From owner-freebsd-current  Sun Feb 20  1:20: 2 2000
Delivered-To: freebsd-current@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1FA6A37BE51; Sun, 20 Feb 2000 01:20:00 -0800 (PST)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id BAA94894;
	Sun, 20 Feb 2000 01:19:51 -0800 (PST)
	(envelope-from jkh@zippy.cdrom.com)
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Victor Salaman <salaman@teknos.com>, freebsd-current@FreeBSD.org
Subject: Re: openssl in -current 
In-reply-to: Your message of "Sun, 20 Feb 2000 00:52:49 PST."
             <Pine.BSF.4.21.0002200015070.14465-100000@freefall.freebsd.org> 
Date: Sun, 20 Feb 2000 01:19:50 -0800
Message-ID: <94717.951038390@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> On Sun, 20 Feb 2000, Jordan K. Hubbard wrote:
> 
> > Well, I guess I'll be less frantic about this when I see the ports
> > infrastructure working properly with this - having openssh fail
> > came as a rude shock. :)
> 
> See Jim Bloom's patch of earlier this evening.

Sorry, I'm the release engineer - I only "see" something as fixed when
it's actually committed to the tree and in my current build. :)

> > I'm also assuming that if I have openssl installed via the base system
> > and USA_RESIDENT=YES in /etc/make.conf, going off to make openssh will
> > cause it to build rsaref on my behalf just like it used to?  I'd hate
> > to have something become manual which was formerly automated.
> 
> No, because openssl is compiled differently if rsaref is present or not -
> it's not just a matter of dropping in librsaref.so (we can't always just
> build the version with RSAref stubs because it references symbols in
> librsaref and so binaries don't link). What will happen is that you'll get
> a message pointing you to the handbook which explains how to add the
> relevant openssl package. When you do this (once) you'll be able to build
> openssh. Is this clear now?

Yes, it's clear that this is more evil than I thought. :-)

This is just wrong.  If I go to build openssh then I expect it to DTRT
with openssl whether or not openssl depends on RSA, I don't expect to
go have to install a package manually and then continue with my build.
That's not how openssh or other RSA-using ports *used* to work and I
and many others were quite pleased with the previous behavior, we
would prefer to keep it.  I also have to wonder about your assertion
that we can't just have librsaref.so as either a set of stubs or "the
real deal" - can you tell me more exactly why couldn't you do this
with a little help from our friendly weak symbol support?

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message