Date: Sun, 3 Oct 2021 16:16:54 +0200 From: Felix Palmen <felix@palmen-it.de> To: freebsd-ports@freebsd.org Subject: State of LibreSSL in FreeBSD ports Message-ID: <20211003141654.bwlnlin6g3s2n5gt@nexus.home.palmen-it.de>
next in thread | raw e-mail | index | archive | help
--45deancpj6vk7maq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, I wonder what's the state of LibreSSL in FreeBSD ports. Is it supported? Reading the (kind of old) wiki entries, you could get the impression that it is (so, one should expect no build errors when setting DEFAULT_VERSIONS+=3D ssl=3Dlibressl). Still, I've come across very unfortunate situations a few times. I'd have to start with acknowledging that not all upstream projects are willing to support LibreSSL. And that's probably an understandable decision. Given the (constantly moving) OpenSSL API (so you already have your code littered with checks for OPENSSL_VERSION_NUMBER) and given that LibreSSL claims to be compatible but often isn't (so you'd have to additionally litter LIBRESSL_VERSION_NUMBER all over the place and, even worse, these checks will have to change over time), it's no surprise some people don't want to waste their time on that. So, supporting LibreSSL for these projects would mean to maintain local patches in the port. Now add a maintainer who's unwilling to do *that* kind of maintenance to the picture. Again, that's understandable (for the same reasons as for upstream devs). It would leave one last resort: mark the port BROKEN with LibreSSL. Not exactly what I would declare "support", but at least, it would avoid "random" build failures. Two examples I recently came across are freeradius and stunnel. With freeradius[1], upstream sends kind of mixed signals, but in practice, it's kind of obvious they'd rather not support LibreSSL. With stunnel[2][3], upstream clearly stated they will not add any LibreSSL support whatsoever. Still, the maintainer of the port repeatedly demands taking patches upstream, just ignoring the fact this would be pointless. I'd like to know whether there is any kind of policy how LibreSSL should be handled. Is LibreSSL in FreeBSD ports * supported, so ports should build with it if at all possible? * supported on a "best effort" base, so setting a port BROKEN is acceptable if maintaining (working) patches would be too much hassle? * NOT supported at all, so random build failures with LibreSSL are fine? Thank you! ---- [1] https://bugs.freebsd.org/257403 [2] https://bugs.freebsd.org/224148 [3] https://bugs.freebsd.org/258885 --=20 Dipl.-Inform. Felix Palmen <felix@palmen-it.de> ,.//.......... {web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de {pgp public key} http://palmen-it.de/pub.txt // """"""""""" {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A --45deancpj6vk7maq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEqJE9VV8uOnQ5ZbmXPvKLCrwC2ioFAmFZu0oACgkQPvKLCrwC 2irmMggAmz5MjPL6Jl+onb4BGaAOCuhiJVcJU2mietyWLb1AWiiKNtGx0eWJQgke VBPqAnEpaivjWMNtRNCq5u5I5YpSJMY6ipWib7lpYsK2Vizgd6Wl1aOtezipUJQ3 FDX/sAIHyr5aiN1weqZpKF70DIUuj8WvYRonxNXFz2mdxFGc6zXIeo/r7woas5G4 tEQP9uQPhnUl052NwqVChDNpPCevczwh3e2AXu/TJQYkm5dtQFP2SpsPIxBvK5oH As0AfE2hKVrnzz3bfS0nRxZ93lP25T4XW8vpHWPNbUcayZHsHav80uCUfTar+k0a W1+uY81UuslTqx5N3H7ZTFtx9YDEaw== =LTLz -----END PGP SIGNATURE----- --45deancpj6vk7maq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20211003141654.bwlnlin6g3s2n5gt>