntp, Heimdal and amd. Base sendmail build shouldn't use installed libraries or headers. The implications are obvious. -- Pardon the typos and autocorrect, small keyboard in use. Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://www.FreeBSD.org The need of the many outweighs the greed of the few. Sent from my Android device with K-9 Mail. Please excuse my brevity.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0B5BF068-6E2E-48D5-BF68-1A007EBFE9D9>