svn commit: r358411 - head/contrib/sendmail/src

Hiroki Sato hrs at FreeBSD.org
Mon Mar 2 22:52:53 UTC 2020 

Jung-uk Kim <jkim at FreeBSD.org> wrote
  in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081 at FreeBSD.org>:

jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations
jk> > with stock sendmail and SSL support that also has many ports installed including
jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken.
jk> I am also trying to understand your problem.  Which port is specifically
jk> requiring new OpenSSL API for you?

 The problem eugen@ is trying to explain is (correct me if this is
 wrong):

 1. One needs to install OpenSSL from ports if she wants to install
    software which depends on it.  deskutils/nextcloudclient, for
    example.  Setting DEFAILT_VERSION+=ssl=openssl is strongly
    recommended in this case for consistency.

 2. Handbook says enabling SMTP AUTH requires the following in make.conf:

     SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
     SENDMAIL_LDFLAGS=-L/usr/local/lib
     SENDMAIL_LDADD=-lsasl2

    However, this variables make the buildworld target to pick up
    OpenSSL from ports if installed, not from base, in the middle of
    building sendmail.  "make buildworld" will always fail.  There is
    no way to avoid OpenSSL from ports if she wants software such as
    deskutils/nextcloudclient.

 This build breakage occurs with sendmail + openssl from ports, not
 related to cyrus-sasl2.  A shlib mismatch between sendmail and
 cyrus-sasl2 in terms of OpenSSL library is another issue.

 I think there are several workaround, but the primary problem is that
 people can get confused with instructions in the handbook.  I suggest
 to update the handbook:

 a) If you do not have security/openssl on your system, set the
    following in make.conf and rebuilt the world:

     SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
     SENDMAIL_LDFLAGS=-L/usr/local/lib
     SENDMAIL_LDADD=-lsasl2

 b) If you have security/openssl, sendmail in the base system does not
    support SMTP AUTH because of incompatibility with the newer
    versions of OpenSSL.  Use mail/sendmail from ports.

 I still feel that b) is sub-optimal, but it would be too complex to
 make them coexist with each other.  The attached patch and putting
 SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_*
 variables should mitigate the first problem but if
 security/cyrus-sasl2 was built with OpenSSL from ports, the shlib
 mismatch still occurs.

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.sbin_sendmail_Makefile.20200303-1.diff
Type: text/x-patch
Size: 578 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20200303/365e8f0c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 342 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20200303/365e8f0c/attachment.sig>

More information about the svn-src-head mailing list