Date: Tue, 03 Mar 2020 07:50:47 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: eugen@grosbein.net, jkim@FreeBSD.org Cc: ume@FreeBSD.org, src-committers@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r358411 - head/contrib/sendmail/src Message-ID: <20200303.075047.1159550404273266246.hrs@FreeBSD.org> In-Reply-To: <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org> References: <fdbf3930-c17e-ba4a-4819-e201590b6c9d@FreeBSD.org> <34373b64-876b-c97c-e805-ffaf3a69dd8b@grosbein.net> <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Tue_Mar__3_07_50_47_2020_490)--" Content-Transfer-Encoding: 7bit ----Next_Part(Tue_Mar__3_07_50_47_2020_490)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Jung-uk Kim <jkim@FreeBSD.org> wrote in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>: jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations jk> > with stock sendmail and SSL support that also has many ports installed including jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken. jk> I am also trying to understand your problem. Which port is specifically jk> requiring new OpenSSL API for you? The problem eugen@ is trying to explain is (correct me if this is wrong): 1. One needs to install OpenSSL from ports if she wants to install software which depends on it. deskutils/nextcloudclient, for example. Setting DEFAILT_VERSION+=ssl=openssl is strongly recommended in this case for consistency. 2. Handbook says enabling SMTP AUTH requires the following in make.conf: SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 However, this variables make the buildworld target to pick up OpenSSL from ports if installed, not from base, in the middle of building sendmail. "make buildworld" will always fail. There is no way to avoid OpenSSL from ports if she wants software such as deskutils/nextcloudclient. This build breakage occurs with sendmail + openssl from ports, not related to cyrus-sasl2. A shlib mismatch between sendmail and cyrus-sasl2 in terms of OpenSSL library is another issue. I think there are several workaround, but the primary problem is that people can get confused with instructions in the handbook. I suggest to update the handbook: a) If you do not have security/openssl on your system, set the following in make.conf and rebuilt the world: SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 b) If you have security/openssl, sendmail in the base system does not support SMTP AUTH because of incompatibility with the newer versions of OpenSSL. Use mail/sendmail from ports. I still feel that b) is sub-optimal, but it would be too complex to make them coexist with each other. The attached patch and putting SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_* variables should mitigate the first problem but if security/cyrus-sasl2 was built with OpenSSL from ports, the shlib mismatch still occurs. -- Hiroki ----Next_Part(Tue_Mar__3_07_50_47_2020_490)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="usr.sbin_sendmail_Makefile.20200303-1.diff" Index: usr.sbin/sendmail/Makefile =================================================================== --- usr.sbin/sendmail/Makefile (revision 358301) +++ usr.sbin/sendmail/Makefile (working copy) @@ -72,3 +72,15 @@ ln -sf ${.ALLSRC} ${.TARGET} .include <bsd.prog.mk> + +# libsasl2 support +.if defined(SASLBASEDIR) && exists(${SASLBASEDIR}) +${OBJS}: libsasl2.so sasl +libsasl2.so: + ln -s -f ${SASLBASEDIR}/lib/libsasl2.so ${.OBJDIR} +sasl: + ln -s -f ${SASLBASEDIR}/include/sasl ${.OBJDIR} +CLEANFILES+=libsasl2.so sasl +LDADD+= -lsasl2 -L. +CFLAGS+= -I. -DSASL +.endif ----Next_Part(Tue_Mar__3_07_50_47_2020_490)---- ----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iMgEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXl2NxxAcaHJzQGZyZWVi c2Qub3JnAAoJENuwfcZvH3N/5uMCCJqncsGovmO6QOBzYZAHzf7LaP5b0x7ZZL0n 4zqvnWr7P4yxvnPIqnVhTr/pb3mlvm8X6gmd/zWa/v8FeLR+qEH/AgjGqNvjP8D9 WQ9ygjfnQNg8nkK8uKCfHyO/Xw/YiMiwUNxyPzPtzonJfTrbtW9mbLo2cyC2zDM/ 4JeUHBpXYBEe9A== =xlZT -----END PGP SIGNATURE----- ----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200303.075047.1159550404273266246.hrs>