#63619 closed defect (fixed)

openssl @1.1_0 conflicts with curl-ca-bundle

Reported by: ryandesign (Ryan Schmidt) Owned by:
Priority: High Milestone:
Component: ports Version: 2.7.1
Keywords: Cc: cjones051073 (Chris Jones), larryv (Lawrence Velázquez), neverpanic (Clemens Lang), mascguy (Christopher Nielsen)
Port: openssl

Description

openssl @1.1_0 (after [11dde98343c33a7b98193e348cc92bb516b17876/macports-ports]) conflicts with curl-ca-bundle:

DEBUG: Backtrace: Image error: /opt/local/etc/openssl/cert.pem is being used by the active curl-ca-bundle port.  Please deactivate this port first, or use 'port -f activate openssl' to force the activation.

The darwin 16 binary is the only one affected because only the macOS Sierra build machine was offline for awhile so only the macOS Sierra build machine built the binary after [11dde98343c33a7b98193e348cc92bb516b17876/macports-ports]; the other machines built it before that change. But users who build from source may encounter the problem on any system.

Change History (10)

comment:1 Changed 14 months ago by ryandesign (Ryan Schmidt)

After fixing this and increasing openssl's revision, you should force builds of any port that failed on the macOS Sierra builder due to this problem.

comment:2 Changed 14 months ago by RobK88

It should be noted that openssl@1.1_0 also breaks Macports version of sudo. So one cannot just type "sudo port -f activate openssl" or "sudo port deactivate curl-ca-bundle port" etc.

One will need to use the version of "sudo" that was installed with MacOS. E.g. /usr/bin/sudo port -f activate openssl

Here is my output on my Mac running Lion.

bash-3.2$ sudo port upgrade outdated
--->  Computing dependencies for openssl11
--->  Fetching distfiles for openssl11
--->  Attempting to fetch openssl-1.1.1l.tar.gz from http://distfiles.macports.org/openssl11
--->  Verifying checksums for openssl11                                              
--->  Extracting openssl11
--->  Applying patches to openssl11
--->  Configuring openssl11
--->  Building openssl11                                 
--->  Staging openssl11 into destroot                    
--->  Installing openssl11 @1.1.1l_3                     
--->  Activating openssl11 @1.1.1l_3
--->  Cleaning openssl11
--->  Computing dependencies for openssl
--->  Fetching distfiles for openssl
--->  Verifying checksums for openssl
--->  Extracting openssl
--->  Configuring openssl
--->  Building openssl
--->  Staging openssl into destroot
--->  Installing openssl @1.1_0
--->  Cleaning openssl
--->  Computing dependencies for openssl
--->  Deactivating openssl @1.1.1l_1
--->  Cleaning openssl
--->  Activating openssl @1.1_0
Error: Failed to activate openssl: Image error: /opt/local/etc/openssl/cert.pem is being used by the active curl-ca-bundle port.  Please deactivate this port first, or use 'port -f activate openssl' to force the activation.
Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_devel_openssl/openssl/main.log for details.

And after failing to activate openssl, the Macports version of "sudo" is now broken.

bash-3.2$ sudo port -f activate openssl
dyld: Library not loaded: /opt/local/lib/libcrypto.1.1.dylib
  Referenced from: /opt/local/bin/sudo
  Reason: image not found
Trace/BPT trap: 5

To overcome this error:

bash-3.2$ /usr/bin/sudo port -f activate openssl
Last edited 14 months ago by RobK88 (previous) (diff)

comment:3 in reply to:  2 Changed 14 months ago by ryandesign (Ryan Schmidt)

Replying to RobK88:

It should be noted that openssl@1.1_0 also breaks Macports version of sudo.

Hopefully only if you have installed the sudo port with its non-default +openldap variant. With default variants, sudo should not depend on openssl or anything else.

comment:4 Changed 14 months ago by RobK88

The sudo port was installed on my Mac without any variants.

bash $ port installed sudo
The following ports are currently installed:
  sudo @1.9.8p2_0 (active)

And sudo is not listed as a dependent of openssl.

bash$ port dependents openssl
NetSurf depends on openssl
curl depends on openssl
git depends on openssl
kerberos5 depends on openssl
libevent depends on openssl
links depends on openssl
ntp depends on openssl
p5.28-net-ssleay depends on openssl
postgresql13 depends on openssl
python27 depends on openssl
python37 depends on openssl
python38 depends on openssl
python39 depends on openssl
rsync depends on openssl
xar depends on openssl

It is still a mystery to me why the Macport "sudo" port broke after trying to upgrade openssl.

bash-3.2$ sudo port -f activate openssl
dyld: Library not loaded: /opt/local/lib/libcrypto.1.1.dylib
  Referenced from: /opt/local/bin/sudo
  Reason: image not found
Trace/BPT trap: 5

As I mentioned I was able to fix things by forcing the activation of openssl using the "sudo" binary that was installed with macOS Lion.

Last edited 14 months ago by RobK88 (previous) (diff)

comment:5 Changed 14 months ago by cjones051073 (Chris Jones)

I hunk I know what’s wrong and will address as soon as I can…

comment:6 Changed 14 months ago by mascguy (Christopher Nielsen)

Cc: mascguy added

comment:7 Changed 14 months ago by mascguy (Christopher Nielsen)

Was just bitten by this too. Doh!

comment:8 Changed 14 months ago by cjones051073 (Chris Jones)

should be fixed now...

comment:9 Changed 14 months ago by RobK88

Thanks Chris for the quick fix. No problems now building, installing and activating openssl now on my Mac running lion.

comment:10 Changed 14 months ago by mascguy (Christopher Nielsen)

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.