From owner-freebsd-ports Sat Jan 22 23:50:34 2000 Delivered-To: freebsd-ports@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 6C2E314FD1; Sat, 22 Jan 2000 23:50:31 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 5B4D91CD67A; Sat, 22 Jan 2000 23:50:31 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 22 Jan 2000 23:50:31 -0800 (PST) From: Kris Kennaway To: Jeremy Lea Cc: ports@FreeBSD.ORG Subject: Re: USA_OPENSSL In-Reply-To: <20000122230114.K10368@shale.csir.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 22 Jan 2000, Jeremy Lea wrote: > If you want this to set variables which a port's Makefile can use then > it must be included in bsd.port.pre.mk. This is the section enclosed in > !defined(AFTERPORTMK) in bsd.port.mk. I'd suggest right at the end - > after the setting of PREFIX. Hmm, I thought I tried this, but perhaps other factors conspired against me. > > +.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.so) > > +.if ${USE_OPENSSL} == RSA > > +_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | ${GREP} RSA_free`" > > +.if empty(_HASRSA) > > You test for .so and then use .a - this might lead to problems. Also, > in bsd.port.pre.mk GREP is not available. Something like: For consistency I probably should use both the same, but it won't matter - if one exists the other does too. > '>>>' is used to introduce stages in the make process. Messages are > best just echoed. Noted. > > +CFLAGS+= -DNO_IDEA > > Is this good enough for some ports to detect if they can support IDEA > based crypto (eg via GNU configure)? Maybe you need: > > OPENSSL_IDEA= no This is the canonical way of signalling that IDEA code should not be compiled in, but ports may not respect it (e.g. I had to patch the pipsecd port to use #ifndef NO_IDEA around the relevant bits). We don't include IDEA code for patent reasons (USA and international in some parts of the world). I think I'll add the variable as well in case a port wants to do something else. > (bsd.port.mk uses lower case yes and no, unlike make.conf) Okay > > +LIB_DEPENDS+= crypto.1:${PORTSDIR}/security/openssl > > +OPENSSLBASE= ${LOCALBASE} > > +OPENSSLDIR= ${LOCALBASE}/openssl > > +.endif > > What about people (there are some crazy ones :) who play with PREFIX? A lot of ports currently depend on ${LOCALBASE}/bin/openssl..there doesn't seem to be an easy way to locate the directory where openssl stores its config. > > +OPENSSLLIB= ${OPENSSLBASE}/lib > > +OPENSSLINC= ${OPENSSLBASE}/include > > +MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \ > > + OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR} > > Do you also need to pass these to configure? Or are most configure > scripts capable of working this out for themselves? I'm passing these so that ports can use them appropriately. A lot of ports (of the ones I've tested) hard-code ${LOCALBASE}/include for header files, etc. Basically, all openssl-using ports will probably need to be patched one way or another. :/ > > + > > +.if defined(OPENSSL_RSAREF) > > +OPTLIB= -L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref > > +MAKE_ENV+= OPTLIB="${OPTLIB}" > > +.endif > > > > .include > > This would have to look like this, with the bsd.port.mk patch moved up > into bsd.port.pre.mk: > > .include > + > +.if defined(OPENSSL_RSAREF) > +OPTLIB= -L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref > +MAKE_ENV+= OPTLIB="${OPTLIB}" > +.endif > > > ++INCDIR=-I$(OPENSSLINC)/openssl -I$(PREFIX)/include > > Why isn't OPENSSLINC=${OPENSSLBASE}/include/openssl? Because the canonical way to include openssl headers is #include ..not that all ports do this :) > > ++LIBDIR=-L$(OPENSSLLIB)/lib > > LIBDIR= -L${OPNSSLLIB} > > All for now... Otherwise it looks good. Thanks for the feedback..I'll see how I go. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message