Created attachment 158485 [details] patch
Created attachment 158486 [details] Updated patch Added stripping
Created attachment 158487 [details] poudriere log
What am I looking for in the Poudriere log? What does this patch fix? I can build the package just fine on: FreeBSD 9.3-RELEASE-p13 FreeBSD 9.3-RELEASE-p13 #0: Tue Apr 7 03:01:12 UTC 2015 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 and: FreeBSD 10.1-RELEASE-p15 FreeBSD 10.1-RELEASE-p15 #0: Tue Jul 21 18:00:00 UTC 2015 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 and create an encrypted database fine (just tested on the former). Thanks.
It adds missing openssl use. Every library used by the package has to be declared as a dependency. USE_OPENSSL is particularly important because there is the section there with special options for OpenSSL build, where it is taken from (base vs. port), etc. Poudriere log is for committer to be sure nothing is broken.
OK, approved. Thanks!
This doesn't look correct. With LDFLAGS+=-L${LOCALBASE}/lib it will pick openssl from ports if it's installed, otherwise it'll pick openssl from base system, so if ports openssl is installed, dependency list would still be incorrect. LDFLAGS should just be removed.
Ports should never ever link with OpenSSL from the base. USE_OPENSSL=yes is supposed to make port OpenSSL a prerequisite.
(In reply to yuri from comment #7) > Ports should never ever link with OpenSSL from the base. As far as I know, that is the plan, but as of now, only a plan. Ports always link with base openssl by default. > USE_OPENSSL=yes is supposed to make port OpenSSL a prerequisite. It doesn't. WITH_OPENSSL_PORT=yes, it would, but you should not impose unneeded requirements if it works with base openssl.
> It doesn't. WITH_OPENSSL_PORT=yes, it would, but you should not impose unneeded requirements if it works with base openssl. Usually things that work with base SSL are small things. Large projects mostly break. It was an in-depth discussion around May in ports@ ML about this. When poudriere builds the same port, it is more likely to link to the base SSL and crash because of conflicts, compared to the local builds. This is why ports should always link to the ports SSL. If this isn't yet fixed, this is an unfixed bug. Large projects just can't work when some parts are linked to one SSL and some - to another. So you need to choose one or another for all parts.
> Usually things that work with base SSL are small things. Large projects > mostly break. Not true. Currently, whole portstree works with base openssl, and only 2 ports require security/openssl: h2o and nginx-devel > It was an in-depth discussion around May in ports@ ML about this. When > poudriere builds the same port, it is more likely to link to the base SSL > and crash because of conflicts, compared to the local builds. This is why > ports should always link to the ports SSL. If this isn't yet fixed, this is > an unfixed bug. While this is partially true, this is out of scope of this PR. sqlcipher only needs USE_OPENSSL, and no LDFLAGS. If we're going to switch to always using ports' openssl, it should be done in a centralized and atomic way.
Here is the discussion from April: https://lists.freebsd.org/pipermail/freebsd-ports/2015-April/098659.html "There is only one port that will need openssl from base, and it's ports-mgmt/pkg, but it can be a special case." Maybe later they switched to all-base SSL, I didn't follow this issue.
(In reply to yuri from comment #11) > Maybe later they switched to all-base SSL, I didn't follow this issue. Nobody ever switched anything, ports use base openssl as they've ever used. So I'm going to commit this with removed LDFLAGS.
A commit references this bug: Author: amdmi3 Date: Thu Dec 3 12:34:44 UTC 2015 New revision: 402873 URL: https://svnweb.freebsd.org/changeset/ports/402873 Log: - Add dependency on openssl - Strip binaries PR: 201397 Submitted by: yuri@rawbw.com Approved by: jharris@widomaker.com (maintainer) Changes: head/databases/sqlcipher/Makefile