svn commit: r358411 - head/contrib/sendmail/src

Mon Mar 2 23:24:15 UTC 2020

On 20. 3. 2., Hiroki Sato wrote:
> Jung-uk Kim <jkim at FreeBSD.org> wrote
>   in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081 at FreeBSD.org>:
> 
> jk> > I merely try to understand how to unbreak upgrade path for 11.2-STABLE workstations
> jk> > with stock sendmail and SSL support that also has many ports installed including
> jk> > ports requiring new openssl API. Because buildworld fails and upgrade is broken.
> jk> I am also trying to understand your problem.  Which port is specifically
> jk> requiring new OpenSSL API for you?
> 
>  The problem eugen@ is trying to explain is (correct me if this is
>  wrong):
> 
>  1. One needs to install OpenSSL from ports if she wants to install
>     software which depends on it.  deskutils/nextcloudclient, for
>     example.  Setting DEFAILT_VERSION+=ssl=openssl is strongly
>     recommended in this case for consistency.
> 
>  2. Handbook says enabling SMTP AUTH requires the following in make.conf:
> 
>      SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
>      SENDMAIL_LDFLAGS=-L/usr/local/lib
>      SENDMAIL_LDADD=-lsasl2
> 
>     However, this variables make the buildworld target to pick up
>     OpenSSL from ports if installed, not from base, in the middle of
>     building sendmail.  "make buildworld" will always fail.  There is
>     no way to avoid OpenSSL from ports if she wants software such as
>     deskutils/nextcloudclient.
> 
>  This build breakage occurs with sendmail + openssl from ports, not
>  related to cyrus-sasl2.  A shlib mismatch between sendmail and
>  cyrus-sasl2 in terms of OpenSSL library is another issue.
> 
>  I think there are several workaround, but the primary problem is that
>  people can get confused with instructions in the handbook.  I suggest
>  to update the handbook:
> 
>  a) If you do not have security/openssl on your system, set the
>     following in make.conf and rebuilt the world:
> 
>      SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
>      SENDMAIL_LDFLAGS=-L/usr/local/lib
>      SENDMAIL_LDADD=-lsasl2
> 
>  b) If you have security/openssl, sendmail in the base system does not
>     support SMTP AUTH because of incompatibility with the newer
>     versions of OpenSSL.  Use mail/sendmail from ports.
> 
>  I still feel that b) is sub-optimal, but it would be too complex to
>  make them coexist with each other.  The attached patch and putting
>  SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_*
>  variables should mitigate the first problem but if
>  security/cyrus-sasl2 was built with OpenSSL from ports, the shlib
>  mismatch still occurs.

Ah, now I see the whole picture.

Yes, the Handbook needs some improvement.  Yes, b) is sub-optimal but I
guess it is the only clean solution for now.

Thanks for the explanation!

Jung-uk Kim