88825 – Wrong OPENSSL_SHLIBVER in bsd.openssl.mk in FreeBSD 6.0

Bug 88825 - Wrong OPENSSL_SHLIBVER in bsd.openssl.mk in FreeBSD 6.0

Summary: Wrong OPENSSL_SHLIBVER in bsd.openssl.mk in FreeBSD 6.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Dirk Meyer

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-11-11 03:00 UTC by Diane Bruce
Modified:	2005-11-12 04:13 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Diane Bruce 2005-11-11 03:00:28 UTC

	The default OPENSSL_SHLIBVER assigned/used results in
	ports depending on openssl to mistakenly recompile the port
	and try to reinstall it, which results in the port failing.
	bsd.openssl.mk uses a version of libcrypto.so which is not
	the one installed.

	Presumably I am missing one of the WITH_OPENSSL_* options
	somewhere, but it still should not break like this.

Fix: 

I am not familiar enough with the script or the intent to
	suggest the definitive fix. However, here is a diff that works
	for me.

# diff bsd.openssl.mk.orig bsd.openssl.mk.fixed
123c123
< OPENSSL_SHLIBVER?=    4
---
> OPENSSL_SHLIBVER?=    3
How-To-Repeat: 	portupgrade -a did it for me, any port that depends on openssl.

Comment 1 Edwin Groothuis freebsd_committer

2005-11-11 03:52:39 UTC

Responsible Changed
From-To: freebsd-ports-bugs->dinoex

Over to maintainer

Comment 2 Dirk Meyer freebsd_committer

2005-11-11 03:56:06 UTC

State Changed
From-To: open->feedback


1) Please use unified diffs. 

2) I can't reproduce the problem. 

3) Do you use 6.0-RELEASE or 6.0-STABLE ? 

4) what version if your bsd.openssl.mk? 

it should be: 
# $FreeBSD: ports/Mk/bsd.openssl.mk,v 1.27 2005/11/08 08:44:33 dinoex Exp $

Comment 3 dirk.meyer 2005-11-11 15:44:50 UTC

> > 1) Please use unified diffs.
> 
> Normally I do, this was not meant to be a fix only a convenient way
> to show where the problem was spotted. As I stated, I am not familiar
> enough with the scripts to give a proper definitive fix. I will do
> an unified diff if you still need one for a one line change.

The change is simple, but we have mutiple lines with:
-OPENSSL_SHLIBVER?=     4
so it was not clear which context this was.

> Look at line 114 of bsd.openssl.mk
> 
> the default is with WITH_OPENSSL_BETA and WITH_OPENSSL_STABLE undefined
> we set OPENSSL_SHLIBVER to 4 so bsd.openssl.mk is expecting the
> default libcrypto.so to be libcrypto.so.4

Only on systems not running RELENG_6_0

at line 52 is set:
WITH_OPENSSL_STABLE=yes
OPENSSL_PORT?=          security/openssl

and this wil uses OPENSSL_SHLIBVER=3 in the "WITH_OPENSSL_STABLE" part.

> The culprit looks to me to be at line 13 of the openssl Makefile
> 
> .if ( ${OSVERSION6} >= 600000 ) && ( ${OSVERSION6} < 600100 )
> WITH_OPENSSL_097=       yes
> .endif

This was requested by kris.

> And at this point I am also confused. ;-)
> What OSVERSION6 are you seeing?
> Do you have either WITH_OPENSSL_BETA or WITH_OPENSSL_STABLE defined
> somewhere?

as stated above ...

> Can you tell me what you have installed for openssl on your FreeBSD 6 system?
> >
> > 3) Do you use 6.0-RELEASE or 6.0-STABLE ?
> 
> I installed from an ISO 6.0-RELEASE but I am cvsupping to
> 
> *default  tag=RELENG_6_0
> 
> I've not yet rebuilt my kernel.

enter any portdir: e.g security/openssl and do:
$ make -V OSVERSION

> # $FreeBSD: ports/Mk/bsd.openssl.mk,v 1.27 2005/11/08 08:44:33 dinoex Exp $

this is good.

maybe your portindex ist outdated.


1) if you have OSVERSION < 600100 you will have
   openssl-0.9.7* and libssl.so.3
else you get
   openssl-0.9.8* and libssl.so.4

I assume that problem you have seen is already fixed in 1.27,
so please try again.

When the reistall ocurs again,
which version _is_ installed sucessfully,
and which version _trys_ the port to install?

RELENG_6_0 will fail,
if you have already openssl-0.9.8* installed.
Then you have either deinstall the port,
oder set WITH_OPENSSL_BEAT=yes in /etc/make.conf.

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org]

Comment 4 Diane Bruce 2005-11-11 20:56:17 UTC

> The change is simple, but we have mutiple lines with:
> -OPENSSL_SHLIBVER?=     4
> so it was not clear which context this was.

Yes, but the original diff *gave* the line number, I assumed that would
be clear from inspection.

# diff bsd.openssl.mk.orig bsd.openssl.mk.fixed
123c123
^^^ line 123 change

No matter. ;-)

> > Look at line 114 of bsd.openssl.mk
> >
> > the default is with WITH_OPENSSL_BETA and WITH_OPENSSL_STABLE undefined
> > we set OPENSSL_SHLIBVER to 4 so bsd.openssl.mk is expecting the
> > default libcrypto.so to be libcrypto.so.4

> Only on systems not running RELENG_6_0

Absolutely no disagreement here.

> at line 52 is set:
> WITH_OPENSSL_STABLE=yes
> OPENSSL_PORT?=          security/openssl

> and this wil uses OPENSSL_SHLIBVER=3 in the "WITH_OPENSSL_STABLE" part.

Right.

