Re: Problems building pkgin on NetBSD 7/8

[Greg Troxel <gdt%lexort.com@localhost>]

Mike Pumford <mpumford%mudcovered.org.uk@localhost> writes:

> On 2020-01-21 00:45, Mike Pumford wrote:
>> Anyone else seeing this:
>>
>> checking for library containing socket... none required
>> checking for library containing inet_addr... none required
>> checking for strlcpy in -lnbcompat... yes
>> checking for library containing fetchGetURL... no
>> configure: error: libfetch not found.
>> *** Error code 1
>>
>> libfetch IS installed. The .a is in /usr/pkg/lib and pkgsrc itself says:
>>
>> => Build dependency libfetch>=2.39nb1: found libfetch-2.39nb1
>> => Build dependency cwrappers>=20150314: found cwrappers-20180325
>> => Full dependency pkg_install>=20130901: found pkg_install-20191008nb1
>> => Full dependency openssl>=1.1.1dnb2: found openssl-1.1.1dnb2
>> ===> Overriding tools for pkgin-0.15.0nb1
>>
>> My chroot package builds using libkver have started reporting this
>> on Both 7.2 and 8.1 amd64. Build host is actually 9.0-RC1 and
>> building pkgin for the native 9.0-RC1 amd64 work fine.
>>
> Okay I THINK I've figured this out.
>
> pkgin is now forcibly depending on openssl 1.1.1 from pkgsrc on 8.x
> and 7.x. 

pkgin depends on openssl.  On systems that don't have 1.1, it's going to
use the pkgsrc version, because 1.0 is too old to use.

> However its libfetch dependency is being built to satisfy pkg_install.

I completely do not follow that statement.

> libfetch doesn't default to building with openssl support at all and
> has to be forcibly told to use pkgsrc openssl over the builtin one. I
> THINK (but I'm not 100% sure that openssl support might be enabled in
> libfetch using the system openssl by default).

It's messier than that.  See net/libfetch/options.mk, where it does
something a bit complicated and non-standard to try to enable openssl by
default if using openssl would use the system openssl.

We are going to have to choose between this style and just using pkgsrc
openssl, or not using openssl in libfetch.   I think the real question
is if system openssl on 8.x is good enough, or if it isn't good enough.
We need one answer to that question, not two.

> So I suspect that the reason libfetch can't be found is because there
> is a conflict between the system openssl and the one being referenced
> by pkgin.

You should be able to look in .buildlink and run ldd to actually check
those asssmptions.

> To prove this I set:
> PKG_OPTIONS.libfetch=inet6 openssl
> USE_BUILTIN.openssl=no
>
> This then built libfetch with the pkgsrc openssl and let pkgin find it
> successfully.

> However without these options set a simple make install
> in the pkgin directory won't work.

"won't work" isn't speecific enough...

> What I can't figure out is why this
> isn't showing up on bulk builds or other peoples 7.x and 8.x systems
> Am I really the first to run into this? Or am I just doing something
> unusual?

There are no bulk builds (that I know of) for 7 and 8 with
pkgsrc-current.  I think that's not good, but someone needs to set them
up, which is not only effort but some beefy compute/ram/ssd resources.

I think it's quite plausible you are the first.  The commit to update
openssl to 1.1.1 is very recent.