From owner-freebsd-ports@freebsd.org Thu Oct 27 13:05:09 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92459C22CBA for ; Thu, 27 Oct 2016 13:05:09 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from prod2.absolight.net (prod2.absolight.net [79.143.243.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 533EE91; Thu, 27 Oct 2016 13:05:09 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from prod2.absolight.net (localhost [127.0.0.1]) by prod2.absolight.net (Postfix) with ESMTP id 84702BDD32; Thu, 27 Oct 2016 15:05:06 +0200 (CEST) Received: from ogg.in.absolight.net (ogg.in.absolight.net [79.143.241.239]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by prod2.absolight.net (Postfix) with ESMTPSA id 68CB8BDD34; Thu, 27 Oct 2016 15:05:06 +0200 (CEST) Subject: Re: lighttpd does not pull OpenSSL dependency To: David Demelier References: <201610252214.u9PME6br070248@gw.catspoiler.org> <7fb24c94-1efa-d1b5-9028-8dec8330e543@FreeBSD.org> Cc: Don Lewis , mad@madpilot.net, freebsd-ports@freebsd.org From: Mathieu Arnold Organization: Absolight / The FreeBSD Foundation Message-ID: Date: Thu, 27 Oct 2016 15:05:03 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 13:05:09 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4 Content-Type: multipart/mixed; boundary="NNr7xb9vP6LpsHpk8pXkGxM3BnP5Ffd34"; protected-headers="v1" From: Mathieu Arnold To: David Demelier Cc: Don Lewis , mad@madpilot.net, freebsd-ports@freebsd.org Message-ID: Subject: Re: lighttpd does not pull OpenSSL dependency References: <201610252214.u9PME6br070248@gw.catspoiler.org> <7fb24c94-1efa-d1b5-9028-8dec8330e543@FreeBSD.org> In-Reply-To: --NNr7xb9vP6LpsHpk8pXkGxM3BnP5Ffd34 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Le 27/10/2016 =C3=A0 14:49, David Demelier a =C3=A9crit : > 2016-10-27 11:00 GMT+02:00 Mathieu Arnold : >> Before changing the default, though, I need to change the way GSSAPI i= s >> handled, and create a DEFAULT_VERSIONS+=3Dgssapi=3D >> and change all the ports with the USES=3Dgssapi that gives options to = the >> users. >> But I don't use all of that, so I need help figuring out which should = be >> the default afterwards (it can't be base, because you can't mix base >> heimdal with non base openssl) > I've just tested my lighttpd package into a fresh jail, it has not > installed openssl and the lighttpd binary was using /usr/lib/libssl > from base instead. > > There is indeed something wrong then, because if I install openssl, > lighttpd will use one from /usr/local/lib which is terrible as we have > no guarantee about openssl ABI compatibility. > > I don't know much linker options, but it is possible to make absolute > shared library dependency ? Like -l/usr/lib/libssl.so instead of > -lssl. Will this force lighttpd to use openssl from base? Once you install openssl from ports, the ports framework will use it, always. If you do not want openssl from ports, do not install it. > That's what I dislike in having some software in base and also in > ports. We need to figure out that. Or the best is to avoid having too > much software in base. For example, it's nice to have ssh in base, but > I have no problem if we need to install it in the next years. This > will also have the benefits of more recent versions. Well, openssl should be moved to a private space in base, yes. > By the way, for what openssl is needed in base? With a quick run of ldd in base and a grep of libcrypto and libssl, I get= : /bin/ed /bin/red /lib/libcrypto.so.8 /sbin/hastctl /sbin/hastd /usr/bin/bdes /usr/bin/dc /usr/bin/drill /usr/bin/factor /usr/bin/hxtool /usr/bin/kadmin /usr/bin/kinit /usr/bin/kpasswd /usr/bin/ksu /usr/bin/ntpq /usr/bin/openssl /usr/bin/slogin /usr/bin/ssh-agent /usr/bin/ssh-keygen /usr/bin/ssh /usr/bin/string2key /usr/bin/svnlite /usr/bin/svnlitebench /usr/bin/svnlitemucc /usr/bin/svnliterdump /usr/bin/svnlitesync /usr/bin/telnet /usr/lib/libarchive.so.6 /usr/lib/libbsnmp.so.6 /usr/lib/libfetch.so.6 /usr/lib/libgssapi_krb5.so.10 /usr/lib/libheimntlm.so.11 /usr/lib/libhx509.so.11 /usr/lib/libkrb5.so.11 /usr/lib/libmp.so.7 /usr/lib/libprivateldns.so.5 /usr/lib/libprivatessh.so.5 /usr/lib/libprivateunbound.so.5 /usr/lib/libradius.so.4 /usr/lib/libssl.so.8 /usr/sbin/auditdistd /usr/sbin/hostapd /usr/sbin/kstash /usr/sbin/ktutil /usr/sbin/ntp-keygen /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc /usr/sbin/pkg /usr/sbin/ppp /usr/sbin/sntp /usr/sbin/sshd /usr/sbin/tcpdump /usr/sbin/uefisign /usr/sbin/unbound-anchor /usr/sbin/unbound-control /usr/sbin/unbound /usr/sbin/wpa_supplicant --=20 Mathieu Arnold --NNr7xb9vP6LpsHpk8pXkGxM3BnP5Ffd34-- --V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJYEfuBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85I+vgP/RV+qGrCW1mt0FF1cINQOo/k EjXTAIpoSceKn+712NI2Y5gz5xbQHoqTYygVeWQ4NgF8ogd9MEzmfP/gcjseTviV i2+8ZseR1t6yhEBfUMyPFOeXSaJ1WH8OPH8mR/ecTKNt6m6LF3p1+K7sEz+ooM4l jds4ZbuaCX686EBCYk0rJ3W/qL+VgtHGAEthzR+76FJpkRJWgTi/dDwJLhJA7lOl cYZc64AcSSbIdu8K4q2wtpAjS6IAuqCFmVhuihA0WEC6twEISogTybgpe/f59/XP gi6DjD1c5fjDCksPwXt6Emhw83lZEHO4gqdJAMuWYknx6uIhu/v0uza5zK3BK6Fl aURV7pBRX/OR17df/0eXAJHsZS1I6I8bLB6VVS52lk8VwVQOGSUEb+6C9gnZCHC7 El459g/MHy2GLEFoi2Yh8LUCu6nbW7mtpKgtO1OrTn9CuyfFXkDIsCzEA3ufQ3Qy 6aJD8hf5taXMb1WkuYJQlVRHefotgX35Rb2uFnLUFbKWVJtEf95l7bXWrDB3DTzX uWFLtjWERGC7yUP7gvcKUMtrfBJbrjkqi8QRdQQcxSB7Sk3GRB4WXlqaw7gXb2nz 6D5YdAOsH4hLq7j1PaiyQ227GUH/QtZB8En3YCd7TRBaDigI2NiaGtVh2ctuLnsp wzUK1VAVcc4kAjCA85wu =pbj1 -----END PGP SIGNATURE----- --V5U7rfPG3CPpKoJDANdgIBGJ1joNMrwf4--