Mailing List Archive

Thanks. This is possible, the old version is still installed, but I was
testing direct from the compiled binary directory assuming (probably
incorrectly by the sounds of things) it was self contained except for the
config.

Is there a way to test without the other in conflict, or do you have to go
the full hog and go for a final make install to test properly ? Would it be
safe to do a make DESTDIR=/some/directory/ install and run from that, or
would it still have issues ?

Thanks a lot for the help.




On Thu, Dec 14, 2023 at 5:01?PM Ian Z via Exim-users <
exim-users@lists.exim.org> wrote:

> On Thu, Dec 14, 2023 at 02:03:30PM +0000, Ian B via Exim-users wrote:
>
> > Thanks, default was OpenSSL 1.0.1e-fips however, I've just tried
> > compiling a new OpenSSL 1.1.1w, (output below), but weirdly I get an
> > error when testing sending a message with it...
>
> > exim: malformed message id 1rDlww-000000002Hg-16uR after -Mc option
>
> The format of the message ids has changed in 4.97. This looks a bit as
> if you had both versions on your PATH and the wrong one got used
> here. Is that possible?
>
> --
> Ian
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Just wanted to say thanks, I got this all working after the full install.

(I've compiled a later release of openssl into /usr/local/ssl and created
/etc/ld.so.conf.d/openssl.conf with the lib in there, followed by ldconfig
if anyone has similar issues).

On Thu, Dec 14, 2023 at 5:10?PM Ian B <ibrierley@gmail.com> wrote:

> Thanks. This is possible, the old version is still installed, but I was
> testing direct from the compiled binary directory assuming (probably
> incorrectly by the sounds of things) it was self contained except for the
> config.
>
> Is there a way to test without the other in conflict, or do you have to go
> the full hog and go for a final make install to test properly ? Would it be
> safe to do a make DESTDIR=/some/directory/ install and run from that, or
> would it still have issues ?
>
> Thanks a lot for the help.
>
>
>
>
> On Thu, Dec 14, 2023 at 5:01?PM Ian Z via Exim-users <
> exim-users@lists.exim.org> wrote:
>
>> On Thu, Dec 14, 2023 at 02:03:30PM +0000, Ian B via Exim-users wrote:
>>
>> > Thanks, default was OpenSSL 1.0.1e-fips however, I've just tried
>> > compiling a new OpenSSL 1.1.1w, (output below), but weirdly I get an
>> > error when testing sending a message with it...
>>
>> > exim: malformed message id 1rDlww-000000002Hg-16uR after -Mc option
>>
>> The format of the message ids has changed in 4.97. This looks a bit as
>> if you had both versions on your PATH and the wrong one got used
>> here. Is that possible?
>>
>> --
>> Ian
>>
>> --
>> ## subscription configuration (requires account):
>> ##
>> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
>> ## unsubscribe (doesn't require an account):
>> ## exim-users-unsubscribe@lists.exim.org
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Fri, Dec 15, 2023 at 12:26:53PM +0000, Ian B via Exim-users wrote:
> Just wanted to say thanks, I got this all working after the full install.
>
> (I've compiled a later release of openssl into /usr/local/ssl and created
> /etc/ld.so.conf.d/openssl.conf with the lib in there, followed by ldconfig
> if anyone has similar issues).

I wouldn't recommend changing the system-wide ld.so.conf to list the
installation directory of a custom DYI OpenSSL build. Instead, use
appropriate "-Wl,-R,/some/where" LDFLAGS. If your OpenSSL is 1.1.0 or
later, you can also use a non-empty "shlib_variant" in the build
template, to ensure that the SONAME of the resulting shared library, and
its symbol versions don't conflict with the system-provided OpenSSL.

