Re: sshd on FBSD 8.0-RC2/3

Thu, 03 Dec 2009 09:13:50 -0800 

Hello!

2009/12/3 Peter Beckman <beck...@angryox.com>:
>> ports/138466 (affects www/apache22 built
>> WITH_OPENSSL_PORT=yes). It is critical to make sure that right runtime
>> libraries (those from /usr/local/lib, not from the base) are used by _every_
>> application built WITH_OPENSSL_PORT=YES - and it's not always true ;(
>
>  Agreed.  I ran into this problem, I had an old ENV var LD_LIBRARY_PATH in
>  one of my .tcshrc scripts that caused lighttpd to compile with the libssl
>  from base but the libcrypto from the port.  Running make, then confirming
>  your binary/binaries are linked correctly to the right libraries using
>  'ldd' is recommended to confirm what you expect.

   Well, ldd's output _itself_ depends on the current environment and
thus can't insure that correct libraries will be used by the
application. Compare:

1)

$ echo $LD_LIBRARY_PATH

$ ldd /usr/local/libexec/apache22/mod_ssl.so
/usr/local/libexec/apache22/mod_ssl.so:
        libssl.so.5 => /usr/lib/libssl.so.5 (0x2818c000)
        libcrypto.so.5 => /usr/lib/libcrypto.so.5 (0x281c5000)
        libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x282e2000)
        libm.so.4 => /lib/libm.so.4 (0x283ad000)
        libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x283c3000)

Weird, isn't it? libssl.so from the base + 2 different libcrypro.so.5!
However, apache's rc.d script sources /usr/local/sbin/envvars before
starting httpd (though not always - that's why my PR exists) to set
LD_LIBRARY_PATH properly:

2)


$ . /usr/local/sbin/envvars
$ echo $LD_LIBRARY_PATH
/usr/local/lib:
$ ldd /usr/local/libexec/apache22/mod_ssl.so
/usr/local/libexec/apache22/mod_ssl.so:
        libssl.so.5 => /usr/local/lib/libssl.so.5 (0x2818c000)
        libcrypto.so.5 => /usr/local/lib/libcrypto.so.5 (0x281c9000)
        libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x282ec000)
        libm.so.4 => /lib/libm.so.4 (0x283b7000)

Now ldd shows proper libraries. Likewise, if one omit setting
LD_LIBRARY_PATH before running httpd, it (httpd itself) will just use
OpenSSL libraries from base instead of port-installed (despite being
built properly). So this is also run-time issue.

>
> Beckman
> ---------------------------------------------------------------------------
> Peter Beckman                                                  Internet Guy
> beck...@angryox.com                                 http://www.angryox.com/
> ---------------------------------------------------------------------------
>



-- 
Sincerely, Dmitry
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to