[sudo-workers] How to specify prefix for openssl

Todd C. Miller Todd.Miller at sudo.ws
Tue Oct 31 15:09:20 MDT 2023 

On Tue, 31 Oct 2023 17:50:54 -0300, Renato Botelho wrote:

> I'm maintainer of sudo on FreeBSD ports tree and recently user reported 
> a problem [1].
>
> Just to give you some context, FreeBSD has OpenSSL available on its base 
> system, and in this case, on FreeBSD 13.2, it's OpenSSL 1.1.1.  This is 
> installed under /usr prefix.
>
> It's also possible to install another instance of OpenSSL using ports 
> tree, and in this case, version is 3.x.  This is installed under prefix 
> /usr/local and is completely separated from base system.
>
> After investigating this scenario reported by user I noticed that sudo 
> build scripts are linking binaries against openssl 1.1.1:
>
> % ldd 
> /wrkdirs/usr/ports/security/sudo/work/sudo-1.9.15rc1/lib/util/.libs/libsudo_u
> til.so
> /wrkdirs/usr/ports/security/sudo/work/sudo-1.9.15rc1/lib/util/.libs/libsudo_u
> til.so:
>          libcrypto.so.111 => /lib/libcrypto.so.111 (0x2a89c4a15000)
>          libc.so.7 => /lib/libc.so.7 (0x2a89c293f000)
>          libthr.so.3 => /lib/libthr.so.3 (0x2a89c5cee000)
>
> FreeBSD ports build system sets some environment variables like:
>
> OPENSSLBASE=/usr/local
> OPENSSLDIR=/usr/local/openssl
> OPENSSLINC=/usr/local/include
> OPENSSLLIB=/usr/local/lib
> OPENSSLRPATH=/usr/local/lib
>
> But those are not being used by build scripts and it doesn't seem 
> --enable-openssl is designed to accept any parameters.

You can use --enable-openssl=BASEDIR to set base directory but it
will still try to use pkg-config to determine things if possible.

Basically, if BASEDIR is specified, configure will look for a
BASEDIR/*/pkgconfig and build PKG_CONFIG_LIBDIR from that before
calling pkg-config.  If no pkgconfig files are found, configure
will append BASEDIR/lib LDFLAGS and BASEDIR/include to CPPFLAGS.


The logic (in m4/openssl.m4) is somewhat complicated so it is
possible that there is a problem with it.  I've built sudo using
OpenSSL 3.x on OpenBSD but there the pkgconfig files have a different
prefix from those in the base system.

 - todd

More information about the sudo-workers mailing list