svn commit: r358411 - head/contrib/sendmail/src

John Baldwin jhb at FreeBSD.org
Tue Mar 3 17:08:35 UTC 2020 

On 3/3/20 6:48 AM, Cy Schubert wrote:
> On March 2, 2020 2:50:47 PM PST, Hiroki Sato <hrs at FreeBSD.org> wrote:
>> Jung-uk Kim <jkim at FreeBSD.org> wrote
>>  in <8e60a869-fe1e-9314-ffdc-76ed3e2dc081 at FreeBSD.org>:
>>
>> jk> > I merely try to understand how to unbreak upgrade path for
>> 11.2-STABLE workstations
>> jk> > with stock sendmail and SSL support that also has many ports
>> installed including
>> jk> > ports requiring new openssl API. Because buildworld fails and
>> upgrade is broken.
>> jk> I am also trying to understand your problem.  Which port is
>> specifically
>> jk> requiring new OpenSSL API for you?
>>
>> The problem eugen@ is trying to explain is (correct me if this is
>> wrong):
>>
>> 1. One needs to install OpenSSL from ports if she wants to install
>>    software which depends on it.  deskutils/nextcloudclient, for
>>    example.  Setting DEFAILT_VERSION+=ssl=openssl is strongly
>>    recommended in this case for consistency.
>>
>> 2. Handbook says enabling SMTP AUTH requires the following in
>> make.conf:
>>
>>     SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
>>     SENDMAIL_LDFLAGS=-L/usr/local/lib
>>     SENDMAIL_LDADD=-lsasl2
>>
>>    However, this variables make the buildworld target to pick up
>>    OpenSSL from ports if installed, not from base, in the middle of
>>    building sendmail.  "make buildworld" will always fail.  There is
>>    no way to avoid OpenSSL from ports if she wants software such as
>>    deskutils/nextcloudclient.
>>
>> This build breakage occurs with sendmail + openssl from ports, not
>> related to cyrus-sasl2.  A shlib mismatch between sendmail and
>> cyrus-sasl2 in terms of OpenSSL library is another issue.
>>
>> I think there are several workaround, but the primary problem is that
>> people can get confused with instructions in the handbook.  I suggest
>> to update the handbook:
>>
>> a) If you do not have security/openssl on your system, set the
>>    following in make.conf and rebuilt the world:
>>
>>     SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
>>     SENDMAIL_LDFLAGS=-L/usr/local/lib
>>     SENDMAIL_LDADD=-lsasl2
>>
>> b) If you have security/openssl, sendmail in the base system does not
>>    support SMTP AUTH because of incompatibility with the newer
>>    versions of OpenSSL.  Use mail/sendmail from ports.
>>
>> I still feel that b) is sub-optimal, but it would be too complex to
>> make them coexist with each other.  The attached patch and putting
>> SASLBASEDIR=/usr/local into /etc/make.conf instead of the SENDMAIL_*
>> variables should mitigate the first problem but if
>> security/cyrus-sasl2 was built with OpenSSL from ports, the shlib
>> mismatch still occurs.
>>
>> -- Hiroki
> 
> Buildworld should only use libraries in /usr/obj. I've found and fixed these in ntp, Heimdal and amd. Base sendmail build shouldn't use installed libraries or headers.
> 
> The implications are obvious. 

While that rule is true in general, the SMTP AUTH bits for base sendmail have
always been a special case like this.  I switched to postfix several years
ago, but prior to that I was doing the same thing on my mail server.

I think hrs' new text for the handbook is probably the right answer.

-- 
John Baldwin

More information about the svn-src-head mailing list