This is failing to build for me on amd64 FreeBSD 13.2 using Poudriere. It appears to be related to OpenSSL 3 being pulled in from a dependency. Most likely sssd or OpenLDAP. Relevant build log output: [00:04:07] /bin/sh ../libtool --tag=disable-static --mode=link cc -o sudo_sendlog logsrv_util.o sendlog.o tls_client.o tls_init.o -lgcc -fstack-protector-strong -Wl,--enable-new-dtags -Wl,--allow-multiple-definition -Wc,-fstack-protector-strong -Wc,-fstack-clash-protection -Wc,-fcf-protection -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la ../lib/protobuf-c/libprotobuf-c.la -lssl -lcrypto [00:04:09] libtool: link: cc -o .libs/sudo_sendlog logsrv_util.o sendlog.o tls_client.o tls_init.o -fstack-protector-strong -Wl,--enable-new-dtags -Wl,--allow-multiple-definition -fstack-protector-strong -fstack-clash-protection -fcf-protection -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-z -Wl,noexecstack ../lib/iolog/.libs/libsudo_iolog.a -lz ../lib/eventlog/.libs/libsudo_eventlog.a /wrkdirs/usr/ports/security/sudo/work/sudo-1.9.14p3/lib/util/.libs/libsudo_util.so ../lib/logsrv/.libs/liblogsrv.a ../lib/protobuf-c/.libs/libprotobuf-c.a -lssl -lgcc -lcrypto -Wl,-rpath -Wl,/usr/local/libexec/sudo [00:04:09] ld: error: /wrkdirs/usr/ports/security/sudo/work/sudo-1.9.14p3/lib/util/.libs/libsudo_util.so: undefined reference to EVP_MD_get_size [--no-allow-shlib-undefined] [00:04:09] cc: error: linker command failed with exit code 1 (use -v to see invocation) Compile time option file: # This file is auto-generated by 'make config'. # Options for sudo-1.9.14p2 _OPTIONS_READ=sudo-1.9.14p2 _FILE_COMPLETE_OPTIONS_LIST=AUDIT DISABLE_AUTH DISABLE_ROOT_SUDO DOCS EXAMPLES INSULTS LDAP NLS NOARGS_SHELL OPIE PAM PYTHON GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT SSSD SSSD_DEVEL OPTIONS_FILE_SET+=AUDIT OPTIONS_FILE_UNSET+=DISABLE_AUTH OPTIONS_FILE_UNSET+=DISABLE_ROOT_SUDO OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=INSULTS OPTIONS_FILE_SET+=LDAP OPTIONS_FILE_UNSET+=NLS OPTIONS_FILE_UNSET+=NOARGS_SHELL OPTIONS_FILE_UNSET+=OPIE OPTIONS_FILE_SET+=PAM OPTIONS_FILE_UNSET+=PYTHON OPTIONS_FILE_UNSET+=GSSAPI_BASE OPTIONS_FILE_UNSET+=GSSAPI_HEIMDAL OPTIONS_FILE_UNSET+=GSSAPI_MIT OPTIONS_FILE_SET+=SSSD OPTIONS_FILE_UNSET+=SSSD_DEVEL
(In reply to tburns from comment #0) Are you building sudo 1.9.14p3? I tried the OPTIONS combination you mentioned and it built fine without installing openssl as a dependency https://idaho.arrakis.com.br/build.html?mastername=13-amd64-default&build=2023-10-27_08h22m36s
(In reply to Renato Botelho from comment #1) WOW! Thanks for the fast response! Yes 1.9.14p3. Here is the poudriere build environment: [00:00:18] =>> Building security/sudo [00:00:18] build started at Thu Oct 26 10:28:25 EDT 2023 [00:00:18] port directory: /usr/ports/security/sudo [00:00:18] package name: sudo-1.9.14p3 [00:00:18] building for: FreeBSD repo2.hrsd.com 13.2-RELEASE-p4 FreeBSD 13.2-RELEASE-p4 amd64 [00:00:18] maintained by: garga@FreeBSD.org [00:00:18] Makefile ident: [00:00:18] Poudriere version: 3.3.7_4 [00:00:18] Host OSVERSION: 1302001 [00:00:18] Jail OSVERSION: 1302001 [00:00:18] Job Id: 02 [00:00:18] [00:00:18] ---Begin Environment--- [00:00:18] SHELL=/bin/csh [00:00:18] OSVERSION=1302001 [00:00:18] UNAME_v=FreeBSD 13.2-RELEASE-p4 [00:00:18] UNAME_r=13.2-RELEASE-p4 [00:00:18] BLOCKSIZE=K [00:00:18] MAIL=/var/mail/root [00:00:18] MM_CHARSET=UTF-8 [00:00:18] LANG=C.UTF-8 [00:00:18] STATUS=1 [00:00:18] HOME=/root [00:00:18] PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin [00:00:18] LOCALBASE=/usr/local [00:00:18] USER=root [00:00:18] LIBEXECPREFIX=/usr/local/libexec/poudriere [00:00:18] POUDRIERE_VERSION=3.3.7_4 [00:00:18] MASTERMNT=/repos/poudriere/data/.m/132-default/ref [00:00:18] POUDRIERE_BUILD_TYPE=bulk [00:00:18] PACKAGE_BUILDING=yes [00:00:18] SAVED_TERM=xterm-256color [00:00:18] GID=0 [00:00:18] UID=0 [00:00:18] PWD=/repos/poudriere/data/.m/132-default/ref/.p/pool [00:00:18] P_PORTS_FEATURES=FLAVORS SELECTED_OPTIONS [00:00:18] MASTERNAME=132-default [00:00:18] SCRIPTPREFIX=/usr/local/share/poudriere [00:00:18] OLDPWD=/repos/poudriere/data/.m/132-default/ref/.p [00:00:18] SCRIPTPATH=/usr/local/share/poudriere/bulk.sh [00:00:18] POUDRIEREPATH=/usr/local/bin/poudriere [00:00:18] ---End Environment--- [00:00:18] [00:00:18] ---Begin Poudriere Port Flags/Env--- [00:00:18] PORT_FLAGS= [00:00:18] PKGENV= [00:00:18] FLAVOR= [00:00:18] DEPENDS_ARGS= [00:00:18] MAKE_ARGS= [00:00:18] ---End Poudriere Port Flags/Env--- Here is my make.conf: DEFAULT_VERSIONS= ssl=openssl pgsql=14 php=8.2 samba=4.13 python=3.9 python3=3.9 mysql=10.5m ruby=3.2 DEFAULT_SSL=openssl SUDO_LDAP_CONF=sudo-ldap.conf PYTHON_EXEC_PREFIX=/usr/local DEFAULT_OPENLDAP_VER=26 ALLOW_UNSUPPORTED_SYSTEM=yes
(In reply to tburns from comment #2) I managed to reproduce the problem. sudo build scripts are linking binaries against openssl from base (1.1.1) instead of 3.x. I started a discussion upstream about it
Created attachment 246031 [details] Fix build with ports openssl Can you please try attached patch? It seems to work on my tests
(In reply to Renato Botelho from comment #4) [00:00:06] [01] [00:00:00] Building security/sudo | sudo-1.9.14p3_1 [00:01:22] [01] [00:01:16] Finished security/sudo | sudo-1.9.14p3_1: Success That worked. It seems to be integrating with sssd/ldap as expected too. Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=dbc4e4daf752173acb868fc595ae9fa42f972aef commit dbc4e4daf752173acb868fc595ae9fa42f972aef Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2023-10-31 22:07:56 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2023-11-01 12:00:24 +0000 security/sudo: Fix build with openssl from ports Since SSL support is being changed and sudo can be built without it, add a new SSL option, on by default. When option is enabled, use --enable-openssl=${OPENSSLBASE} to make sure it consumes desired OpenSSL implementation. Also add pkgconfig dependency because configure script rely on it to detect openssl details. PR: 274753 Reported by: tburns@hrsd.com Sponsored by: Rubicon Communications, LLC ("Netgate") security/sudo/Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)
A commit in branch 2023Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=005d8c15b8027330dd27d66caaf97dc8a85f034a commit 005d8c15b8027330dd27d66caaf97dc8a85f034a Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2023-10-31 22:07:56 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2023-11-01 12:08:44 +0000 security/sudo: Fix build with openssl from ports Since SSL support is being changed and sudo can be built without it, add a new SSL option, on by default. When option is enabled, use --enable-openssl=${OPENSSLBASE} to make sure it consumes desired OpenSSL implementation. Also add pkgconfig dependency because configure script rely on it to detect openssl details. PR: 274753 Reported by: tburns@hrsd.com Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit dbc4e4daf752173acb868fc595ae9fa42f972aef) security/sudo/Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-)