On 08/03/2016 05:20 PM, Alice Wonder wrote:> On 08/03/2016 05:11 PM, Alice Wonder wrote: >> I'm having a major frustration with curl. >> >> When building curl, if libssl.so.10 is present the curl binary WILL link >> against it. > > *snip* > > Go ahead and ldd on the CentOS curl binary and library - you will see > openssl linked even though the spec file has --disable-ssl and --enable-nss > > It's clearly broken. >And building the CentOS curl package doesn't even BuildRequires the openssl-devel package. It's linking against a library it doesn't have the headers for. That's broken.
On 08/03/2016 05:23 PM, Alice Wonder wrote:> On 08/03/2016 05:20 PM, Alice Wonder wrote: >> On 08/03/2016 05:11 PM, Alice Wonder wrote: >>> I'm having a major frustration with curl. >>> >>> When building curl, if libssl.so.10 is present the curl binary WILL link >>> against it. >> >> *snip* >> >> Go ahead and ldd on the CentOS curl binary and library - you will see >> openssl linked even though the spec file has --disable-ssl and >> --enable-nss >> >> It's clearly broken. >> > > And building the CentOS curl package doesn't even BuildRequires the > openssl-devel package. > > It's linking against a library it doesn't have the headers for. > > That's broken.I haven't looked at how curl is built, butit is likely that the build links against some other package that is, in turn, built against OpenSSL. You would not need the openssl-devel package to do that, only the runtime libraries. It looks like that package could be libssh2... T.
Once upon a time, Thomas Eriksson <thomas.eriksson at slac.stanford.edu> said:> I haven't looked at how curl is built, butit is likely that the build > links against some other package that is, in turn, built against > OpenSSL. > > You would not need the openssl-devel package to do that, only the > runtime libraries. > > It looks like that package could be libssh2...Yes, that's what it is. libcurl links libssh2 which links libssl. There's nothing broken about mock pulling in mandatory requirements. If you don't want curl to use libssl, you'll need to disable SSH support. ldd does not just show the direct dependencies of the file you run it against; it resolves all deps needed to load the file. -- Chris Adams <linux at cmadams.net>
On 08/03/2016 05:33 PM, Thomas Eriksson wrote:> On 08/03/2016 05:23 PM, Alice Wonder wrote: >> On 08/03/2016 05:20 PM, Alice Wonder wrote: >>> On 08/03/2016 05:11 PM, Alice Wonder wrote: >>>> I'm having a major frustration with curl. >>>> >>>> When building curl, if libssl.so.10 is present the curl binary WILL link >>>> against it. >>> >>> *snip* >>> >>> Go ahead and ldd on the CentOS curl binary and library - you will see >>> openssl linked even though the spec file has --disable-ssl and >>> --enable-nss >>> >>> It's clearly broken. >>> >> >> And building the CentOS curl package doesn't even BuildRequires the >> openssl-devel package. >> >> It's linking against a library it doesn't have the headers for. >> >> That's broken. > > I haven't looked at how curl is built, butit is likely that the build > links against some other package that is, in turn, built against > OpenSSL. > > You would not need the openssl-devel package to do that, only the > runtime libraries. > > It looks like that package could be libssh2...It's not libssh2 because I built libssh2 against LibreSSL and tested it with ldd and it doesn't use OpenSSL nor pull it in. And in trying to create a curl that doesn't link against anything TLS I put --disable-libssh2 into the configure. The curl library respects that configure switch when building, the curl binary does not - it links against it anyway (mock pulls it in for other things, pulling in the version I built against OpenSSL) I also built custom OpenSSH against LibreSSL (which required ripping out all the fips stuff) for the mock build too - it also isn't pulling in OpenSSL libs. Something in the curl build will always link the binary against OpenSSL if the openssl-lib package is present, and will always link the library against OpenSSL if any TLS option is enabled in the configure. This happens even openssl-devel is not installed in the mock build environment.