Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Jul 2016 13:03:39 -0700
From:      Kevin Oberman <rkoberman@gmail.com>
To:        Euan Thoms <euan@potensol.com>
Cc:        Jim Ohlstein <jim@ohlste.in>, FreeBSD Ports Mailing List <freebsd-ports@freebsd.org>
Subject:   Re: curl and nginx no longer build on same host
Message-ID:  <CAN6yY1ux6hC5z%2Bzr_1aub1uOuAr5-tT%2BpTZCqdUNEqz66Xa4XQ@mail.gmail.com>
In-Reply-To: <7c85-578d3200-1d-6b8b4580@130332282>
References:  <e7b59cb6-d52d-b558-0bc0-f3f0610841a9@ohlste.in> <7c85-578d3200-1d-6b8b4580@130332282>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 18, 2016 at 12:45 PM, Euan Thoms <euan@potensol.com> wrote:

>
> On Saturday, July 16, 2016 20:43 SGT, Jim Ohlstein <jim@ohlste.in> wrote:
>
> > Hello,
> >
> > On 7/15/16 11:41 PM, Euan Thoms wrote:
> > >
> > > Yes. I've used ssl=openssl and ssl=libressl in make.conf, no luck with
> either. The bottom line is ftp/curl with default port options does not want
> to build against openssl or libressl from ports. And it doesn't want to try
> and use the base openssl either.
> > >
> > > Your point about the port options for http2 requiring the ports
> version of openssl is valid. But this happens when the default options for
> both ports are used. I could accept my manual workaround if I had changed
> the default port options on either of the two ports. But default port
> options should build together.
> > >
> > > I suppose this has only come about on this upgrade cycle because nginx
> port now has http2 on by default?
> >
> > As of version 1.10.0 it appears http2 is selected by default. It has
> > been the default in www/nginx-devel for some time. it is not the default
> > for ftp/curl:
> >
> > OPTIONS_DEFAULT=    CA_BUNDLE COOKIES OPENSSL PROXY RESOLV
> > THREADED_RESOLVER TLS_SRP
> >
> > My /etc/make.conf has the following:
> >
> > WITH_OPENSSL_PORT=yes
> >
> > That will force ftp/curl (and all ports) to build against the openssl
> > port. If I understand correctly, that is about to become the default
> > behavior for all ports at some time in the not so distant future, or at
> > least it has been proposed.
> >
>
> OK, I understand. And I'm glad we're heading somewhere where we will have
> more consistency. I just feel that we shouldn't need anything in
> /etc/make.conf unless we are exerting some extra control and using
> non-default options. I've managed to get away without anything in
> /etc/make.conf on all my jails, collectively they install quite a range of
> software types.
>
> Are you sure that WITH_OPENSSL_PORT isn't deprecated. I got some warnings
> to that effect. So I've been using USES+=ssl=openssl instead. Perhaps
> that's part of the problem, maybe the ftp/curl port is still using the
> older make.conf flag. I'll try it next time I update.
>
> Thanks Jim.
>
> --
> Regards, Euan Thoms
>

Yes and no. WITH_OPENSSL_PORT in make,conf has been deprecated. It should
still work, but you should update to the new syntax. If you do use it, you
should see the following:
"Using WITH_OPENSSL_PORT in make.conf is deprecated, replace it with
DEFAULT_VERSIONS+=ssl=openssl in your make.conf"

To avoid conflicting SSL libraries in different ports, it is bast to put
the "DEFAULT_VERSIONS+=ssl=openssl" in /etc/make.conf. If you use base
OpsnSSL in some ports that create shareable libraries and the ports version
in others, you will eventually hit an executable, possibly from a third
port, that is linked to both and those programs will not run.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1ux6hC5z%2Bzr_1aub1uOuAr5-tT%2BpTZCqdUNEqz66Xa4XQ>