For example, with OpenSSL 3.2, I use:

+++ Configurations/99-myconf.conf
@@ -0,0 +1,10 @@
+my %targets = (
+ "linux-x86_64-rpk" => {
+ inherit_from => [ "linux-x86_64" ],
+ shlib_variant => "rpk",
+ },
+ "BSD-x86_64-rpk" => {
+ inherit_from => [ "BSD-x86_64" ],
+ shlib_variant => "rpk",
+ },
+);

and then (on FreeBSD, in a sibling directory of the OpenSSL source tree)
run "Configure" as follows:

../openssl/Configure --prefix=/usr/local/siteexec -Wl,-R,/usr/local/siteexec/lib BSD-x86_64-rpk

while on a Fedora system:

../openssl/Configure --prefix=/opt/openssl/3.2 -Wl,-rpath,/opt/openssl/3.2/lib64 linux-x86_64-rpk

then "make" and finally as root "make install_sw".

--
Viktor.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Thanks, I couldn't seem to get that route working (didn't seem to create
the libssl.so.1.1 files, so would get error while loading shared libraries:
libssl.so.1.1: cannot open shared object file: No such file or directory )

I think I'm misunderstanding some of the bits you've posted though around
shlib_variant, so I will have a read to get a better understanding.

In the meantime I think I've just got it working ok with exporting
LD_LIBRARY_PATH and CC=gcc -std=gnu99 -lrt -I/usr/local/ssl/
-L/usr/local/ssl/lib -Wl,-rpath,/usr/local/ssl/lib (not even sure those are
correct just atm)

(and removed entry from /etc/ld.so.conf ) It's maybe not ideal, but may be
ok until I can understand whats happening a little more.

Thanks for the help and the pointer

On Fri, Dec 15, 2023 at 9:33?PM Viktor Dukhovni via Exim-users <
exim-users@lists.exim.org> wrote:

> On Fri, Dec 15, 2023 at 12:26:53PM +0000, Ian B via Exim-users wrote:
> > Just wanted to say thanks, I got this all working after the full install.
> >
> > (I've compiled a later release of openssl into /usr/local/ssl and created
> > /etc/ld.so.conf.d/openssl.conf with the lib in there, followed by
> ldconfig
> > if anyone has similar issues).
>
> I wouldn't recommend changing the system-wide ld.so.conf to list the
> installation directory of a custom DYI OpenSSL build. Instead, use
> appropriate "-Wl,-R,/some/where" LDFLAGS. If your OpenSSL is 1.1.0 or
> later, you can also use a non-empty "shlib_variant" in the build
> template, to ensure that the SONAME of the resulting shared library, and
> its symbol versions don't conflict with the system-provided OpenSSL.
>
> For example, with OpenSSL 3.2, I use:
>
> +++ Configurations/99-myconf.conf
> @@ -0,0 +1,10 @@
> +my %targets = (
> + "linux-x86_64-rpk" => {
> + inherit_from => [ "linux-x86_64" ],
> + shlib_variant => "rpk",
> + },
> + "BSD-x86_64-rpk" => {
> + inherit_from => [ "BSD-x86_64" ],
> + shlib_variant => "rpk",
> + },
> +);
>
> and then (on FreeBSD, in a sibling directory of the OpenSSL source tree)
> run "Configure" as follows:
>
> ../openssl/Configure --prefix=/usr/local/siteexec
> -Wl,-R,/usr/local/siteexec/lib BSD-x86_64-rpk
>
> while on a Fedora system:
>
> ../openssl/Configure --prefix=/opt/openssl/3.2
> -Wl,-rpath,/opt/openssl/3.2/lib64 linux-x86_64-rpk
>
> then "make" and finally as root "make install_sw".
>
>
>
>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Sat, Dec 16, 2023 at 09:44:59AM +0000, Ian B via Exim-users wrote:

> In the meantime I think I've just got it working ok with exporting
> LD_LIBRARY_PATH and CC=gcc -std=gnu99 -lrt -I/usr/local/ssl/
> -L/usr/local/ssl/lib -Wl,-rpath,/usr/local/ssl/lib (not even sure those are
> correct just atm)

When building the custom OpenSSL, I don't find it necessary to do
anything with CC, LD_LIBRARY_PATH, ... just:

