From owner-freebsd-ports@FreeBSD.ORG Tue May 12 10:52:14 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5015D3F5 for ; Tue, 12 May 2015 10:52:14 +0000 (UTC) Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id 3852C1B6C for ; Tue, 12 May 2015 10:52:13 +0000 (UTC) Received: from yuri.doctorlan.com (c-50-184-63-128.hsd1.ca.comcast.net [50.184.63.128]) (authenticated bits=0) by shell1.rawbw.com (8.14.9/8.14.9) with ESMTP id t4CAqCco045616 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 12 May 2015 03:52:12 -0700 (PDT) (envelope-from yuri@rawbw.com) X-Authentication-Warning: shell1.rawbw.com: Host c-50-184-63-128.hsd1.ca.comcast.net [50.184.63.128] claimed to be yuri.doctorlan.com Message-ID: <5551DB5A.7090508@rawbw.com> Date: Tue, 12 May 2015 03:52:10 -0700 From: Yuri User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: "Dr. Peter Voigt" CC: freebsd-ports@freebsd.org Subject: Re: www/firefox really depends on security/openssl? References: <20150509125643.0bda93e6@kirk.drpetervoigt.private> <554EEBB5.8010304@rawbw.com> <20150511202110.34e6e29c@kirk.drpetervoigt.private> <55510C22.9050900@rawbw.com> <20150512000259.32a44ec4@kirk.drpetervoigt.private> <55512E8F.8040508@rawbw.com> <20150512022857.7230c163@kirk.drpetervoigt.private> <55515251.5040503@rawbw.com> <20150512112505.5f36f0b2@kirk.drpetervoigt.private> In-Reply-To: <20150512112505.5f36f0b2@kirk.drpetervoigt.private> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2015 10:52:14 -0000 On 05/12/2015 02:25, Dr. Peter Voigt wrote: > Therefore I conclude: > > - Installing binary packages with pkg does not honor the > WITH_OPENSSL_BASE=yes switch. Is there another place to tell pkg to > use base openssl when doing binary installations? Binary packages are built with default choices for port options. These choices are fixed, and don't depend on your choice of WITH_OPENSSL_BASE=yes in ports. Also this option WITH_OPENSSL_BASE=yes should be deprecated ASAP in all ports, except maybe very few. > > - If port openssl is not present on a system, any dependency to openssl > is not detected by porttree. OpenSSL is an oddball, because USE_OPENSSL is interpreted in a weird way that it tries to detect its port presence and link with it, so standard packages are often built with base SSL which is a problem. This has been discussed, but I am not sure of when this will be fixed. In short, as I also mentioned before, you won't be able to get rid of OpenSSL port because some packages require it unconditionally. So the best strategy is to use OpenSSL port for everything. You will likely be successful if you build them yourself from ports, and fix places where base SSL comes into play. Yuri