Opened 3 years ago

Closed 3 years ago

#63619 closed defect (fixed)

openssl @1.1_0 conflicts with curl-ca-bundle

Reported by: ryandesign (Ryan Carsten Schmidt) Owned by:
Priority: High Milestone:
Component: ports Version: 2.7.1
Keywords: Cc: cjones051073 (Chris Jones), larryv (Lawrence Velázquez), neverpanic (Clemens Lang), mascguy (Christopher Nielsen)
Port: openssl

Description

openssl @1.1_0 (after [11dde98343c33a7b98193e348cc92bb516b17876/macports-ports]) conflicts with curl-ca-bundle:

DEBUG: Backtrace: Image error: /opt/local/etc/openssl/cert.pem is being used by the active curl-ca-bundle port.  Please deactivate this port first, or use 'port -f activate openssl' to force the activation.

The darwin 16 binary is the only one affected because only the macOS Sierra build machine was offline for awhile so only the macOS Sierra build machine built the binary after [11dde98343c33a7b98193e348cc92bb516b17876/macports-ports]; the other machines built it before that change. But users who build from source may encounter the problem on any system.

Change History (10)

comment:1 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

After fixing this and increasing openssl's revision, you should force builds of any port that failed on the macOS Sierra builder due to this problem.

comment:2 Changed 3 years ago by RobK88

It should be noted that openssl@1.1_0 also breaks Macports version of sudo. So one cannot just type "sudo port -f activate openssl" or "sudo port deactivate curl-ca-bundle port" etc.

One will need to use the version of "sudo" that was installed with MacOS. E.g. /usr/bin/sudo port -f activate openssl

Here is my output on my Mac running Lion.

bash-3.2$ sudo port upgrade outdated
--->  Computing dependencies for openssl11
--->  Fetching distfiles for openssl11
--->  Attempting to fetch openssl-1.1.1l.tar.gz from http://distfiles.macports.org/openssl11
--->  Verifying checksums for openssl11                                              
--->  Extracting openssl11
--->  Applying patches to openssl11
--->  Configuring openssl11
--->  Building openssl11                                 
--->  Staging openssl11 into destroot                    
--->  Installing openssl11 @1.1.1l_3                     
--->  Activating openssl11 @1.1.1l_3
--->  Cleaning openssl11
--->  Computing dependencies for openssl
--->  Fetching distfiles for openssl
--->  Verifying checksums for openssl
--->  Extracting openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @1.1_0
--->  Cleaning openssl
--->  Computing dependencies for openssl
--->  Deactivating openssl @1.1.1l_1
--->  Cleaning openssl
--->  Activating openssl @1.1_0
Error: Failed to activate openssl: Image error: /opt/local/etc/openssl/cert.pem is being used by the active curl-ca-bundle port.  Please deactivate this port first, or use 'port -f activate openssl' to force the activation.
Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_devel_openssl/openssl/main.log for details.

And here is an example where this port breaks Macports version of "sudo"

bash-3.2$ sudo port -f activate openssl
dyld: Library not loaded: /opt/local/lib/libcrypto.1.1.dylib
  Referenced from: /opt/local/bin/sudo
  Reason: image not found
Trace/BPT trap: 5

To overcome this error:

bash-3.2$ /usr/bin/sudo port -f activate openssl
Version 1, edited 3 years ago by RobK88 (previous) (next) (diff)

comment:3 in reply to:  2 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

Replying to RobK88:

It should be noted that openssl@1.1_0 also breaks Macports version of sudo.

Hopefully only if you have installed the sudo port with its non-default +openldap variant. With default variants, sudo should not depend on openssl or anything else.

comment:4 Changed 3 years ago by RobK88

The sudo port was installed on my Mac without any variants.

bash $ port installed sudo
The following ports are currently installed:
  sudo @1.9.8p2_0 (active)

And sudo is not listed as a dependent of openssl.

bash$ port dependents openssl
NetSurf depends on openssl
curl depends on openssl
git depends on openssl
kerberos5 depends on openssl
libevent depends on openssl
links depends on openssl
ntp depends on openssl
p5.28-net-ssleay depends on openssl
postgresql13 depends on openssl
python27 depends on openssl
python37 depends on openssl
python38 depends on openssl
python39 depends on openssl
rsync depends on openssl
xar depends on openssl

It is still a mystery to me why the Macport "sudo" port broke after trying to upgrade openssl.

bash-3.2$ sudo port -f activate openssl
dyld: Library not loaded: /opt/local/lib/libcrypto.1.1.dylib
  Referenced from: /opt/local/bin/sudo
  Reason: image not found
Trace/BPT trap: 5

As I mentioned I was able to fix things by forcing the activation of openssl using the "sudo" binary that was installed with macOS Lion.

Last edited 3 years ago by RobK88 (previous) (diff)

comment:5 Changed 3 years ago by cjones051073 (Chris Jones)

I hunk I know what’s wrong and will address as soon as I can…

comment:6 Changed 3 years ago by mascguy (Christopher Nielsen)

Cc: mascguy added

comment:7 Changed 3 years ago by mascguy (Christopher Nielsen)

Was just bitten by this too. Doh!

comment:8 Changed 3 years ago by cjones051073 (Chris Jones)

should be fixed now...

comment:9 Changed 3 years ago by RobK88

Thanks Chris for the quick fix. No problems now building, installing and activating openssl now on my Mac running lion.

comment:10 Changed 3 years ago by mascguy (Christopher Nielsen)

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.