On 08/03/2016 05:45 PM, Alice Wonder wrote: > On 08/03/2016 05:33 PM, Thomas Eriksson wrote: >> On 08/03/2016 05:23 PM, Alice Wonder wrote: >>> On 08/03/2016 05:20 PM, Alice Wonder wrote: >>>> On 08/03/2016 05:11 PM, Alice Wonder wrote: >>>>> I'm having a major frustration with curl. >>>>> >>>>> When building curl, if libssl.so.10 is present the curl binary WILL >>>>> link >>>>> against it. >>>> >>>> *snip* >>>> >>>> Go ahead and ldd on the CentOS curl binary and library - you will see >>>> openssl linked even though the spec file has --disable-ssl and >>>> --enable-nss >>>> >>>> It's clearly broken. >>>> >>> >>> And building the CentOS curl package doesn't even BuildRequires the >>> openssl-devel package. >>> >>> It's linking against a library it doesn't have the headers for. >>> >>> That's broken. >> >> I haven't looked at how curl is built, butit is likely that the build >> links against some other package that is, in turn, built against >> OpenSSL. >> >> You would not need the openssl-devel package to do that, only the >> runtime libraries. >> >> It looks like that package could be libssh2... > > > It's not libssh2 because I built libssh2 against LibreSSL and tested it > with ldd and it doesn't use OpenSSL nor pull it in. *snip* It might be getting -lcrypto from libssh2 but then it should link against LibreSSL because that's what the libssh2 for the build environment is linked against. I suspect it might do the right thing and link against libressl if the openssl lib wasn't present. But despite the mock excludes, it gets pulled in by something. The excludes are in both base and updates. And work if trying to build a package that directly wants openssl or has a dependency that directly wants openssl. It seems the excludes fail when it is a dependency of a dependency.