[CentOS] curl build system is broken and so is mock

Thu Aug 4 00:45:56 UTC 2016
Alice Wonder <alice at domblogger.net>

On 08/03/2016 05:33 PM, Thomas Eriksson wrote:
> On 08/03/2016 05:23 PM, Alice Wonder wrote:
>> On 08/03/2016 05:20 PM, Alice Wonder wrote:
>>> On 08/03/2016 05:11 PM, Alice Wonder wrote:
>>>> I'm having a major frustration with curl.
>>>> When building curl, if libssl.so.10 is present the curl binary WILL link
>>>> against it.
>>> *snip*
>>> Go ahead and ldd on the CentOS curl binary and library - you will see
>>> openssl linked even though the spec file has --disable-ssl and
>>> --enable-nss
>>> It's clearly broken.
>> And building the CentOS curl package doesn't even BuildRequires the
>> openssl-devel package.
>> It's linking against a library it doesn't have the headers for.
>> That's broken.
> I haven't looked at how curl is built, butit is likely that the build
> links against some other package that is, in turn, built against
> OpenSSL.
> You would not need the openssl-devel package to do that, only the
> runtime libraries.
> It looks like that package could be libssh2...

It's not libssh2 because I built libssh2 against LibreSSL and tested it 
with ldd and it doesn't use OpenSSL nor pull it in.

And in trying to create a curl that doesn't link against anything TLS I 
put --disable-libssh2 into the configure.

The curl library respects that configure switch when building, the curl 
binary does not - it links against it anyway (mock pulls it in for other 
things, pulling in the version I built against OpenSSL)

I also built custom OpenSSH against LibreSSL (which required ripping out 
all the fips stuff) for the mock build too - it also isn't pulling in 
OpenSSL libs.

Something in the curl build will always link the binary against OpenSSL 
if the openssl-lib package is present, and will always link the library 
against OpenSSL if any TLS option is enabled in the configure.

This happens even openssl-devel is not installed in the mock build