On Fri, Jun 26, 2026 at 05:47:45AM +0000, Lucas Raab wrote:
> Hello,
> 
> Here's a proposed diff to build sqlcipher against OpenSSL 3.5 for
> MAC_EVP API support. I was working through an update for
> net/flare-messenger and a recent change there brings in a vendored
> BoringSSL version. The vendored copy of sqlcipher in libsqlite3-sys
> wants to compile against OpenSSL supporting MAC_EVP which conflicts with
> BoringSSL when linking.
> 
> Following FreeBSD's approach, libsqlite3-sys/presage/rusqlite can use an
> external version of sqlcipher which allows the flare update to build and
> link as expected.

For the benefit of the others, here's what lraab and I discussed in the
hackroom.

For this to work, you need to remove MODCARGO_CRATES_KEEP=libsqlite3-sys
from flare-messenger. Thankfully bket figured out a fix for this ugly
workaround a while back. This makes the wip update build and package,
and if it works, that is the proper fix for the flare-messenger update.
At worst we need to port the sqlcipher patch to flare-messenger.

We should not switch sqlcipher to openssl/3 because this is dangerous
for kmymoney. We can just keep the patch for HMAC.

So ok tb for the below diff if it's good enough for the desired goal.
Only a minor bump since both features simply add symbols.

diff --git a/databases/sqlcipher/Makefile b/databases/sqlcipher/Makefile
index dab6e29e7c..417a196fa0 100644
--- a/databases/sqlcipher/Makefile
+++ b/databases/sqlcipher/Makefile
@@ -3,8 +3,9 @@
 GH_ACCOUNT=    sqlcipher
 GH_PROJECT=    sqlcipher
 GH_TAGNAME=    v4.16.0
+REVISION =     0
 
-SHARED_LIBS +=  sqlcipher                 3.3
+SHARED_LIBS +=  sqlcipher                 3.4
 
 CATEGORIES=    databases
 
@@ -38,7 +39,9 @@
 CFLAGS+=       -DOMIT_MEMLOCK \
                -DSQLITE_EXTRA_INIT=sqlcipher_extra_init \
                -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \
-               -DSQLITE_HAS_CODEC
+               -DSQLITE_HAS_CODEC \
+               -DSQLITE_ENABLE_COLUMN_METADATA \
+               -DSQLITE_ENABLE_UNLOCK_NOTIFY \
 
 LDFLAGS+=      -lcrypto
 

Reply via email to