NetBSD-current: Shared object "" not found

After switching to NetBSD-current in this VM (after xbd(4) was fixed to work with 4k sector size), no packages could be installed from pkgsrc:

$ cd /usr/pkgsrc/misc/cowsay
$ make
/usr/pkg/sbin/pkg_info: Shared object "" not found
/usr/pkg/sbin/pkg_admin: Shared object "" not found
/usr/pkg/sbin/pkg_admin: Shared object "" not found
make: "/usr/pkg/sbin/pkg_admin -K ${_CROSS_DESTDIR}/usr/pkg/pkgdb
config-var PKGVULNDIR" returned non-zero status

/usr/pkg/sbin/pkg_admin: Shared object "" not found
ERROR: This package has set PKG_FAIL_REASON:
ERROR: Circular dependency detected

Weird. Both the kernel and userland have been built and booted successfully, but why is it missing a library?

$ /usr/libexec/locate.updatedb
$ locate libssl

And that was it. An old posting on current-users mentioned something similar and the solution was to grab base from an earlier release. And indeed:

$ curl -L -o base-head.tar.xz \

$ curl -L -o base-9.tar.xz \

$ tar -tJf base-head.tar.xz | grep usr/lib/

$ tar -tJf base-9.tar.xz | grep usr/lib/

When NetBSD 10 will be released, the pkgsrc repository will surely be updated. But until this happens, let's install from NetBSD 9:

# mkdir /usr/local
# tar --strip-components 2 -C /usr/local/ \
    -xvJf base-9.tar.xz usr/lib/* lib/*
x lib/
x lib/
x lib/

# mv /usr/local/libcrypto* /usr/local/lib/

Note: for some reason libssl is in /usr/lib while libcrypto is in /lib ¯\_( ツ )_/¯.

Add /usr/local/lib to

$ cat /etc/

Let's try the build now:

# make
=> Bootstrap dependency digest>=20211023: found digest-20220214
=> Fetching cowsay-3.04.tar.gz
=> Total size: 31961 bytes
FFFFFFFFFFFFFFFF:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate \
    verify failed:/usr/src/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c:1889:
ftp: Can't connect to `'

We are still missing the CA certificates. There are actually two packages to choose from:

# ls -1d /usr/pkgsrc/*/*rootcert*

...but we will need the mozilla-rootcerts-openssl package here:

# cat /usr/pkgsrc/security/mozilla-rootcerts/DESCR
NB: This package provides certificates, but does not as a consequence
of installation place them in a location that makes them immediately
usable by SSL/TLS implementations.

# head -3 /usr/pkgsrc/security/mozilla-rootcerts-openssl/DESCR 
This package configures the Mozilla rootcerts bundle CAs as trust
anchors in OpenSSL, so that programs using OpenSSL will be able to use
them to validate SSL certificates.

# cd /usr/pkgsrc/security/mozilla-rootcerts-openssl
# make install
# make clean

With all that in place we are finally able to build packages. For example, we'd need curl, and doas so that we can build as non-root, and maybe pkgin so that we don't have to build at all :-)