On 2026/06/26 08:52, Theo Buehler wrote: > On Fri, Jun 26, 2026 at 05:47:45AM +0000, Lucas Raab wrote: > > Hello, > > > > Here's a proposed diff to build sqlcipher against OpenSSL 3.5 for > > MAC_EVP API support. I was working through an update for > > net/flare-messenger and a recent change there brings in a vendored > > BoringSSL version. The vendored copy of sqlcipher in libsqlite3-sys > > wants to compile against OpenSSL supporting MAC_EVP which conflicts with > > BoringSSL when linking. > > > > Following FreeBSD's approach, libsqlite3-sys/presage/rusqlite can use an > > external version of sqlcipher which allows the flare update to build and > > link as expected. > > For the benefit of the others, here's what lraab and I discussed in the > hackroom. > > For this to work, you need to remove MODCARGO_CRATES_KEEP=libsqlite3-sys > from flare-messenger. Thankfully bket figured out a fix for this ugly > workaround a while back. This makes the wip update build and package, > and if it works, that is the proper fix for the flare-messenger update. > At worst we need to port the sqlcipher patch to flare-messenger. > > We should not switch sqlcipher to openssl/3 because this is dangerous > for kmymoney. We can just keep the patch for HMAC. > > So ok tb for the below diff if it's good enough for the desired goal. > Only a minor bump since both features simply add symbols. > > diff --git a/databases/sqlcipher/Makefile b/databases/sqlcipher/Makefile > index dab6e29e7c..417a196fa0 100644 > --- a/databases/sqlcipher/Makefile > +++ b/databases/sqlcipher/Makefile > @@ -3,8 +3,9 @@ > GH_ACCOUNT= sqlcipher > GH_PROJECT= sqlcipher > GH_TAGNAME= v4.16.0 > +REVISION = 0 > > -SHARED_LIBS += sqlcipher 3.3 > +SHARED_LIBS += sqlcipher 3.4 > > CATEGORIES= databases > > @@ -38,7 +39,9 @@ > CFLAGS+= -DOMIT_MEMLOCK \ > -DSQLITE_EXTRA_INIT=sqlcipher_extra_init \ > -DSQLITE_EXTRA_SHUTDOWN=sqlcipher_extra_shutdown \ > - -DSQLITE_HAS_CODEC > + -DSQLITE_HAS_CODEC \ > + -DSQLITE_ENABLE_COLUMN_METADATA \ > + -DSQLITE_ENABLE_UNLOCK_NOTIFY \ > > LDFLAGS+= -lcrypto > >
That is hugely preferred if it works.
