Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Apr 2016 10:06:41 -0400
From:      Jim Ohlstein <jim@ohlste.in>
To:        Kurt Jaeger <lists@opsec.eu>, =?UTF-8?Q?Martin_Waschb=c3=bcsch?= <martin@waschbuesch.de>
Cc:        ports@freebsd.org, Michelle Sullivan <michelle@sorbs.net>
Subject:   Re: Committer needed for PR 208029
Message-ID:  <570517F1.5020305@ohlste.in>
In-Reply-To: <20160406044431.GO35640@home.opsec.eu>
References:  <498CA3F8-15EF-45BD-880C-241F83CBE3DD@waschbuesch.de> <20160405185159.GK35640@home.opsec.eu> <20160405200835.GM35640@home.opsec.eu> <57042958.5010701@sorbs.net> <C96569DA-ADC5-4BE0-819A-7375C3F50D8E@waschbuesch.de> <20160406044431.GO35640@home.opsec.eu>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

On 4/6/16 12:44 AM, Kurt Jaeger wrote:
> Hi!
>
>> Actually, I just noticed (when compiling the port), that the Makefile now says:
>>
>> WITH_OPENSSL_PORT=yes
>
> Yes, sorry, my fault. Fixed, and as suggested by mat: It is
> now as IGNORE with a message explaining how to do it for 9.x.
>

This is much ado about nothing. The "WITH_OPENSSL_PORT" option is there 
for just this purpose and is used in many ports. There's no reason some 
binaries can't be linked to one version of OpenSSL and others to 
another, so long as they aren't expected to work as one (I'd imagine a 
dynamically loaded module that is linked to a different library might 
cause a problem). That is the reason that ports contains a more current 
version than base. This is from the ports/www directory:

#  grep WITH_OPENSSL_PORT */Makefile
aws/Makefile:WITH_OPENSSL_PORT= yes
drood/Makefile:WITH_OPENSSL_PORT=	yes
h2o/Makefile:WITH_OPENSSL_PORT=	no
h2o/Makefile:WITH_OPENSSL_PORT=	yes
mod_tsa/Makefile:WITH_OPENSSL_PORT=	yes
nginx-devel/Makefile:WITH_OPENSSL_PORT=	yes
nginx-devel/Makefile:WITH_OPENSSL_PORT=	yes
nginx/Makefile:WITH_OPENSSL_PORT=	yes
nginx/Makefile:WITH_OPENSSL_PORT=	yes
obhttpd/Makefile:WITH_OPENSSL_PORT=yes
owncloud/Makefile:WITH_OPENSSL_PORT=	yes
spdylay/Makefile:.if ${OSVERSION} < 1000000 && !defined(WITH_OPENSSL_PORT)
tengine/Makefile:WITH_OPENSSL_PORT=	yes
tomcat-native/Makefile:WITH_OPENSSL_PORT=	yes

I'm sure there are dozens of others.

Forcing users who want to use this port to use OpenSSL from ports for 
ALL ports is overkill.

Think about official packages. Are ALL packages built against OpenSSL 
from ports, or only those that need them? It's the latter, of course. 
Are they incompatible in production? No.

-- 
Jim Ohlstein


"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?570517F1.5020305>