[Nut-upsuser] Debian Openssl
Jim Klimov
jimklimov+nut at gmail.com
Thu Jul 3 09:31:47 BST 2025
Cheers,
> Not really sure why anybody would want nss.
Historically, I believe the choice of OpenSSL vs NSS was mostly about
licensing (different OSes accept/avoid different things), and the two code
paths in NUT might be not fully on par with each other at the moment (PRs
welcome if that is the case). They are also configured different due to
format and location of the trust stores.
By default, if either is present in the build environment, NUT builds with
its support (effectively `--with-ssl=auto`); preferring openssl if both are
present. In auto mode, the build would also not fail if neither is
available (conversely, if you as a packager specify a requirement and it
can not be fulfilled in the given build environment, the build
configuration should fail and you need to specify something else).
With NUT v2.8.x, you can see the explicit build settings (check for
enable/disable of ssl variants) when starting NUT programs in debug mode,
including a help or version listing, e.g. a random state from my build VM:
:; upsd -DV
Network UPS Tools upsd 2.8.3.523.8-531+gec8a57f76 (development iteration
after 2.8.3)
0.000000 [D1] Network UPS Tools version 2.8.3.523.8-531+gec8a57f76
(development iteration after 2.8.3), 64-bit build for x86_64, built with
gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0 and configured with flags:
--enable-configure-debug
PKG_CONFIG_PATH=/home/jim/nut/tmp/lib/pkgconfig:/usr/local/lib/x86_64-linux-gnu/pkgconfig:/usr/local/lib/pkgconfig:/usr/local/share/pkgconfig:/usr/lib/x86_64-linux-gnu/pkgconfig:/usr/lib/pkgconfig:/usr/share/pkgconfig
CFLAGS='-I/home/jim/nut/tmp/include ' CPPFLAGS='-I/home/jim/nut/tmp/include
' CXXFLAGS='-I/home/jim/nut/tmp/include ' LDFLAGS='-L/home/jim/nut/tmp/lib
' --enable-keep_nut_report_feature --prefix=/home/jim/nut/tmp
--sysconfdir=/home/jim/nut/tmp/etc/nut
--with-udev-dir=/home/jim/nut/tmp/etc/udev
--with-devd-dir=/home/jim/nut/tmp/etc/devd
--with-hotplug-dir=/home/jim/nut/tmp/etc/hotplug
--enable-docs-man-for-progs-built-only=no --enable-check-NIT
--with-nut_monitor=force --with-pynut=auto --with-nut-scanner=auto
--with-nutconf=auto --with-doc=skip --disable-spellcheck --with-all=auto
--with-cgi=yes CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ CPP='gcc -E'
--enable-warnings=auto --enable-Werror=auto --enable-Wcolor --without-all
--without-ssl --with-serial=auto --without-usb
So, back to original questions:
> Is a custom compile required?
Probably not - but best check with the installed package, or its recipe -
in case of Debian, at
https://salsa.debian.org/debian/nut/-/blob/debian/debian/rules (note it is
recently under development to update the released version, thanks Laurent!)
which currently specifies `--with-ssl --with-nss`.
You might also want a custom compile to use the other SSL option that your
distro packaging did not pick.
> If so, would the default configure settings with exception of
--with-openssl be the same as Debian repo?
See above :)
Hope this helps,
Jim Klimov
On Thu, Jul 3, 2025 at 2:39 AM Greg Troxel via Nut-upsuser <
nut-upsuser at alioth-lists.debian.net> wrote:
> Also, I would say that if a packager omitted openssl from a nut build, I
> would find that very surprising. openssl is pretty much mandatory on
> any system for other reasons; it's not like skipping QT which is
> enormous and something many servers don't need. If a packager does
> want to omit openssl, I'd like to hear the rationale (because I'd learn
> something).
>
> _______________________________________________
> Nut-upsuser mailing list
> Nut-upsuser at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20250703/7374f49d/attachment.htm>
More information about the Nut-upsuser
mailing list