[PC-BSD Pbi-dev] nginx PBI depends on OpenSSL from ports
ken at pcbsd.org
Tue Jan 31 07:33:33 PST 2012
On 01/31/2012 10:22, Ken Moore wrote:
> On 01/31/2012 10:06, Ken Moore wrote:
>> On 01/30/2012 22:07, Andriy Bakay wrote:
>>> Sorry to posting same question again. How can I enforce rebuild of
>>> nginx PBI module with new OpenSSL library?
>>> On 2012-01-27, at 20:47 , Andriy Bakay wrote:
>>>> Hi All,
>>>> Recently I build nginx PBI package with SSL support and because I
>>>> want to use more recent version of OpenSSL library I build it with
>>>> OpenSSL from ports. In my pbi.conf I have:
>>>> PBI_PROGAUTHOR="osa at FreeBSD.org"
>>>> export PBI_REQUIRESROOT PBI_MAKEOPTS PBI_PROGNAME PBI_PROGWEB
>>>> PBI_PROGAUTHOR PBI_MKPORTBEFORE PBI_MKPORTAFTER PBI_PROGICON
>>>> And I put 'WITH_OPENSSL_PORT=yes' variable to '/etc/pbi-make.conf'
>>>> as well. Initially nginx PBI was build with OpenSSL 1.0.0_8, but
>>>> recently OpenSSL was updated to 1.0.0_9 (security fix). I started
>>>> 'pbi_autobuild' utility and OpenSSL update was successfully
>>>> detected. The PBP patch 1.0.0_8 -> 1.0.0_9 was build. But nginx
>>>> PBI package was not rebuild by 'pbi_autobuild' utility. I guess it
>>>> did not notice dependency between nginx and OpenSSL from ports.
>>>> The OpenSSL 1.0.0_9 is a security fix, so it is important to
>>>> updated nginx PBI. How such situation should be handled by PBI
>>>> Please advise,
>>>> Pbi-dev mailing list
>>>> Pbi-dev at lists.pcbsd.org
>> I think that "pbi_autobuild" only rebuilds the PBI if there has been
>> a change to the version number of the desired port to be built (in
>> this case nginx, not openssl). You will probably have to manually
>> trigger a rebuild of the PBI by setting [PBI_BUILDKEY="01"; export
>> PBI_BUILDKEY] in your pbi.conf in order for pbi_autobuild to see that
>> you want a new PBI build. You can also set
>> [PBI_PROGREVISION="(something)"; export PBI_PROGREVISION] in pbi.conf
>> in order to change the version number of your PBI (it adds:
>> "_(something)" to the end of the version number- similar to minor
>> port changes).
>> Either than that, you will probably have to wait for the port to be
>> Oh, you will also want to remove the "PACKAGE_BUILDING=Y" from the
>> makeopt line. That will use the FreeBSD package for nginx (which was
>> not updated) rather than building it from scratch with the updates to
>> Hope this helps!
> I just noticed another issue:
> There is no "WITH_OPENSSL_PORT" build option within the NGINX port.
> From looking at the makefile there are:
> Both of these will trigger the "NGINX_OPENSSL=yes" option later on in
> the build.
> You can also add [PBI_MKPORTAFTER="security/openssl"; export
> PBI_MKPORTAFTER] to pbi.conf and it will include the openssl port
> within the PBI (even if the port does not officially require it).
> For additional explanation about the options available within the
> pbi.conf file, please look at the PCBSD wiki page about building PBI
I also just changed our module for NGINX to include the changes I just
mentioned (security/openssl added to the PBI, with_http_ssl_module
option turned on). Once it rebuilds I will get it pushed to the AppCafe
as soon as possible.
~~ Ken Moore ~~
More information about the Pbi-dev