Re: problem with poudriere && port ftp/curl

From: Kevin Oberman <rkoberman_at_gmail.com>
Date: Sat, 12 Aug 2023 00:11:54 UTC
On Fri, Aug 11, 2023 at 3:00 PM Jan Beich <jbeich@freebsd.org> wrote:

> Matthias Apitz <guru@unixarea.de> writes:
>
> > I have the following problem with poudriere on 14-CURRENT and ports from
> > git head: every time when I start poudriere-bulk it removes a port
> > already compile fine (and all its dependent ports) with the message:
> >
> > ...
>
> > The difference seems to be +/-GSSAPI_BASE and +/-GSSAPI_NONE.
> > I have not set anything about
> > this in the port's options or jail's make.conf.
> >
> > What can I do to fix this?
>
> Maybe poudriere is confused by GSSAPI_${${SSL_DEFAULT} == base :?BASE
> :NONE}
> in OPTIONS_DEFAULT due ssl!=base in DEFAULT_VERSIONS via make.conf(5).
> Try filing a bug against ftp/curl.
>
> $ env -i __MAKE_CONF= PORT_DBDIR=/var/empty make -V
> '${OPTIONS_DEFAULT:M*GSS*}'
> GSSAPI_BASE
> $ env -i __MAKE_CONF= PORT_DBDIR=/var/empty DEFAULT_VERSIONS=ssl=openssl
> make -V '${OPTIONS_DEFAULT:M*GSS*}'
> GSSAPI_NONE
>
> See also
> https://cgit.freebsd.org/ports/diff/ftp/curl/Makefile?id=6d324c1f70c9
>
> I can't reproduce on -CURRENT when only using base OpenSSL 3.0.
>

There are several ports with this problem. Since VirtualBox (and
libvncserver) need openssl31, I now delete openssl31, upgrade ports as
required, and then "package add
/usr/ports/packages/All/openssl31-3.1.2.pkg" when finished.

Just today I hit openldap-client trying to use openssl31 even though
make.conf does not define it as default. Several other ports also don't
honor the fairly new USES=openssl and, if they find an openssl installed,
will use it. Since Aug. 1, I have had several other ports hit this issue.
You really, really don't want ports using openssl31 unless you are sure
that they or any port which they depend on are also using openssl31. If you
get shareable libraries with conflicts, it is a pain to clean them up.
Maybe a message to all committers that they need to be sure that
OPENSSLBASE is not used without USES=openssl. (At least I believe that is
the case.)


-- 
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683