[openssl-dev] Configure --prefix and --openssldir

[Richard Levitte]

Hi,

I'd like to ask developers and packagers out there, how are the
configuration options --prefix and --openssldir working out for you?

When I look at them today, they look... well, a bit aged, and could
use a refreshment. But before doing anything with these options, I'd
like to know how you guys are using them, and how they could be
better.

As a recap, here's how they work today (*):

--prefix unset, --openssldir unset
=> INSTALLTOP=/usr/local/ssl , OPENSSLDIR=/usr/local/ssl

--prefix unset, --openssldir set to "/bar" (absolute path)
=> INSTALLTOP=/bar , OPENSSLDIR=/bar

--prefix unset, --openssldir set to "bar" (relative path)
=> INSTALLTOP=bar , OPENSSLDIR=bar/bar

--prefix set to "/foo", --openssldir unset
=> INSTALLTOP=/foo , OPENSSLDIR=/foo/ssl

--prefix set to "/foo", --openssldir set to "/bar" (absolute path)
=> INSTALLTOP=/foo , OPENSSLDIR=/bar

--prefix set to "/foo", --openssldir set to "bar" (relative path)
=> INSTALLTOP=/foo , OPENSSLDIR=/foo/bar


Installation currrntly uses $(INSTALLTOP) to install 'openssl' and
'c_rehash' (in $(INSTALLTOP)/bin), libraries & pkgconfig files (in
$(INSTALLTOP)/lib and $(INSTALLTOP)/lib/pkgconfig), engines (in
$(INSTALLTOP)/lib/engines) and include files (in
$(INSTALLTOP)/include/openssl).

Installation also currently uses $(OPENSSLDIR) to install scripts (in
$(OPENSSLDIR)/misc) except for 'c_rehash', and manuals, both in man
form (in $(OPENSSLDIR)/man/man$n) and html form (in
$(OPENSSLDIR)/html/{apps|crypto|ssl}).

Cheers,
Richard

--
Richard Levitte lev...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[Quanah Gibson-Mount]

--On Tuesday, January 19, 2016 7:06 PM +0100 Richard Levitte

<lev...@openssl.org> wrote:

> Hi,
>
> I'd like to ask developers and packagers out there, how are the
> configuration options --prefix and --openssldir working out for you?
>
> When I look at them today, they look... well, a bit aged, and could
> use a refreshment. But before doing anything with these options, I'd
> like to know how you guys are using them, and how they could be
> better.

For Zimbra 8.7, we are doing:

./Configure no-idea enable-ec_nistp_64_gcc_128 no-mdc2 no-rc5 no-ssl2 \
no-hw --prefix=/opt/zimbra/common --libdir=lib
--openssldir=/opt/zimbra/common/etc/ssl \
shared linux-x86_64 -g -O2 -DOPENSSL_NO_HEARTBEATS

For previous versions of Zimbra, we did:

./Configure no-idea enable-ec_nistp_64_gcc_128 no-mdc2 no-rc5 no-ssl2 no-hw
--prefix=/opt/zimbra/openssl-$(OPENSSL_VERSION) --libdir=lib \
shared $(PLAT) -g -O2 -DOPENSSL_NO_HEARTBEATS; \

So we've only just recently started using openssldir, but it does exactly
what we want it to do. ;)

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration

[Viktor Dukhovni]

On Tue, Jan 19, 2016 at 07:06:06PM +0100, Richard Levitte wrote:

> When I look at them today, they look... well, a bit aged, and could
> use a refreshment. But before doing anything with these options, I'd
> like to know how you guys are using them, and how they could be
> better.
>

> As a recap, here's how they work today (*):
>
> --prefix unset, --openssldir unset
> => INSTALLTOP=/usr/local/ssl , OPENSSLDIR=/usr/local/ssl

> ...

I only use "--prefix". There seems to be some code in Configure
to support BSD platforms by adding "-rpath" when --prefix is not
/usr, but it does not seem to work (the flag does not actually make
it into the link command for libssl.so). I have to explicitly
tweak the BSD definition in Configurations/.

Fixing that might be useful.

--
Viktor.

[Joey Yandle]

> --prefix unset, --openssldir set to "bar" (relative path)
> => INSTALLTOP=bar , OPENSSLDIR=bar/bar
>

This one was sufficiently opaque that I stopped using --openssldir and
started just using --prefix. For a multi-level relative path, this
gives very strange results...

