tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[PATCH] www/curl certbundle and missing dep


www/curl pulls libpsl out of the host system if it can, so I just added
an explicit dependency to handle that.

Also, the attached patch contains my other long-standing change to the
Makefile: Handling of SSL certs as a bundle in the host system. I
needed that to keep curl properly working with the host's certs. This
is a bit outdated now since openssl from CentOS 7 is getting too old
for pkgsrc and it forces its openssl 1.1, but may be relevant for other
base systems.

Back too the .la creep: Apart from being dirty, the inclusion of .la
files from the host breaks following builds because buildlink gets
confused. I recently stumbled over this with p11-kit pulling
/usr/lib/ and then breaking the build of gnutls (AFAIR).

I did not yet manage to get rid of that even modifying the libtool
command that creates not to include any -L/usr/lib (that
was there for whatever reason); still it links to the correct .so in
pkgsrc prefix but puts /usr/lib/ into its la file.

I feel that the handling of libtool in pkgsrc, with build isolation,
still needs work for the case of a host system possibly offering
development files for all the packages pkgsrc offers. Things just creep
in. So far, pkgsrc is probably lucky because most host distros either
lack the respective software (BSD) or don't install headers and libtool
files by default (Linux).

I am not sure if missing explicit dependencies is all of it. Early
bailout at package install phase that notes discrepancies between the
.so files linked and non-matching .la files being recorded as deps
would help. Or just nuke all of libtool from orbit and provide all libs
with pkg-config files. Anyhow, I already spent my weekend so far trying
to fix up a new pkgsrc install and have to draw a line. My current
resolution is to stop testing pkgsrc builds on a development GNU/Linux
workstation. Maybe someone else can pick up and have a shot at a proper
fix to avoid unwanted .la file intrusion.

Alrighty then,


Dr. Thomas Orgis
HPC @ Universität Hamburg
--- pkgsrc-2020Q3/www/curl/Makefile	2020-08-31 20:12:32.000000000 +0200
+++ pkgsrc/www/curl/Makefile	2020-11-15 14:03:17.797692782 +0100
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.233 2020/08/31 18:12:32 wiz Exp $
 DISTNAME=	curl-7.72.0
 EXTRACT_SUFX=	.tar.xz
@@ -20,7 +20,6 @@
 CONFIGURE_ARGS+=	--with-ssl=${BUILDLINK_PREFIX.openssl}
-CONFIGURE_ARGS+=	--with-ca-path=${SSLCERTS}
 TEST_TARGET=		check
@@ -49,5 +48,14 @@
 .include "../../devel/zlib/"
 .include "../../lang/python/"
 .include "../../security/openssl/"
+.include "../../www/libpsl/"
 .include "../../mk/"
 .include "../../mk/"
+# Openssl builtin detection sets SSLCERTBUNDLE if a bundle is found
+# in /etc/. This is essential to have working curl!
+.if !empty(SSLCERTBUNDLE)
+CONFIGURE_ARGS+=        --with-ca-bundle=${SSLCERTBUNDLE}
+CONFIGURE_ARGS+=	--with-ca-path=${SSLCERTS}

Home | Main Index | Thread Index | Old Index