[PC-BSD Pbi-dev] nginx PBI depends on OpenSSL from ports

Ken Moore ken at pcbsd.org
Tue Jan 31 07:06:32 PST 2012


On 01/30/2012 22:07, Andriy Bakay wrote:
> Sorry to posting same question again. How can I enforce rebuild of nginx PBI module with new OpenSSL library?
>
> On 2012-01-27, at 20:47 , Andriy Bakay wrote:
>
>> Hi All,
>>
>> Recently I build nginx PBI package with SSL support and because I want to use more recent version of OpenSSL library I build it with OpenSSL from ports. In my pbi.conf I have:
>>
>> #!/bin/sh
>> PBI_PROGNAME="nginx"
>> PBI_PROGWEB="http://sysoev.ru/nginx/"
>> PBI_PROGAUTHOR="osa at FreeBSD.org"
>> PBI_PROGICON="nginx.png"PBI_MAKEPORT="www/nginx"
>> PBI_MKPORTBEFORE=""
>> PBI_MKPORTAFTER=""
>> PBI_MAKEOPTS="PACKAGE_BUILDING=Y
>> WITH_OPENSSL_PORT=yes
>> WITH_HTTP_GZIP_STATIC_MODULE=true
>> WITH_HTTP_SSL_MODULE=true
>> WITH_SYSLOG_SUPPORT=true"PBI_REQUIRESROOT="YES"
>> export PBI_REQUIRESROOT PBI_MAKEOPTS PBI_PROGNAME PBI_PROGWEB PBI_PROGAUTHOR PBI_MKPORTBEFORE PBI_MKPORTAFTER PBI_PROGICON PBI_MAKEPORT
>>
>> And I put 'WITH_OPENSSL_PORT=yes' variable to '/etc/pbi-make.conf' as well. Initially nginx PBI was build with OpenSSL 1.0.0_8, but recently OpenSSL was updated to 1.0.0_9 (security fix). I started 'pbi_autobuild' utility and OpenSSL update was successfully detected. The PBP patch 1.0.0_8 ->  1.0.0_9 was build. But nginx PBI package was not rebuild by 'pbi_autobuild' utility. I guess it did not notice dependency between nginx and OpenSSL from ports.
>>
>> The OpenSSL 1.0.0_9 is a security fix, so it is important to updated nginx PBI. How such situation should be handled by PBI process?
>>
>> Please advise,
>> Andriy
>>
>> _______________________________________________
>> Pbi-dev mailing list
>> Pbi-dev at lists.pcbsd.org
>> http://lists.pcbsd.org/mailman/listinfo/pbi-dev

I think that "pbi_autobuild" only rebuilds the PBI if there has been a 
change to the version number of the desired port to be built (in this 
case nginx, not openssl). You will probably have to manually trigger a 
rebuild of the PBI by setting [PBI_BUILDKEY="01"; export PBI_BUILDKEY] 
in your pbi.conf in order for pbi_autobuild to see that you want a new 
PBI build. You can also set [PBI_PROGREVISION="(something)"; export 
PBI_PROGREVISION] in pbi.conf in order to change the version number of 
your PBI (it adds: "_(something)" to the end of the version number- 
similar to minor port changes).
Either than that, you will probably have to wait for the port to be updated.

Oh, you will also want to remove the "PACKAGE_BUILDING=Y" from the 
makeopt line. That will use the FreeBSD package for nginx (which was not 
updated) rather than building it from scratch with the updates to openssl.

Hope this helps!

-- 
~~ Ken Moore ~~
PC-BSD/iXsystems



More information about the Pbi-dev mailing list