Date: Tue, 03 Mar 2020 07:50:47 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: eugen@grosbein.net, jkim@FreeBSD.org Cc: ume@FreeBSD.org, src-committers@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r358411 - head/contrib/sendmail/src Message-ID: <20200303.075047.1159550404273266246.hrs@FreeBSD.org> In-Reply-To: <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org> References: <fdbf3930-c17e-ba4a-4819-e201590b6c9d@FreeBSD.org> <34373b64-876b-c97c-e805-ffaf3a69dd8b@grosbein.net> <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)--
Content-Type: Multipart/Mixed;
boundary="--Next_Part(Tue_Mar__3_07_50_47_2020_490)--"
Content-Transfer-Encoding: 7bit
----Next_Part(Tue_Mar__3_07_50_47_2020_490)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Jung-uk Kim <jkim@FreeBSD.org> wrote
in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081@FreeBSD.org>:
jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations
jk> > with stock sendmail and SSL support that also has many ports installed including
jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken.
jk> I am also trying to understand your problem. Which port is specifically
jk> requiring new OpenSSL API for you?
The problem eugen@ is trying to explain is (correct me if this is
wrong):
1. One needs to install OpenSSL from ports if she wants to install
software which depends on it. deskutils/nextcloudclient, for
example. Setting DEFAILT_VERSION+=ssl=openssl is strongly
recommended in this case for consistency.
2. Handbook says enabling SMTP AUTH requires the following in make.conf:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
However, this variables make the buildworld target to pick up
OpenSSL from ports if installed, not from base, in the middle of
building sendmail. "make buildworld" will always fail. There is
no way to avoid OpenSSL from ports if she wants software such as
deskutils/nextcloudclient.
This build breakage occurs with sendmail + openssl from ports, not
related to cyrus-sasl2. A shlib mismatch between sendmail and
cyrus-sasl2 in terms of OpenSSL library is another issue.
I think there are several workaround, but the primary problem is that
people can get confused with instructions in the handbook. I suggest
to update the handbook:
a) If you do not have security/openssl on your system, set the
following in make.conf and rebuilt the world:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
b) If you have security/openssl, sendmail in the base system does not
support SMTP AUTH because of incompatibility with the newer
versions of OpenSSL. Use mail/sendmail from ports.
I still feel that b) is sub-optimal, but it would be too complex to
make them coexist with each other. The attached patch and putting
SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_*
variables should mitigate the first problem but if
security/cyrus-sasl2 was built with OpenSSL from ports, the shlib
mismatch still occurs.
-- Hiroki
----Next_Part(Tue_Mar__3_07_50_47_2020_490)--
Content-Type: Text/X-Patch; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="usr.sbin_sendmail_Makefile.20200303-1.diff"
Index: usr.sbin/sendmail/Makefile
===================================================================
--- usr.sbin/sendmail/Makefile (revision 358301)
+++ usr.sbin/sendmail/Makefile (working copy)
@@ -72,3 +72,15 @@
ln -sf ${.ALLSRC} ${.TARGET}
.include <bsd.prog.mk>
+
+# libsasl2 support
+.if defined(SASLBASEDIR) && exists(${SASLBASEDIR})
+${OBJS}: libsasl2.so sasl
+libsasl2.so:
+ ln -s -f ${SASLBASEDIR}/lib/libsasl2.so ${.OBJDIR}
+sasl:
+ ln -s -f ${SASLBASEDIR}/include/sasl ${.OBJDIR}
+CLEANFILES+=libsasl2.so sasl
+LDADD+= -lsasl2 -L.
+CFLAGS+= -I. -DSASL
+.endif
----Next_Part(Tue_Mar__3_07_50_47_2020_490)----
----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iMgEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXl2NxxAcaHJzQGZyZWVi
c2Qub3JnAAoJENuwfcZvH3N/5uMCCJqncsGovmO6QOBzYZAHzf7LaP5b0x7ZZL0n
4zqvnWr7P4yxvnPIqnVhTr/pb3mlvm8X6gmd/zWa/v8FeLR+qEH/AgjGqNvjP8D9
WQ9ygjfnQNg8nkK8uKCfHyO/Xw/YiMiwUNxyPzPtzonJfTrbtW9mbLo2cyC2zDM/
4JeUHBpXYBEe9A==
=xlZT
-----END PGP SIGNATURE-----
----Security_Multipart0(Tue_Mar__3_07_50_47_2020_142)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200303.075047.1159550404273266246.hrs>