From nobody Sun Oct 3 14:16:54 2021 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6761117DB9D4 for ; Sun, 3 Oct 2021 14:27:41 +0000 (UTC) (envelope-from felix@palmen-it.de) Received: from stef.palmen-it.de (stef.palmen-it.de [84.38.67.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4HMmQh4XKfz3H19 for ; Sun, 3 Oct 2021 14:27:40 +0000 (UTC) (envelope-from felix@palmen-it.de) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=palmen-it.de; s=20200414; h=Content-Type:MIME-Version:Message-ID:Subject:To :From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KoHPDAP/0vSuaSCmpdCTKnRODnmEvPFTClWZxDayeGE=; b=j+Oi3E24bY6OU3L8GpQtCWvSff q+btb0p+MenrUDtSH/Ot8yynhXzOQYs2tHnhgcm+yY/HmHZdVEKphBm6B2LgLTx1qTZXh3lv9vvcm 5Pkc8Ls40ja9yFGuETe7AV98kPFPqYzrikAK2/uEYYqhUJMThkw0vJz6FZKCtFlIIwcg4BCvwPV29 XAB7WgCCcK3OFQbifc0xu4JC5qGI2NcYlhEE0YvDzkOQinXGfyDf/ZvotPKaYgfgObeX92LDs5akO QKY8ZwdwvWxdAh+rzY/ddgyecC9sEWMMvOfIMJpynb2Qe4TB7d/mPgcQsxBKqBQPQqjfuqE94Sr/T IM3AFZ0w==; Received: from [192.168.71.101] (helo=mail.home.palmen-it.de) by stef.palmen-it.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1mX2Sc-002GbV-Id for freebsd-ports@freebsd.org; Sun, 03 Oct 2021 16:27:26 +0200 Received: from nexus.home.palmen-it.de ([192.168.99.2]) by mail.home.palmen-it.de with esmtpsa (TLS1.3) tls TLS_CHACHA20_POLY1305_SHA256 (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mX2IQ-000LTy-UL for freebsd-ports@freebsd.org; Sun, 03 Oct 2021 14:16:55 +0000 Date: Sun, 3 Oct 2021 16:16:54 +0200 From: Felix Palmen To: freebsd-ports@freebsd.org Subject: State of LibreSSL in FreeBSD ports Message-ID: <20211003141654.bwlnlin6g3s2n5gt@nexus.home.palmen-it.de> Mail-Followup-To: freebsd-ports@freebsd.org X-Face: /1K@t"h.}e~pR@]c7HorQ!T`F^RJCa'BCr#e>IKA{>C/9OTGB4|xh"y2{?1Z5M i2w"AH^pN_LlHR^{+f',_Np~;.B;!M/bL}*qk]p5*r7F5vW};{:@4u5S?T&f0$7BJ-71Q5SV]:v$`5 A0[DZ:=?S52x8HJ~5@^P_\T@MsjG{R( Organization: palmen-it.de List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="45deancpj6vk7maq" Content-Disposition: inline User-Agent: NeoMutt/20210205 X-Rspamd-Queue-Id: 4HMmQh4XKfz3H19 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=palmen-it.de header.s=20200414 header.b=j+Oi3E24; dmarc=pass (policy=none) header.from=palmen-it.de; spf=pass (mx1.freebsd.org: domain of felix@palmen-it.de designates 84.38.67.7 as permitted sender) smtp.mailfrom=felix@palmen-it.de X-Spamd-Result: default: False [-7.80 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[palmen-it.de:s=20200414]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:84.38.67.7]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; DWL_DNSWL_LOW(-1.00)[palmen-it.de:dkim]; RCVD_IN_DNSWL_MED(-0.20)[84.38.67.7:from]; DKIM_TRACE(0.00)[palmen-it.de:+]; DMARC_POLICY_ALLOW(-0.50)[palmen-it.de,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:204119, ipnet:84.38.64.0/20, country:DE]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --45deancpj6vk7maq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, I wonder what's the state of LibreSSL in FreeBSD ports. Is it supported? Reading the (kind of old) wiki entries, you could get the impression that it is (so, one should expect no build errors when setting DEFAULT_VERSIONS+=3D ssl=3Dlibressl). Still, I've come across very unfortunate situations a few times. I'd have to start with acknowledging that not all upstream projects are willing to support LibreSSL. And that's probably an understandable decision. Given the (constantly moving) OpenSSL API (so you already have your code littered with checks for OPENSSL_VERSION_NUMBER) and given that LibreSSL claims to be compatible but often isn't (so you'd have to additionally litter LIBRESSL_VERSION_NUMBER all over the place and, even worse, these checks will have to change over time), it's no surprise some people don't want to waste their time on that. So, supporting LibreSSL for these projects would mean to maintain local patches in the port. Now add a maintainer who's unwilling to do *that* kind of maintenance to the picture. Again, that's understandable (for the same reasons as for upstream devs). It would leave one last resort: mark the port BROKEN with LibreSSL. Not exactly what I would declare "support", but at least, it would avoid "random" build failures. Two examples I recently came across are freeradius and stunnel. With freeradius[1], upstream sends kind of mixed signals, but in practice, it's kind of obvious they'd rather not support LibreSSL. With stunnel[2][3], upstream clearly stated they will not add any LibreSSL support whatsoever. Still, the maintainer of the port repeatedly demands taking patches upstream, just ignoring the fact this would be pointless. I'd like to know whether there is any kind of policy how LibreSSL should be handled. Is LibreSSL in FreeBSD ports * supported, so ports should build with it if at all possible? * supported on a "best effort" base, so setting a port BROKEN is acceptable if maintaining (working) patches would be too much hassle? * NOT supported at all, so random build failures with LibreSSL are fine? Thank you! ---- [1] https://bugs.freebsd.org/257403 [2] https://bugs.freebsd.org/224148 [3] https://bugs.freebsd.org/258885 --=20 Dipl.-Inform. Felix Palmen ,.//.......... {web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de {pgp public key} http://palmen-it.de/pub.txt // """"""""""" {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A --45deancpj6vk7maq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEqJE9VV8uOnQ5ZbmXPvKLCrwC2ioFAmFZu0oACgkQPvKLCrwC 2irmMggAmz5MjPL6Jl+onb4BGaAOCuhiJVcJU2mietyWLb1AWiiKNtGx0eWJQgke VBPqAnEpaivjWMNtRNCq5u5I5YpSJMY6ipWib7lpYsK2Vizgd6Wl1aOtezipUJQ3 FDX/sAIHyr5aiN1weqZpKF70DIUuj8WvYRonxNXFz2mdxFGc6zXIeo/r7woas5G4 tEQP9uQPhnUl052NwqVChDNpPCevczwh3e2AXu/TJQYkm5dtQFP2SpsPIxBvK5oH As0AfE2hKVrnzz3bfS0nRxZ93lP25T4XW8vpHWPNbUcayZHsHav80uCUfTar+k0a W1+uY81UuslTqx5N3H7ZTFtx9YDEaw== =LTLz -----END PGP SIGNATURE----- --45deancpj6vk7maq--