$ dstpath=... # whatever
$ libpath=$dstpath/lib # or $dstpath/lib64, ...
$ Configure --prefix=$dstpath -Wl,-rpath,$libpath linux-x86_64-rpk
$ make # -j<pick-a-number-cpus>
$ make test
$ sudo make install_sw

When building other software against the non-default OpenSSL, you may
need to tweak CFLAGS and LDFLAGS in various ways to make sure that:

* CFLAGS has -I$dstpath/include
* LDFLAGS has -L$libpath -Wl,-rpath,$libpath

For example, my Fedora shell script for configuring a Postfix build
is essentially:

OSSL=/opt/openssl/3.2

CCARGS="-I${OSSL}/include -DUSE_TLS -DHAS_PCRE=2 -DHAS_CDB -DNO_NIS"
AUXLIBS="$AUXLIBS -L${OSSL}/lib64 -Wl,-rpath,${OSSL}/lib64 -lssl -lcrypto -ldb"
AUXLIBS_PCRE="-lpcre2-8"
AUXLIBS_CDB="-lcdb"

make -f Makefile.init \
"CCARGS=$CCARGS" "OPT=-O -g" \
AUXLIBS="$AUXLIBS" \
AUXLIBS_PCRE="$AUXLIBS_PCRE" \
AUXLIBS_CDB="$AUXLIBS_CDB" \
makefiles

The details will be different for Exim, but the basic principles should
be the same.

--
Viktor.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Apologies, yes you're right. The LD_LIBRARY_PATH was actually just for me
to test the different version of openssl from the console and not necessary
at all as part of exim.

Thanks for pointing that out!

On Sat, Dec 16, 2023 at 6:13?PM Viktor Dukhovni via Exim-users <
exim-users@lists.exim.org> wrote:

> On Sat, Dec 16, 2023 at 09:44:59AM +0000, Ian B via Exim-users wrote:
>
> > In the meantime I think I've just got it working ok with exporting
> > LD_LIBRARY_PATH and CC=gcc -std=gnu99 -lrt -I/usr/local/ssl/
> > -L/usr/local/ssl/lib -Wl,-rpath,/usr/local/ssl/lib (not even sure those
> are
> > correct just atm)
>
> When building the custom OpenSSL, I don't find it necessary to do
> anything with CC, LD_LIBRARY_PATH, ... just:
>
> $ dstpath=... # whatever
> $ libpath=$dstpath/lib # or $dstpath/lib64, ...
> $ Configure --prefix=$dstpath -Wl,-rpath,$libpath linux-x86_64-rpk
> $ make # -j<pick-a-number-cpus>
> $ make test
> $ sudo make install_sw
>
> When building other software against the non-default OpenSSL, you may
> need to tweak CFLAGS and LDFLAGS in various ways to make sure that:
>
> * CFLAGS has -I$dstpath/include
> * LDFLAGS has -L$libpath -Wl,-rpath,$libpath
>
> For example, my Fedora shell script for configuring a Postfix build
> is essentially:
>
> OSSL=/opt/openssl/3.2
>
> CCARGS="-I${OSSL}/include -DUSE_TLS -DHAS_PCRE=2 -DHAS_CDB -DNO_NIS"
> AUXLIBS="$AUXLIBS -L${OSSL}/lib64 -Wl,-rpath,${OSSL}/lib64 -lssl
> -lcrypto -ldb"
> AUXLIBS_PCRE="-lpcre2-8"
> AUXLIBS_CDB="-lcdb"
>
> make -f Makefile.init \
> "CCARGS=$CCARGS" "OPT=-O -g" \
> AUXLIBS="$AUXLIBS" \
> AUXLIBS_PCRE="$AUXLIBS_PCRE" \
> AUXLIBS_CDB="$AUXLIBS_CDB" \
> makefiles
>
> The details will be different for Exim, but the basic principles should
> be the same.
>
> --
> Viktor.
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/