Date: Tue, 14 Oct 2003 15:10:57 +0100 From: Matthew Seaman <matthew@cryptosphere.com> To: Toomas Aas <toomas.aas@raad.tartu.ee> Cc: freebsd-questions@freebsd.org Subject: Re: ignoring openssl port Message-ID: <20031014141057.GC47574@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <200310141337.h9EDb32p017988@lv.raad.tartu.ee> References: <200310141337.h9EDb32p017988@lv.raad.tartu.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
--4jXrM3lyYWu4nBt5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Oct 14, 2003 at 04:37:10PM +0300, Toomas Aas wrote:
> Anyway, I tried commenting out the above passage in=20
> /usr/ports/Mk/bsd.port.mk and rebuilding another port which depends on=20
> OpenSSL, namely /usr/ports/ftp/wget. I checked with=20
> ldd /usr/local/bin/wget=20
> before and after installing and this showed that now I indeed have wget=
=20
> linked against /usr/lib/libssl.so.3, whereas before it was linked=20
> against /usr/local/lib/libssl.so.3.
>=20
> Before I try the same with apache13-modssl port, I just wanted to=20
> verify if commenting out the above passage in /usr/ports/Mk/bsd.port.mk=
=20
> can cause any unforeseen damage.
Actually, if your ports are all linked against libssl.so.3 and you
have /usr/lib/libssl.so.3 from the base system, then many of your
ports could well be using the base system version already. Check
using ldd(1) against any likely candidates -- note that when
investigating apache loadable modules ldd will sometimes fail to find
a shared object in the current working directory unless you type eg.
'ldd ./libssl.so' Also check, oh, the ssh(1) binary in the base system
to make sure the converse isn't happening, and it's linking against
stuff under /usr/local.
If you can confirm that all your ports will try and link against the
system libssl.so.3, make sure to test by stopping and restarting
everything as a check that they still do actually run OK using that
shlib. In theory they should just work, but in practice they will
fail to do so unless you assume the worst and test everything
rigourously (Murphy's Law...).
If everything is running happily using the /usr/lib/libssl.so.3
library then you should simply be able to move aside the shlib from
the port (ie. /usr/local/lib/libssl.so.3) and everything will carry on
without problems. Or you can move the existing shlib aside
preemptively (Note: not delete it as that will definitely crash any
application linked against it) and restart all the SSL using
applications to force them to pick up /usr/lib/libssl.so.3. You can
then pkg_deinstall the openssl port (not forgetting removing the
renamed /usr/local/lib/libssl.so.3) and nothing should crash...
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--4jXrM3lyYWu4nBt5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQE/jAPxdtESqEQa7a0RAmwbAJ4im1pGl7zpqYJSbuv5aHH6vnK6lwCeN9E+
MnhxcNFZmwwp2T9SNmDXbvY=
=f/k6
-----END PGP SIGNATURE-----
--4jXrM3lyYWu4nBt5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031014141057.GC47574>