[PC-BSD Pbi-dev] nginx PBI depends on OpenSSL from ports

Andriy Bakay andriy at irbisnet.com
Fri Jan 27 17:47:41 PST 2012


Hi All,

Recently I build nginx PBI package with SSL support and because I want to use more recent version of OpenSSL library I build it with OpenSSL from ports. In my pbi.conf I have:

#!/bin/sh
PBI_PROGNAME="nginx"
PBI_PROGWEB="http://sysoev.ru/nginx/"
PBI_PROGAUTHOR="osa at FreeBSD.org"
PBI_PROGICON="nginx.png"PBI_MAKEPORT="www/nginx"
PBI_MKPORTBEFORE=""
PBI_MKPORTAFTER=""
PBI_MAKEOPTS="PACKAGE_BUILDING=Y
WITH_OPENSSL_PORT=yes
WITH_HTTP_GZIP_STATIC_MODULE=true
WITH_HTTP_SSL_MODULE=true
WITH_SYSLOG_SUPPORT=true"PBI_REQUIRESROOT="YES"
export PBI_REQUIRESROOT PBI_MAKEOPTS PBI_PROGNAME PBI_PROGWEB PBI_PROGAUTHOR PBI_MKPORTBEFORE PBI_MKPORTAFTER PBI_PROGICON PBI_MAKEPORT

And I put 'WITH_OPENSSL_PORT=yes' variable to '/etc/pbi-make.conf' as well. Initially nginx PBI was build with OpenSSL 1.0.0_8, but recently OpenSSL was updated to 1.0.0_9 (security fix). I started 'pbi_autobuild' utility and OpenSSL update was successfully detected. The PBP patch 1.0.0_8 -> 1.0.0_9 was build. But nginx PBI package was not rebuild by 'pbi_autobuild' utility. I guess it did not notice dependency between nginx and OpenSSL from ports.

The OpenSSL 1.0.0_9 is a security fix, so it is important to updated nginx PBI. How such situation should be handled by PBI process?

Please advise,
Andriy



More information about the Pbi-dev mailing list