On 3/3/20 6:48 AM, Cy Schubert wrote: > On March 2, 2020 2:50:47 PM PST, Hiroki Sato <h...@freebsd.org> wrote: >> Jung-uk Kim <j...@freebsd.org> wrote >> in <8e60a869-fe1e-9314-ffdc-76ed3e2dc...@freebsd.org>: >> >> jk> > I merely try to understand how to unbreak upgrade path for >> 11.2-STABLE workstations >> jk> > with stock sendmail and SSL support that also has many ports >> installed including >> jk> > ports requiring new openssl API. Because buildworld fails and >> upgrade is broken. >> jk> I am also trying to understand your problem. Which port is >> specifically >> jk> requiring new OpenSSL API for you? >> >> The problem eugen@ is trying to explain is (correct me if this is >> wrong): >> >> 1. One needs to install OpenSSL from ports if she wants to install >> software which depends on it. deskutils/nextcloudclient, for >> example. Setting DEFAILT_VERSION+=ssl=openssl is strongly >> recommended in this case for consistency. >> >> 2. Handbook says enabling SMTP AUTH requires the following in >> make.conf: >> >> SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL >> SENDMAIL_LDFLAGS=-L/usr/local/lib >> SENDMAIL_LDADD=-lsasl2 >> >> However, this variables make the buildworld target to pick up >> OpenSSL from ports if installed, not from base, in the middle of >> building sendmail. "make buildworld" will always fail. There is >> no way to avoid OpenSSL from ports if she wants software such as >> deskutils/nextcloudclient. >> >> This build breakage occurs with sendmail + openssl from ports, not >> related to cyrus-sasl2. A shlib mismatch between sendmail and >> cyrus-sasl2 in terms of OpenSSL library is another issue. >> >> I think there are several workaround, but the primary problem is that >> people can get confused with instructions in the handbook. I suggest >> to update the handbook: >> >> a) If you do not have security/openssl on your system, set the >> following in make.conf and rebuilt the world: >> >> SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL >> SENDMAIL_LDFLAGS=-L/usr/local/lib >> SENDMAIL_LDADD=-lsasl2 >> >> b) If you have security/openssl, sendmail in the base system does not >> support SMTP AUTH because of incompatibility with the newer >> versions of OpenSSL. Use mail/sendmail from ports. >> >> I still feel that b) is sub-optimal, but it would be too complex to >> make them coexist with each other. The attached patch and putting >> SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_* >> variables should mitigate the first problem but if >> security/cyrus-sasl2 was built with OpenSSL from ports, the shlib >> mismatch still occurs. >> >> -- Hiroki > > Buildworld should only use libraries in /usr/obj. I've found and fixed these > in ntp, Heimdal and amd. Base sendmail build shouldn't use installed > libraries or headers. > > The implications are obvious.
While that rule is true in general, the SMTP AUTH bits for base sendmail have always been a special case like this. I switched to postfix several years ago, but prior to that I was doing the same thing on my mail server. I think hrs' new text for the handbook is probably the right answer. -- John Baldwin _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
