On Fri, Jun 26, 2026 at 05:47:45AM +0000, Lucas Raab wrote:
> Hello,
>
> Here's a proposed diff to build sqlcipher against OpenSSL 3.5 for
> MAC_EVP API support. I was working through an update for
> net/flare-messenger and a recent change there brings in a vendored
> BoringSSL version. The vendored copy of sqlcipher in libsqlite3-sys
> wants to compile against OpenSSL supporting MAC_EVP which conflicts with
> BoringSSL when linking.
>
> Following FreeBSD's approach, libsqlite3-sys/presage/rusqlite can use an
> external version of sqlcipher which allows the flare update to build and
> link as expected.
For the benefit of the others, here's what lraab and I discussed in the
hackroom.
For this to work, you need to remove MODCARGO_CRATES_KEEP=libsqlite3-sys
from flare-messenger. Thankfully bket figured out a fix for this ugly
workaround a while back. This makes the wip update build and package,
and if it works, that is the proper fix for the flare-messenger update.
At worst we need to port the sqlcipher patch to flare-messenger.
We should not switch sqlcipher to openssl/3 because this is dangerous
for kmymoney. We can just keep the patch for HMAC.
So ok tb for the below diff if it's good enough for the desired goal.
Only a minor bump since both features simply add symbols.
diff --git a/databases/sqlcipher/Makefile b/databases/sqlcipher/Makefile
index dab6e29e7c..417a196fa0 100644
--- a/databases/sqlcipher/Makefile
+++ b/databases/sqlcipher/Makefile
@@ -3,8 +3,9 @@
GH_ACCOUNT= sqlcipher
GH_PROJECT= sqlcipher
GH_TAGNAME= v4.16.0
+REVISION = 0
-SHARED_LIBS += sqlcipher 3.3
+SHARED_LIBS += sqlcipher 3.4
CATEGORIES= databases
@@ -38,7 +39,9 @@
CFLAGS+= -DOMIT_MEMLOCK \
-DSQLITE_EXTRA_INIT=sqlcipher_extra_init \
-DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \
- -DSQLITE_HAS_CODEC
+ -DSQLITE_HAS_CODEC \
+ -DSQLITE_ENABLE_COLUMN_METADATA \
+ -DSQLITE_ENABLE_UNLOCK_NOTIFY \
LDFLAGS+= -lcrypto