From: Kirill Miazine Subject: Re: pkg-config lacking -L and -I dirs with openssl >= 3.3 To: ports@openbsd.org Cc: Renaud Allard Date: Sat, 7 Dec 2024 22:05:23 +0100 • Kirill Miazine [2024-12-07 21:03]: > CC Exim maintainer, who could probably comment on whether libressl would > need some fixes. > > • Theo Buehler [2024-12-07 05:03]: >>> I'm running one of the automated build nodes for the Exim MTA, which >>> does builds of stock Exim on OpenBSD. LibreSSL requires some patching, >> >> Thanks for the report. Could you elaborate on the actual problem you run >> into? Is this something we need to fix on the libressl side? > > Based on the patches the Exim port applies, I don't think there's > anything which needs to be done on the LibreSSL side: they look minor. to help catching LibreSSL issues, I added two additional OpenBSD build systems, both with LibreSSL. the difference is DANE, which is breaking the builds currently. the build without DANE goes well, even with Libre. had a chat with Exim dev, he said he would look into adding some of OpenBSD patches upstream. > At one time one of the patches was applied upstream, but it broke some > other system, and was reverted. I don't remember the details, though. > > Given that Exim is mostly being developed by one guy, only OpenSSL is > officially supported. So I try to at least make sure that Exim builds > fine with OpenSSL. > > Thanks for the pkg-config fixes. > >>> so I'm using OpenSSL there, with pkg-config to get CFLAGS and LDFLAGS. >>> I had noticed that for OpenSSL 3.3 pkg-config (eopenssl33) does not >>> provide -I or -L. >> >> OpenSSL fiddled with their pkgconfig generation between 3.2 and 3.3. >> It used to be generated from their Makefile, now it is generated from >> some .in files, which means we need to hook in there. I saw that when >> I updated the port, but then forgot to deal with it. >> >> The below is a bit hackier than I would like it to be, but it generates >> .pc files that differ only in the expected version number changes and >> an immaterial trailing whitespace change. >> >> I need to ponder this some more (we still have way more hardcoded >> eopenssl${V} than I wold like us to have), but I'll land some version >> of this soon. >> >> sthen, any concerns if we backport something along these lines to - >> stable? >> >> Index: Makefile >> =================================================================== >> RCS file: /cvs/ports/security/openssl/3.3/Makefile,v >> diff -u -p -r1.7 Makefile >> --- Makefile    3 Sep 2024 15:30:21 -0000    1.7 >> +++ Makefile    7 Dec 2024 03:41:25 -0000 >> @@ -8,6 +8,7 @@ V=        3.3.2 >>   PKGNAME=    openssl-${V} >>   PKGSPEC=    openssl->=3.3v0,<3.4v0 >>   EPOCH=        0 >> +REVISION=    0 >>   SHLIBVER=    27.0 >>   SHARED_LIBS=    crypto ${SHLIBVER} \ >> Index: patches/patch-exporters_pkg-config_libcrypto_pc_in >> =================================================================== >> RCS file: patches/patch-exporters_pkg-config_libcrypto_pc_in >> diff -N patches/patch-exporters_pkg-config_libcrypto_pc_in >> --- /dev/null    1 Jan 1970 00:00:00 -0000 >> +++ patches/patch-exporters_pkg-config_libcrypto_pc_in    7 Dec 2024 >> 03:38:01 -0000 >> @@ -0,0 +1,12 @@ >> +Index: exporters/pkg-config/libcrypto.pc.in >> +--- exporters/pkg-config/libcrypto.pc.in.orig >> ++++ exporters/pkg-config/libcrypto.pc.in >> +@@ -9,7 +9,7 @@ libdir={- if (defined $OpenSSL::safe::installdata::LIB >> +               $OpenSSL::safe::installdata::libdir[0]; >> +           } -} >> + includedir={- $OUT = ''; >> +-              $OUT .= '${prefix}/' . $_ . ' ' >> ++              $OUT .= '${prefix}/' . $_ . '/' . 'eopenssl33' . ' ' >> +                   foreach >> (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -} >> + enginesdir=${libdir}/{- >> $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR[0] -} >> + modulesdir=${libdir}/{- >> $OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR[0] -} >> Index: patches/patch-exporters_pkg-config_libssl_pc_in >> =================================================================== >> RCS file: patches/patch-exporters_pkg-config_libssl_pc_in >> diff -N patches/patch-exporters_pkg-config_libssl_pc_in >> --- /dev/null    1 Jan 1970 00:00:00 -0000 >> +++ patches/patch-exporters_pkg-config_libssl_pc_in    7 Dec 2024 >> 03:39:25 -0000 >> @@ -0,0 +1,19 @@ >> +Index: exporters/pkg-config/libssl.pc.in >> +--- exporters/pkg-config/libssl.pc.in.orig >> ++++ exporters/pkg-config/libssl.pc.in >> +@@ -9,13 +9,13 @@ libdir={- if (defined $OpenSSL::safe::installdata::LIB >> +               $OpenSSL::safe::installdata::libdir[0]; >> +           } -} >> + includedir={- $OUT = ''; >> +-              $OUT .= '${prefix}/' . $_ . ' ' >> ++              $OUT .= '${prefix}/' . $_ . '/' . 'eopenssl33' . ' ' >> +                   foreach >> (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -} >> + >> + Name: OpenSSL-libssl >> + Description: Secure Sockets Layer and cryptography libraries >> + Version: {- $OpenSSL::safe::installdata::VERSION -} >> +-Requires.private: libcrypto >> ++Requires.private: libecrypto33 >> + Libs: -L${libdir} -lssl >> + Cflags:{- $OUT = ' -I${includedir}'; >> +           if (scalar >> @OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX > 1) { >> Index: patches/patch-exporters_pkg-config_openssl_pc_in >> =================================================================== >> RCS file: patches/patch-exporters_pkg-config_openssl_pc_in >> diff -N patches/patch-exporters_pkg-config_openssl_pc_in >> --- /dev/null    1 Jan 1970 00:00:00 -0000 >> +++ patches/patch-exporters_pkg-config_openssl_pc_in    7 Dec 2024 >> 03:38:18 -0000 >> @@ -0,0 +1,16 @@ >> +Index: exporters/pkg-config/openssl.pc.in >> +--- exporters/pkg-config/openssl.pc.in.orig >> ++++ exporters/pkg-config/openssl.pc.in >> +@@ -9,10 +9,10 @@ libdir={- if (defined $OpenSSL::safe::installdata::LIB >> +               $OpenSSL::safe::installdata::libdir[0]; >> +           } -} >> + includedir={- $OUT = ''; >> +-              $OUT .= '${prefix}/' . $_ . ' ' >> ++              $OUT .= '${prefix}/' . $_ . '/' . 'eopenssl33' . ' ' >> +                   foreach >> (@OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX); -} >> + >> + Name: OpenSSL >> + Description: Secure Sockets Layer and cryptography libraries and tools >> + Version: {- $OpenSSL::safe::installdata::VERSION -} >> +-Requires: libssl libcrypto >> ++Requires: libessl33 libecrypto33 >> >