[Richard Levitte]

In message <2016011918...@mournblade.imrryr.org> on Tue, 19 Jan 2016 18:37:42 +0000, Viktor Dukhovni <openss...@dukhovni.org> said:

openssl-users> On Tue, Jan 19, 2016 at 07:06:06PM +0100, Richard Levitte wrote:
openssl-users>
openssl-users> > When I look at them today, they look... well, a bit aged, and could
openssl-users> > use a refreshment. But before doing anything with these options, I'd
openssl-users> > like to know how you guys are using them, and how they could be
openssl-users> > better.
openssl-users> >
openssl-users> > As a recap, here's how they work today (*):
openssl-users> >
openssl-users> > --prefix unset, --openssldir unset
openssl-users> > => INSTALLTOP=/usr/local/ssl , OPENSSLDIR=/usr/local/ssl
openssl-users> > ...
openssl-users>
openssl-users> I only use "--prefix". There seems to be some code in Configure
openssl-users> to support BSD platforms by adding "-rpath" when --prefix is not
openssl-users> /usr, but it does not seem to work (the flag does not actually make
openssl-users> it into the link command for libssl.so). I have to explicitly
openssl-users> tweak the BSD definition in Configurations/.
openssl-users>
openssl-users> Fixing that might be useful.

Check if this litte patch helps:

openssl base64 -d <<EOF | gunzip -c | patch -p1
H4sIAHWFnlYAA5WOzUrDQACEz9mnGNMcGpNNUmKJIoXaerDgQVTwYG3Jz26yuN2E
zRZbrH12KwZUPIinGQbmmykE56C0FAZpOK0VF+VaM2RfnghVsA3iiJ1FWRIEcRwl
J6cZBlGUDIeEUvq9STzP+9Eej0EHSZz4CbxOD5Hg6Dsm1SUzGO0RzqnIcyd0rR5m
yjCJKfJ61QjJNEEPUqhnplErucVLxdThcaMZFxuIFqo2CNetDsgv7GJydzmnoUtg
vRJqOW2ValYsZcFlWgYjG/RB+lQ3qan8udO/nk1uby7ur1z7k9RtHO2x2i0+Jh7D
p2Nn554T7y/Wv2iw3gi69+22XYoCisG2XfIOdTfeR58BAAA=
EOF

Cheers,
Richard

--
Richard Levitte lev...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/

[Viktor Dukhovni]

On Tue, Jan 19, 2016 at 07:52:30PM +0100, Richard Levitte wrote:

> openssl-users> I only use "--prefix". There seems to be some code in Configure
> openssl-users> to support BSD platforms by adding "-rpath" when --prefix is not
> openssl-users> /usr, but it does not seem to work (the flag does not actually make
> openssl-users> it into the link command for libssl.so). I have to explicitly
> openssl-users> tweak the BSD definition in Configurations/.
> openssl-users>
> openssl-users> Fixing that might be useful.
>
> Check if this litte patch helps:
>
> openssl base64 -d <<EOF | gunzip -c | patch -p1
> H4sIAHWFnlYAA5WOzUrDQACEz9mnGNMcGpNNUmKJIoXaerDgQVTwYG3Jz26yuN2E
> zRZbrH12KwZUPIinGQbmmykE56C0FAZpOK0VF+VaM2RfnghVsA3iiJ1FWRIEcRwl
> J6cZBlGUDIeEUvq9STzP+9Eej0EHSZz4CbxOD5Hg6Dsm1SUzGO0RzqnIcyd0rR5m
> yjCJKfJ61QjJNEEPUqhnplErucVLxdThcaMZFxuIFqo2CNetDsgv7GJydzmnoUtg
> vRJqOW2ValYsZcFlWgYjG/RB+lQ3qan8udO/nk1uby7ur1z7k9RtHO2x2i0+Jh7D
> p2Nn554T7y/Wv2iw3gi69+22XYoCisG2XfIOdTfeR58BAAA=
> EOF

Yes, that seems to work:

$ ./Configure --prefix=$HOME/install shared BSD-x86_64
$ make
$ readelf -d libssl.so | grep RPATH
0x000000000000000f (RPATH) Library rpath: [/u/viktor/install/lib]

Thanks.

--
Viktor.

[Richard Levitte]

In message <569E851A...@dancingdragon.be> on Tue, 19 Jan 2016 10:48:58 -0800, Joey Yandle <dra...@dancingdragon.be> said:

dragon> > --prefix unset, --openssldir set to "bar" (relative path)
dragon> > => INSTALLTOP=bar , OPENSSLDIR=bar/bar
dragon> >
dragon>
dragon> This one was sufficiently opaque that I stopped using --openssldir and
dragon> started just using --prefix. For a multi-level relative path, this
dragon> gives very strange results...

That particular combination is really a bug, something I think we
didn't think of back in the days, or shrugged at, can't recall which.
But yes, it's quite the odd thing!

Cheers,
Richard

--
Richard Levitte lev...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/