[sudo-workers] How to specify prefix for openssl
Renato Botelho
garga at FreeBSD.org
Tue Oct 31 16:17:51 MDT 2023
On 31/10/23 18:09, Todd C. Miller via sudo-workers wrote:
> On Tue, 31 Oct 2023 17:50:54 -0300, Renato Botelho wrote:
>
>> I'm maintainer of sudo on FreeBSD ports tree and recently user reported
>> a problem [1].
>>
>> Just to give you some context, FreeBSD has OpenSSL available on its base
>> system, and in this case, on FreeBSD 13.2, it's OpenSSL 1.1.1. This is
>> installed under /usr prefix.
>>
>> It's also possible to install another instance of OpenSSL using ports
>> tree, and in this case, version is 3.x. This is installed under prefix
>> /usr/local and is completely separated from base system.
>>
>> After investigating this scenario reported by user I noticed that sudo
>> build scripts are linking binaries against openssl 1.1.1:
>>
>> % ldd
>> /wrkdirs/usr/ports/security/sudo/work/sudo-1.9.15rc1/lib/util/.libs/libsudo_u
>> til.so
>> /wrkdirs/usr/ports/security/sudo/work/sudo-1.9.15rc1/lib/util/.libs/libsudo_u
>> til.so:
>> libcrypto.so.111 => /lib/libcrypto.so.111 (0x2a89c4a15000)
>> libc.so.7 => /lib/libc.so.7 (0x2a89c293f000)
>> libthr.so.3 => /lib/libthr.so.3 (0x2a89c5cee000)
>>
>> FreeBSD ports build system sets some environment variables like:
>>
>> OPENSSLBASE=/usr/local
>> OPENSSLDIR=/usr/local/openssl
>> OPENSSLINC=/usr/local/include
>> OPENSSLLIB=/usr/local/lib
>> OPENSSLRPATH=/usr/local/lib
>>
>> But those are not being used by build scripts and it doesn't seem
>> --enable-openssl is designed to accept any parameters.
>
> You can use --enable-openssl=BASEDIR to set base directory but it
> will still try to use pkg-config to determine things if possible.
>
> Basically, if BASEDIR is specified, configure will look for a
> BASEDIR/*/pkgconfig and build PKG_CONFIG_LIBDIR from that before
> calling pkg-config. If no pkgconfig files are found, configure
> will append BASEDIR/lib LDFLAGS and BASEDIR/include to CPPFLAGS.
>
>
> The logic (in m4/openssl.m4) is somewhat complicated so it is
> possible that there is a problem with it. I've built sudo using
> OpenSSL 3.x on OpenBSD but there the pkgconfig files have a different
> prefix from those in the base system.
I've added pkg-config as a build dependency and added
--enable-openssl=${OPENSSLBASE} to the port Makefile and it seems to fix
the problem.
Thanks!
--
Renato Botelho
More information about the sudo-workers
mailing list