From owner-freebsd-ports@freebsd.org Tue Apr 5 22:28:33 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 121EBB033DA for ; Tue, 5 Apr 2016 22:28:33 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 000CB10EF for ; Tue, 5 Apr 2016 22:28:32 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: by mailman.ysv.freebsd.org (Postfix) id F3609B033D9; Tue, 5 Apr 2016 22:28:32 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3006B033D8 for ; Tue, 5 Apr 2016 22:28:32 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: from hades.sorbs.net (mail.sorbs.net [67.231.146.200]) by mx1.freebsd.org (Postfix) with ESMTP id E4EC110EC for ; Tue, 5 Apr 2016 22:28:32 +0000 (UTC) (envelope-from michelle@sorbs.net) MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: text/plain; charset=ISO-8859-1; format=flowed Received: from isux.com (firewall.isux.com [213.165.190.213]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0O5600M5FMRHMR00@hades.sorbs.net> for ports@freebsd.org; Tue, 05 Apr 2016 15:35:44 -0700 (PDT) Subject: Re: Committer needed for PR 208029 To: =?UTF-8?Q?Martin_Waschb=c3=bcsch?= Cc: ports@freebsd.org, Kurt Jaeger References: <498CA3F8-15EF-45BD-880C-241F83CBE3DD@waschbuesch.de> <20160405185159.GK35640@home.opsec.eu> <20160405200835.GM35640@home.opsec.eu> <57042958.5010701@sorbs.net> From: Michelle Sullivan Message-id: <57043C0C.6070502@sorbs.net> Date: Wed, 06 Apr 2016 00:28:28 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40 In-reply-to: X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2016 22:28:33 -0000 Martin Waschbüsch wrote: >> Umm probably a really bad idea... consider this or something more creative/descriptive: >> >> .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 && ${WITH_OPENSSL_PORT} != "yes" >> BROKEN= You must set WITH_OPENSSL_PORT=yes in /etc/make.conf on Pre 10.x >> .endif >> >> >> ... the idea instead of silently turning it on which could cause a myriad of hell for production systems where some ports are compiled against security/openssl and some against the base openssl... stop the compile and tell the user what they have to do to resolve it... which will then make anything else use the same openssl and lessen the dependency/library issues that could happen. > Actually, I just noticed (when compiling the port), that the Makefile now says: > > WITH_OPENSSL_PORT=yes > > GNUTLS_CONFIGURE_WITH= gnutls > GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls > > POLARSSL_CONFIGURE_WITH=mbedtls > POLARSSL_LIB_DEPENDS= libmbedtls.so:security/polarssl13 > > .include > > .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000 > WITH_OPENSSL_PORT=yes > .endif > > Which means that the ports version is used regardless of OSVERSION... Yup... which is so much worse in so many other ways.. (IMHO) ... I mean why would you want to turn on openssl in any way if you have gnutls or polarssl on... I suspect the whole set of options and way its configured should be looked at a little more closely and have an option openssl as well ... or at least the broken= so that it will inform the user if the wrong version of openssl is attempted... and considering FreeBSD policy over base libraries and major releases maybe an option to set for including the ports version of openssl as well (so that a compile on 10.x while may work, if there is a security issue the prompting for openssl from ports will allow a person to patch up without necessarily knowing the significance... you know give the users a chance rather than leaving it to the FreeBSD Devs to say you are better off doing what we tell you.) > > Shall I open a PR for it and incorporate the BROKEN= approach? > I'm not the right person to ask over that question, I'm just throwing a suggestion on how you might consider handling it and other similar issues in ways that are a lot more useful and less error/dependency prone. Bad things/assumptions in makefiles end up with version lock-in and/or broken linking/compiles when something needs to be upgraded... and the all singing all dancing pkg system is no better than the old system of pkg_add when it comes to these problems (in fact in some ways its worse... because it tries to do the right thing when the right thing is actually impossible until someone changes compile options.) -- Michelle Sullivan http://www.mhix.org/