>> The culprit looks to me to be at line 13 of the openssl Makefile
>>
>> .if ( ${OSVERSION6} >= 600000 ) && ( ${OSVERSION6} < 600100 )
>> WITH_OPENSSL_097=       yes
>> .endif

> This was requested by kris.

Fair enough.

> maybe your portindex ist outdated.

No


> 1) if you have OSVERSION < 600100 you will have
>    openssl-0.9.7* and libssl.so.3
> else you get
>    openssl-0.9.8* and libssl.so.4

Correct. I saw that as well.

> I assume that problem you have seen is already fixed in 1.27,
> so please try again.

> When the reistall ocurs again,
> which version _is_ installed sucessfully,
> and which version _trys_ the port to install?

No, the problem is not fixed in /usr/ports/Mk/bsd.openssl.mk

The problem as I said at the beginning is, what bsd.openssl.mk wants
to see as /usr/local/lib/libcrypto.so.n and what /usr/ports/security/openssl
is installing do not agree. One or the other is wrong. As it stands now,
my /usr/ports/Mk/bsd/openssl.mk is expecting to see
/usr/local/lib/libcrypto.so.4 /usr/ports/security/openssl is installing
libcrypto.so.3 as you and I have both confirmed. Fine. So, logically it must
be /usr/ports/Mk/bsd.openssl.mk that is broken now.

> RELENG_6_0 will fail,
> if you have already openssl-0.9.8* installed.

Never had openssl-0.9.8* installed except temporarily playing
with this mess.

> Then you have either deinstall the port,
> oder set WITH_OPENSSL_BEAT=yes in /etc/make.conf.

Right.

To demonstrate the bug I am seeing, I try a *make* of tinyca which
depends on openssl. It gets this dependancy via bsd.openssl.mk

# cd tinyca
# make
===>  Vulnerability check disabled, database not found
=> tinyca2-0.7.0.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://tinyca.sm-zone.net/.
tinyca2-0.7.0.tar.bz2                         100% of  101 kB   56 kBps
===>  Extracting for tinyca-0.7.0
=> MD5 Checksum OK for tinyca2-0.7.0.tar.bz2.
=> No SHA256 checksum recorded for tinyca2-0.7.0.tar.bz2.
===>   tinyca-0.7.0 depends on file: /usr/local/bin/perl5.8.7 - found
===>  Patching for tinyca-0.7.0
===>   tinyca-0.7.0 depends on file: /usr/local/bin/perl5.8.7 - found
===>  Applying FreeBSD patches for tinyca-0.7.0
===>   tinyca-0.7.0 depends on file: /usr/local/lib/libcrypto.so.4 - not found
^^^^
bsd.openssl.mk wants libcrypto.so.4

ports/openssl is installing libcrypto.so.3

===>    Verifying install for /usr/local/lib/libcrypto.so.4 in /usr/ports/security/openssl

So modifying bsd.openssl.mk in /usr/ports/Mk to *match* the logic
in /usr/ports/openssl

--- bsd.openssl.mk.orig Thu Nov 10 03:10:30 2005
+++ bsd.openssl.mk      Fri Nov 11 15:50:48 2005
@@ -46,12 +46,10 @@
 WITH_OPENSSL_STABLE=yes
 .endif

-.if defined(WITH_OPENSSL_PORT)
 .if !defined(WITHOUT_OPENSSL_097) && !defined(WITH_OPENSSL_BETA)
 .if ( ${OSVERSION} >= 600000 ) && ( ${OSVERSION} < 600100 )
 WITH_OPENSSL_STABLE=yes
 OPENSSL_PORT?=         security/openssl
-.endif
 .endif
 .endif

Works like a charm.
bsd.openssl.mk then expects to see libcrypto.so.3 and the make in tinyca
works fine.

So. I would suggest the proper fix is something like this:

--- bsd.openssl.mk.orig Thu Nov 10 03:10:30 2005
+++ bsd.openssl.mk      Fri Nov 11 15:54:47 2005
@@ -46,6 +46,10 @@
 WITH_OPENSSL_STABLE=yes
 .endif

+.if !(WITH_OPENSSL_PORT) || !defined(WITH_OPENSSL_BASE)
+.error Need either WITH_OPENSSL_PORT or WITH_OPENSSL_BASE defined
+.endif
+
 .if defined(WITH_OPENSSL_PORT)
 .if !defined(WITHOUT_OPENSSL_097) && !defined(WITH_OPENSSL_BETA)
 .if ( ${OSVERSION} >= 600000 ) && ( ${OSVERSION} < 600100 )


One or the other WITH_OPENSSL_PORT or WITH_OPENSSL_PORT *has* to
be defined somewhere. I would assume in /etc/make.conf

comments?

Best wishes..

--
- db@db.net http://www.db.net/~db

Comment 5 dirk.meyer 2005-11-11 21:57:03 UTC

Diane Bruce schrieb:,

>  > When the reistall ocurs again,
>  > which version _is_ installed sucessfully,
>  > and which version _trys_ the port to install?
>  
>  No, the problem is not fixed in /usr/ports/Mk/bsd.openssl.mk
  
I found the combination you hit ...

>  So. I would suggest the proper fix is something like this:

>  One or the other WITH_OPENSSL_PORT or WITH_OPENSSL_PORT *has* to
>  be defined somewhere. I would assume in /etc/make.conf

I assumed the worn oder of definitions.
I mived the check down wehre it belongs and verified that
it is now picking up the correct version.

Thanks for your help.

kind regards Dirk

- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
- [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org]

Comment 6 Dirk Meyer freebsd_committer

2005-11-12 04:13:02 UTC

State Changed
From-To: feedback->closed

Fix committed, thanks.