I'm working on a port of rbsec/sslscan (github), but running into an
issue where the Ports System is invoking gmake in a way that doesn't
match what the upstream Makefile does. The software has two build
options: build a dynamic-linked version against the system OpenSSL
library, or build a static-linked version against a bundled copy of
OpenSSL 1.1.1-stable. `gmake` gets you the dynamic version, `gmake
static` gets you the static version.
Simple enough, so I put this in the port Makefile:
OPTIONS_DEFINE= STATIC
STATIC_USES_OFF=ssl
STATIC_ALL_TARGET=static
The port does call the static target as expected, but something is going
terribly wrong and the result is polluted CFLAGS and LDFLAGS. An
example is the cc invocation to build the sslscan binary itself. Below
is that call for each of direct/port and static/dynamic build, with
line-breaks added for ease of comparison:
Direct static build:
# gmake static
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-pie -z relro -z now
-L/tmp/scratch/sslscan/openssl/
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/tmp/scratch/sslscan/openssl/include/ -I/tmp/scratch/sslscan/openssl/
-DVERSION=\"2.0.15-static\" sslscan.c -lssl -lcrypto -lz -lpthread
Port build with STATIC on:
# make
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-fstack-protector-strong
-pie -z relro -z now
-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib
-L/opt/local/lib
-pie -z relro -z now
-L/poudriere/ports/default/security/sslscan/work/sslscan-2.0.15/openssl/
-O2 -pipe -fstack-protector-strong -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/usr/local/include -I/usr/local/ssl/include
-I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include
-I/opt/local/include -I/opt/local/include/openssl
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/poudriere/ports/default/security/sslscan/work/sslscan-2.0.15/openssl/include/
-I/poudriere/ports/default/security/sslscan/work/sslscan-2.0.15/openssl/
-DVERSION=\"2.0.15-static\" sslscan.c -lssl -lcrypto -lz -lpthread
Direct dynamic build:
# gmake
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-pie -z relro -z now
-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib
-L/opt/local/lib
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/usr/local/include -I/usr/local/ssl/include
-I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include
-I/opt/local/include -I/opt/local/include/openssl
-DVERSION=\"2.0.15\" sslscan.c -lssl -lcrypto
Port build with STATIC off:
# make
cc -o sslscan
-Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
-Wl,-rpath,/usr/local/lib -fstack-protector-strong
-pie -z relro -z now
-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib
-L/opt/local/lib
-O2 -pipe -fstack-protector-strong -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -std=gnu11
-I/usr/local/include -I/usr/local/ssl/include
-I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include
-I/opt/local/include -I/opt/local/include/openssl
-DVERSION=\"2.0.15\" sslscan.c -lssl -lcrypto
Why is the port doing this and what bits of Makefile do I need to add to
the skeleton to make it behave correctly?
