On 2026/06/26 08:52, Theo Buehler wrote:
> On Fri, Jun 26, 2026 at 05:47:45AM +0000, Lucas Raab wrote:
> > Hello,
> > 
> > Here's a proposed diff to build sqlcipher against OpenSSL 3.5 for
> > MAC_EVP API support. I was working through an update for
> > net/flare-messenger and a recent change there brings in a vendored
> > BoringSSL version. The vendored copy of sqlcipher in libsqlite3-sys
> > wants to compile against OpenSSL supporting MAC_EVP which conflicts with
> > BoringSSL when linking.
> > 
> > Following FreeBSD's approach, libsqlite3-sys/presage/rusqlite can use an
> > external version of sqlcipher which allows the flare update to build and
> > link as expected.
> 
> For the benefit of the others, here's what lraab and I discussed in the
> hackroom.
> 
> For this to work, you need to remove MODCARGO_CRATES_KEEP=libsqlite3-sys
> from flare-messenger. Thankfully bket figured out a fix for this ugly
> workaround a while back. This makes the wip update build and package,
> and if it works, that is the proper fix for the flare-messenger update.
> At worst we need to port the sqlcipher patch to flare-messenger.
> 
> We should not switch sqlcipher to openssl/3 because this is dangerous
> for kmymoney. We can just keep the patch for HMAC.
> 
> So ok tb for the below diff if it's good enough for the desired goal.
> Only a minor bump since both features simply add symbols.
> 
> diff --git a/databases/sqlcipher/Makefile b/databases/sqlcipher/Makefile
> index dab6e29e7c..417a196fa0 100644
> --- a/databases/sqlcipher/Makefile
> +++ b/databases/sqlcipher/Makefile
> @@ -3,8 +3,9 @@
>  GH_ACCOUNT=  sqlcipher
>  GH_PROJECT=  sqlcipher
>  GH_TAGNAME=  v4.16.0
> +REVISION =   0
>  
> -SHARED_LIBS +=  sqlcipher                 3.3
> +SHARED_LIBS +=  sqlcipher                 3.4
>  
>  CATEGORIES=  databases
>  
> @@ -38,7 +39,9 @@
>  CFLAGS+=     -DOMIT_MEMLOCK \
>               -DSQLITE_EXTRA_INIT=sqlcipher_extra_init \
>               -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \
> -             -DSQLITE_HAS_CODEC
> +             -DSQLITE_HAS_CODEC \
> +             -DSQLITE_ENABLE_COLUMN_METADATA \
> +             -DSQLITE_ENABLE_UNLOCK_NOTIFY \
>  
>  LDFLAGS+=    -lcrypto
>  
> 

That is hugely preferred if it works.

Reply via email to